/**
* return the value of the right on the given subject (and on the optional resource)
* @param string $subject the key of the subject
* @param string $resource the id of a resource
* @return array list of values corresponding to the right
*/
public function getRight($subject, $resource = null)
{
if ($resource === null && isset(self::$acl[$subject])) {
return self::$acl[$subject];
} elseif (isset(self::$aclres[$subject][$resource])) {
return self::$aclres[$subject][$resource];
}
if (!jAuth::isConnected()) {
// not authificated = no rights
return array();
}
$groups = jAclDbUserGroup::getGroups();
if (count($groups) == 0) {
self::$acl[$subject] = array();
self::$aclres[$subject][$resource] = array();
return array();
}
// recupère toutes les valeurs correspondant aux groupes auquel appartient le user,
// avec le sujet et ressource indiqué
$values = array();
$dao = jDao::get('jelix~jaclrights', jAclDb::getProfile());
$list = $dao->getAllGroupRights($subject, $groups);
foreach ($list as $right) {
$values[] = $right->value;
}
self::$acl[$subject] = $values;
if ($resource !== null) {
$list = $dao->getAllGroupRightsWithRes($subject, $groups, $resource);
foreach ($list as $right) {
$values[] = $right->value;
}
self::$aclres[$subject][$resource] = $values = array_unique($values);
}
return $values;
}
/**
* return a list of group.
*
* if a login is given, it returns only the groups of the user.
* Else it returns all groups (except private groups)
* @param string $login an optional login
* @return array a list of groups object (dao records)
*/
public static function getGroupList($login = '')
{
if ($login === '') {
$daogroup = jDao::get('jelix~jaclgroup', jAclDb::getProfile());
return $daogroup->findAllPublicGroup();
} else {
$daogroup = jDao::get('jelix~jaclgroupsofuser', jAclDb::getProfile());
return $daogroup->getGroupsUser($login);
}
}
protected function cmd_delete()
{
$params = $this->getParam('...');
if (!is_array($params) || count($params) != 2) {
throw new Exception("wrong parameter count");
}
$cnx = jDb::getConnection(jAclDb::getProfile());
$rs = $cnx->query('SELECT count(*) as n FROM jacl_right_values WHERE id_aclvalgrp=' . intval($params[1]) . ' AND value=' . $cnx->quote($params[0]));
if (!$rs) {
throw new Exception("not possible count");
}
$rec = $rs->fetch();
if (!$rec) {
throw new Exception("no count");
}
if ($rec->n == 0) {
throw new Exception("Unknown value or group id");
}
$sql = 'SELECT count(*) as n
FROM jacl_subject s, jacl_rights r
WHERE
s.id_aclvalgrp=' . intval($params[1]) . '
AND s.id_aclsbj = r.id_aclsbj
AND r.value = ' . $cnx->quote($params[0]);
$rs = $cnx->query($sql);
if (!$rs) {
throw new Exception("not possible count");
}
$rec = $rs->fetch();
if (!$rec) {
throw new Exception("no count");
}
if ($rec->n > 0) {
throw new Exception("This value is used in rights setting. Please remove rights which used this value before deleting the value");
}
$sql = "DELETE FROM jacl_right_values WHERE id_aclvalgrp=" . intval($params[1]) . ' AND value=' . $cnx->quote($params[0]);
$cnx->exec($sql);
echo "OK\n";
}
private function _getGrpId($param)
{
$cnx = jDb::getConnection(jAclDb::getProfile());
if (is_numeric($param)) {
if (intval($param) <= 0) {
throw new Exception('invalid group id');
}
$sql = "SELECT id_aclgrp FROM jacl2_group WHERE grouptype <2 AND id_aclgrp = " . $param;
} else {
$sql = "SELECT id_aclgrp FROM jacl2_group WHERE grouptype <2 AND name = " . $cnx->quote($param);
}
$rs = $cnx->query($sql);
if ($rec = $rs->fetch()) {
return $rec->id_aclgrp;
} else {
throw new Exception("this group doesn't exist or is private");
}
}
/**
* Delete the given subject
* @param string $subject the key of the subject
*/
public static function removeSubject($subject)
{
// supprime dans jacl_rights
// supprime dans jacl_subject
$p = jAclDb::getProfile();
$daoright = jDao::get('jelix~jaclrights', $p);
$daoright->deleteBySubject($subject);
$daosbj = jDao::get('jelix~jaclsubject', $p);
$daosbj->delete($subject);
jAcl::clearCache();
}
protected function cmd_changename()
{
$params = $this->getParam('...');
if (!is_array($params) || count($params) != 2) {
throw new Exception("wrong parameter count");
}
$cnx = jDb::getConnection(jAclDb::getProfile());
$sql = "SELECT id_aclgrp, grouptype FROM jacl_group WHERE id_aclgrp=" . intval($params[0]);
$rs = $cnx->query($sql);
if ($rec = $rs->fetch()) {
if ($rec->grouptype == 2) {
throw new Exception("can't change this private group");
}
} else {
throw new Exception("this group doesn't exist");
}
$sql = "UPDATE jacl_group SET name=" . $cnx->quote($params[1]) . " WHERE id_aclgrp=" . intval($params[0]);
$cnx->exec($sql);
echo "OK\n";
}
protected function cmd_subject_delete()
{
$params = $this->getParam('...');
if (!is_array($params) || count($params) != 1) {
throw new Exception("wrong parameter count");
}
$cnx = jDb::getConnection(jAclDb::getProfile());
$sql = "SELECT id_aclsbj FROM jacl_subject WHERE id_aclsbj=" . $cnx->quote($params[0]);
$rs = $cnx->query($sql);
if (!$rs->fetch()) {
throw new Exception("this subject does not exist");
}
$sql = "DELETE FROM jacl_rights WHERE id_aclsbj=";
$sql .= $cnx->quote($params[0]);
$cnx->exec($sql);
$sql = "DELETE FROM jacl_subject WHERE id_aclsbj=";
$sql .= $cnx->quote($params[0]);
$cnx->exec($sql);
echo "OK\n";
}
