/** * Retrieves the list of the roles that are available on the Environment */ public function describeAction() { $this->checkScopedPermissions('ROLES'); $r = new Entity\Role(); $re = new Entity\RoleEnvironment(); $ri = new Entity\RoleImage(); $criteria = []; $criteria[Entity\Role::STMT_DISTINCT] = true; $criteria[Entity\Role::STMT_FROM] = $r->table() . " LEFT JOIN " . $re->table() . " ON {$r->columnId} = {$re->columnRoleId}\n LEFT JOIN " . $ri->table() . " ON {$r->columnId} = {$ri->columnRoleId}"; switch ($this->getScope()) { case ScopeInterface::SCOPE_ENVIRONMENT: $criteria[Entity\Role::STMT_WHERE] = "({$r->columnAccountId} IS NULL AND {$ri->columnRoleId} IS NOT NULL\n OR {$r->columnAccountId} = '" . $this->getUser()->accountId . "' AND {$r->columnEnvId} IS NULL\n AND ({$re->columnEnvId} IS NULL OR {$re->columnEnvId} = '" . $this->getEnvironment()->id . "')\n OR {$r->columnEnvId} = '" . $this->getEnvironment()->id . "'\n ) AND {$r->columnGeneration} = 2"; break; case ScopeInterface::SCOPE_ACCOUNT: $criteria[Entity\Role::STMT_WHERE] = "({$r->columnAccountId} IS NULL AND {$ri->columnRoleId} IS NOT NULL OR " . "{$r->columnAccountId} = '" . $this->getUser()->accountId . "' AND {$r->columnEnvId} IS NULL) AND {$r->columnGeneration} = 2"; break; case ScopeInterface::SCOPE_SCALR: $criteria = [['envId' => null], ['accountId' => null]]; break; } return $this->adapter('role')->getDescribeResult($criteria); }
/** * Return array of environments where this role is allowed explicitly. * Empty array means everywhere. * * @return array Array of envId */ public function getAllowedEnvironments() { $r = new RoleEnvironment(); return $this->db()->GetCol("SELECT {$r->columnEnvId} FROM {$r->table()} WHERE {$r->columnRoleId} = ?", [$this->id]); }