/**
* Wrong use of array_intersect() in ezsubtreenotificationrule.php
*
* @link http://issues.ez.no/16248
*/
public function testCorrectUsageArrayIntersect()
{
$access = eZSubtreeNotificationRule::checkObjectAccess(
eZContentObject::fetch( 1 ),
$this->policy->attribute( 'id' ),
array( 14 )
);
$this->assertEquals( array( 14 ), $access );
}
/**
* Fetch allowed subtreenotification rules based on node_id list and a
* content object
*
* @param array $nodeIDList node id list for notification event
* @param eZContentObject content object to add
*
* @return array matching subtree notification rule data
*/
static function fetchUserList($nodeIDList, $contentObject)
{
if (count($nodeIDList) == 0) {
$retValue = array();
return $retValue;
}
$db = eZDB::instance();
$concatString = $db->concatString(array('user_tree.path_string', "'%'"));
// Select affected users
$sqlINString = $db->generateSQLINStatement($nodeIDList, 'subtree_rule.node_id', false, false, 'int');
$sql = "SELECT DISTINCT subtree_rule.user_id,\n user_node.node_id\n FROM ezsubtree_notification_rule subtree_rule,\n ezcontentobject_tree user_node,\n ezuser_setting\n WHERE {$sqlINString} AND\n user_node.contentobject_id = subtree_rule.user_id AND\n ezuser_setting.user_id = subtree_rule.user_id AND\n user_node.is_invisible = 0 AND\n ezuser_setting.is_enabled = 1";
$userPart = $db->arrayQuery($sql);
// Remove duplicates
$userNodeIDList = array();
foreach ($userPart as $row) {
$userNodeIDList[] = $row['node_id'];
}
$userNodeIDList = array_unique($userNodeIDList);
if (count($userNodeIDList) == 0) {
$retValue = array();
return $retValue;
}
// Select affected nodes
$sqlINString = $db->generateSQLINStatement($userNodeIDList, 'user_node.node_id', false, false, 'int');
$sql = "SELECT DISTINCT user_node.node_id,\n user_node.path_string,\n user_tree.contentobject_id\n FROM ezcontentobject_tree user_node,\n ezcontentobject_tree user_tree\n WHERE {$sqlINString} AND\n user_node.path_string LIKE {$concatString}";
$nodePart = $db->arrayQuery($sql);
// Remove duplicates
$objectIDList = array();
foreach ($nodePart as $row) {
if ($row['contentobject_id'] != '0') {
$objectIDList[] = $row['contentobject_id'];
}
}
$objectIDList = array_unique($objectIDList);
if (count($objectIDList) == 0) {
$retValue = array();
return $retValue;
}
// Select affected roles and policies
$sqlINString = $db->generateSQLINStatement($objectIDList, 'user_role.contentobject_id', false, false, 'int');
$sql = "SELECT DISTINCT user_role.contentobject_id,\n policy.id AS policy_id,\n user_role.limit_identifier AS limitation,\n user_role.limit_value AS value\n FROM ezuser_role user_role,\n ezpolicy policy\n WHERE {$sqlINString} AND\n ( user_role.role_id=policy.role_id AND\n ( policy.module_name='*' OR\n ( policy.module_name='content' AND\n ( policy.function_name='*' OR\n policy.function_name='read'\n )\n )\n )\n )";
$rolePart = $db->arrayQuery($sql);
// Build resultArray. Make sure there are no duplicates.
$resultArray = array();
foreach ($userPart as $up) {
foreach ($nodePart as $np) {
if ($up['node_id'] == $np['node_id']) {
foreach ($rolePart as $rp) {
if ($np['contentobject_id'] == $rp['contentobject_id']) {
$key = $rp['policy_id'] . $up['user_id'] . $rp['limitation'] . $rp['value'];
$resultArray[$key] = array('policy_id' => $rp['policy_id'], 'user_id' => $up['user_id'], 'limitation' => $rp['limitation'], 'value' => $rp['value']);
}
}
}
}
}
$policyIDArray = array();
$limitedPolicyIDArray = array();
$userIDArray = array();
foreach ($resultArray as $result) {
$userIDArray[(string) $result['user_id']] = (int) $result['user_id'];
}
foreach ($resultArray as $result) {
if ($result['limitation'] == '') {
$policyIDArray[(string) $result['policy_id']][] =& $userIDArray[(string) $result['user_id']];
} else {
$limitedPolicyIDArray[] = array('user_id' => $userIDArray[(string) $result['user_id']], 'limitation' => $result['limitation'], 'value' => $result['value'], 'policyID' => $result['policy_id']);
}
}
$acceptedUserArray = array();
foreach (array_keys($policyIDArray) as $policyID) {
foreach (array_keys($policyIDArray[$policyID]) as $key) {
if ($policyIDArray[$policyID][$key] === false) {
unset($policyIDArray[$policyID][$key]);
}
}
if (count($policyIDArray[$policyID]) == 0) {
continue;
}
$userArray = eZSubtreeNotificationRule::checkObjectAccess($contentObject, $policyID, $policyIDArray[$policyID]);
$acceptedUserArray = array_merge($acceptedUserArray, $userArray);
foreach ($userArray as $userID) {
$userIDArray[(string) $userID] = false;
}
}
foreach ($limitedPolicyIDArray as $policyEntry) {
if ($policyEntry['user_id'] === false) {
continue;
}
$userArray = eZSubtreeNotificationRule::checkObjectAccess($contentObject, $policyEntry['policyID'], array($policyEntry['user_id']), array($policyEntry['limitation'] => $policyEntry['value']));
$acceptedUserArray = array_merge($acceptedUserArray, $userArray);
foreach ($userArray as $userID) {
$userIDArray[(string) $userID] = false;
}
}
$acceptedUserArray = array_unique($acceptedUserArray);
foreach (array_keys($acceptedUserArray) as $key) {
if (!is_int($acceptedUserArray[$key]) or $acceptedUserArray[$key] == 0) {
unset($acceptedUserArray[$key]);
}
}
if (count($acceptedUserArray) == 0) {
$retValue = array();
return $retValue;
}
$nodeIDWhereString = $db->generateSQLINStatement($nodeIDList, 'rule.node_id', false, false, 'int');
$userIDWhereString = $db->generateSQLINStatement($acceptedUserArray, 'rule.user_id', false, false, 'int');
$rules = $db->arrayQuery("SELECT rule.user_id, rule.use_digest, ezuser.email as address\n FROM ezsubtree_notification_rule rule, ezuser\n WHERE rule.user_id=ezuser.contentobject_id AND\n {$nodeIDWhereString} AND\n {$userIDWhereString}");
return $rules;
}