public function checkActionAccessByGroups(action $action, array $groups)
{
static $groupMapper;
profiler::addStack('acl::check');
$actionAclGroups = $action->getAcl();
$actionAclGroups[] = $action->getAclGroupName();
$actionAclGroups[] = aclManager::ACL__GROUP_ROOT;
$actionAclGroups = array_unique($actionAclGroups, SORT_ASC);
$actionGroupsCacheKey = 'acl/groups/' . md5(implode(',', $actionAclGroups));
$actionGroups = cache::getCached($actionGroupsCacheKey);
if (!$actionGroups) {
if ($groupMapper === null) {
$groupMapper = groupMapper::getInstance();
}
$cursor = $groupMapper->getAllBy([groupMapper::FIELD__GROUP_ALIAS => ['$in' => $actionAclGroups]]);
$actionGroups = $this->expandGroupsByCursor($cursor);
cache::setCached($actionGroupsCacheKey, $actionGroups, 3600);
}
$groups = array_unique($groups, SORT_ASC);
$userGroupsCacheKey = 'acl/groups/' . md5(implode(',', $groups));
$userGroups = cache::getCached($userGroupsCacheKey);
if (!$userGroups) {
if ($groupMapper === null) {
$groupMapper = groupMapper::getInstance();
}
$cursor = $groupMapper->getAllBy([groupMapper::FIELD__GROUP_ALIAS => ['$in' => $groups]]);
$userGroups = $this->expandGroupsByCursor($cursor);
cache::setCached($userGroupsCacheKey, $userGroups, 3600);
}
$found = array_intersect($userGroups, $actionGroups);
if (count($found) > 0) {
return self::success($found, self::ACL__OK);
} else {
return self::error(['message' => 'Forbidden'], self::ACL__FORBIDDEN);
}
}
