/**
* Returns a mapping of org_id => so_status, cascading everything down the
* org tree. Only src_orgs with a DELETED status will be ignored here.
*
* @param int $src_id
* @return array $org_ids
*/
public static function get_authz_status($src_id)
{
$conn = AIR2_DBManager::get_master_connection();
$org_status = array();
// calculate authz
$sel = "select * from src_org where so_src_id = {$src_id}";
$srcorgs = $conn->fetchAll($sel);
$sorted = Organization::sort_by_depth($srcorgs, 'so_org_id');
foreach ($sorted as $so) {
// ignore deleted src_orgs
$stat = $so['so_status'];
if ($stat == SrcOrg::$STATUS_DELETED) {
continue;
}
// apply status to self and all children
$children = Organization::get_org_children($so['so_org_id']);
foreach ($children as $oid) {
$org_status[$oid] = $stat;
}
}
return $org_status;
}
/**
* Get authorization object for this User.
* array(org_id => bitmask-role)
*
* This represents the Organization Asset authz. That is, explicit roles
* cascade both up and down the Org tree. Explicit roles will always
* override implicit ones.
*
* @return array
*/
public function get_authz()
{
if ($this->authz) {
return $this->authz;
}
// reset
$this->authz = array();
$this->authz_up = array();
// sort orgs, and calculate authz
$sorted = Organization::sort_by_depth($this->UserOrg, 'uo_org_id');
foreach ($sorted as $uo) {
if ($uo->uo_status == UserOrg::$STATUS_ACTIVE) {
$children = Organization::get_org_children($uo->uo_org_id);
$bitmask = $uo->AdminRole->get_bitmask();
foreach ($children as $org_id) {
$this->authz[$org_id] = $bitmask;
$this->authz_up[$org_id] = $bitmask;
}
// get upwards-authz
$parents = Organization::get_org_parents($uo->uo_org_id);
foreach ($parents as $org_id) {
$curr = isset($this->authz_up[$org_id]) ? $this->authz_up[$org_id] : 0;
$this->authz_up[$org_id] = max(array($bitmask, $curr));
}
}
}
return $this->authz;
}
