/** * Restrict to owner, and anyone able to update sources in a tank_org. * * @param AIR2_Query $q * @param User $u * @param string $alias (optional) */ public static function query_may_read(AIR2_Query $q, User $u, $alias = null) { if ($u->is_system()) { return; } $a = $alias ? "{$alias}." : ""; $uid = $u->user_id; $authz_str = $u->get_authz_str(ACTION_ORG_SRC_UPDATE, 'to_org_id'); $subselect = "select to_tank_id from tank_org where {$authz_str}"; $q->addWhere("({$a}tank_id in ({$subselect}) or {$a}tank_user_id = {$uid})"); }
/** * Add custom search query (from the get param 'q') * * @return unknown * @param AIR2_Query $q * @param string $alias * @param string $search * @param boolean $useOr */ public static function add_search_str(&$q, $alias, $search, $useOr = null) { $a = $alias ? "{$alias}." : ""; $str = "({$a}prj_name LIKE ? OR {$a}prj_display_name LIKE ?)"; if ($useOr) { $q->orWhere($str, array("%{$search}%", "{$search}%")); } else { $q->addWhere($str, array("%{$search}%", "{$search}%")); } }
/** * Restrict user access to Sources based on which Organizations the Sources * have opted-in with, and what roles the User has in those Organizations. * * @param AIR2_Query $q * @param User $u * @param string $alias (optional) */ public static function query_may_manage(AIR2_Query $q, User $u, $alias = null) { if ($u->is_system()) { return; } $a = $alias ? "{$alias}." : ""; // look in cache for manageable sources $readable_org_ids = $u->get_authz_str(ACTION_ORG_SRC_DELETE, 'soc_org_id'); $cache = "select soc_src_id from src_org_cache where {$readable_org_ids}"; $q->addWhere("{$a}src_id in ({$cache})"); }
/** * Apply authz rules for who may manage a SrcResponseSet. * * @param AIR2_Query $q * @param User $u * @param string $alias (optional) */ public static function query_may_manage(AIR2_Query $q, User $u, $alias = null) { if ($u->is_system()) { return; } $a = $alias ? "{$alias}." : ""; // manageable $mg_org_ids = $u->get_authz_str(ACTION_ORG_PRJ_INQ_SRS_DELETE, 'porg_org_id', true); $prj_ids = "select porg_prj_id from project_org where {$mg_org_ids}"; $inq_ids = "select pinq_inq_id from project_inquiry where pinq_prj_id in ({$prj_ids})"; // fetch actual id's, to prevent doctrine from adding its own alias to // our columns (pinq fields will get re-aliased by doctrine). $conn = AIR2_DBManager::get_connection(); $rs = $conn->fetchColumn($inq_ids, array(), 0); $inq_ids = count($rs) ? implode(',', $rs) : 'NULL'; // add to query $q->addWhere("{$a}srs_inq_id in ({$inq_ids})"); }
/** * Apply authz rules for who may write. * * @param AIR2_Query $q * @param User $u * @param string $alias (optional) */ public static function query_may_write(AIR2_Query $q, User $u, $alias = null) { if ($u->is_system()) { return; } $a = $alias ? "{$alias}." : ""; // readable inquiries $tmp = AIR2_Query::create(); Inquiry::query_may_read($tmp, $u); $tmp = array_pop($tmp->getDqlPart('where')); $inq_ids = "select inq_id from inquiry where {$tmp}"; // add to query $user_id = $u->user_id; $own = "{$a}inqan_cre_user = {$user_id}"; $q->addWhere("({$a}inqan_inq_id in ({$inq_ids}) and {$own})"); }
/** * Add custom search query (from the get param 'q') * * @param AIR2_Query $q * @param string $alias * @param string $search * @param boolean $useOr */ public static function add_search_str(&$q, $alias, $search, $useOr = null) { $mod = 'Organization'; if (InqOrg::$UUID_COL == 'Inquiry:inq_uuid') { $mod = 'Inquiry'; } // make sure "Organization" or "Inquiry" is part of the query $from_parts = $q->getDqlPart('from'); foreach ($from_parts as $string_part) { if ($match = strpos($string_part, "{$alias}.{$mod}")) { $offset = strlen("{$alias}.{$mod}") + 1; // remove space $org_alias = substr($string_part, $match + $offset); $a = $org_alias ? "{$org_alias}." : ""; if ($mod == 'Organization') { $str = "(" . $a . "org_name LIKE ? OR " . $a . "org_display_name LIKE ?)"; } else { $str = "(" . $a . "inq_title LIKE ? OR " . $a . "inq_ext_title LIKE ?)"; } if ($useOr) { $q->orWhere($str, array("%{$search}%", "%{$search}%")); } else { $q->addWhere($str, array("%{$search}%", "%{$search}%")); } break; } } }
/** * Add custom search query (from the get param 'q') * * @param AIR2_Query $q * @param string $alias * @param string $search * @param boolean $useOr */ public static function add_search_str(&$q, $alias, $search, $useOr = null) { // make sure "SavedSearch" is part of the query $from_parts = $q->getDqlPart('from'); foreach ($from_parts as $string_part) { if ($match = strpos($string_part, "{$alias}.SavedSearch")) { $offset = strlen("{$alias}.SavedSearch") + 1; // remove space $pss_alias = substr($string_part, $match + $offset); $a = $pss_alias ? "{$pss_alias}." : ""; $str = "(" . $a . "ssearch_name LIKE ?)"; if ($useOr) { $q->orWhere($str, array("{$search}%")); } else { $q->addWhere($str, array("{$search}%")); } break; } } }
/** * Add a query string to for "from" text * * @param AIR2_Query $q * @param string $alias * @param string $search * @param boolean $useOr (optional) */ public static function add_search_str(&$q, $alias, $search, $useOr = null) { $a = $alias ? "{$alias}." : ""; $str = "{$a}xm_xlate_from like ?"; if ($useOr) { $q->orWhere($str, array("%{$search}%")); } else { $q->addWhere($str, array("%{$search}%")); } }
/** * Apply authz rules for who may manage a SrcResponse. * * @param AIR2_Query $q * @param User $u * @param string $alias (optional) */ public static function query_may_manage(AIR2_Query $q, User $u, $alias = null) { if ($u->is_system()) { return; } $a = $alias ? "{$alias}." : ""; // manageable src_response_sets $tmp = AIR2_Query::create(); SrcResponseSet::query_may_manage($tmp, $u); $tmp = array_pop($tmp->getDqlPart('where')); $srs_ids = "select srs_id from src_response_set where {$tmp}"; // add to query $q->addWhere("{$a}sr_srs_id in ({$srs_ids})"); }
/** * Inherit from Project * * @param AIR2_Query $q * @param User $u * @param string $alias (optional) */ public static function query_may_read(AIR2_Query $q, User $u, $alias = null) { if ($u->is_system()) { return; } $a = $alias ? "{$alias}." : ""; // readable projects $tmp = AIR2_Query::create(); Project::query_may_read($tmp, $u); $tmp = array_pop($tmp->getDqlPart('where')); $prj_ids = "select prj_id from project where {$tmp}"; // fetch actual id's, to prevent doctrine from adding its own alias to // our columns (porg fields will get re-aliased by doctrine). $conn = AIR2_DBManager::get_connection(); $rs = $conn->fetchColumn($prj_ids, array(), 0); $prj_ids = count($rs) ? implode(',', $rs) : 'NULL'; $q->addWhere("{$a}porg_prj_id in ({$prj_ids})"); }
/** * Add custom search query (from the get param 'q') * * @param AIR2_Query $q * @param string $alias * @param string $search * @param boolean $useOr */ public static function add_search_str(&$q, $alias, $search, $useOr = null) { $a = $alias ? "{$alias}." : ""; $str = "(" . $a . "tm_name REGEXP ? OR iptc_name REGEXP ?)"; if ($useOr) { $q->orWhere($str, array("[[:<:]]{$search}", "[[:<:]]{$search}")); } else { $q->addWhere($str, array("[[:<:]]{$search}", "[[:<:]]{$search}")); } }
/** * Apply authz rules for who may manage an Organization * * @param AIR2_Query $q * @param User $u * @param string $alias (optional) */ public static function query_may_manage(AIR2_Query $q, User $u, $alias = null) { if ($u->is_system()) { return; } $a = $alias ? "{$alias}." : ""; $org_ids = $u->get_authz_str(ACTION_ORG_DELETE, 'org_id', false); $q->addWhere($a . $org_ids); }
/** * Apply authz rules for who may view the existence of a Saved Search. * * @param AIR2_Query $q * @param User $u * @param string $alias (optional) */ public static function query_may_write(AIR2_Query $q, User $u, $alias = null) { if ($u->is_system()) { return; } $a = $alias ? "{$alias}." : ""; $q->addWhere("{$a}ssearch_cre_user = ?", $u->user_id); }
/** * Add custom search query (from the get param 'q') * * @param AIR2_Query $q * @param string $alias * @param string $search * @param boolean $useOr */ public static function add_search_str(&$q, $alias, $search, $useOr = null) { $a = $alias ? "{$alias}." : ""; $str = "({$a}email_campaign_name like ? or email_subject_line like ?)"; $params = array("%{$search}%", "%{$search}%"); // try searching cre_user and organization if ($alias) { $parts = $q->getDqlPart('from'); foreach ($parts as $dql) { // CreUser if (preg_match("/{$alias}.CreUser.*\$/", $dql, $matches)) { $usr_alias = preg_replace("/{$alias}.CreUser\\s*/", '', $matches[0]); if ($usr_alias) { $tmp = Doctrine_Query::create(); User::add_search_str($tmp, $usr_alias, $search); $usrq = array_pop($tmp->getDqlPart('where')); $usrp = $tmp->getFlattenedParams(); $str .= " or {$usrq}"; $params = array_merge($params, $usrp); } } // Organization if (preg_match("/{$alias}.Organization.*\$/", $dql, $matches)) { $org_alias = preg_replace("/{$alias}.Organization\\s*/", '', $matches[0]); if ($org_alias) { $tmp = Doctrine_Query::create(); Organization::add_search_str($tmp, $org_alias, $search); $orgq = array_pop($tmp->getDqlPart('where')); $orgp = $tmp->getFlattenedParams(); $str .= " or {$orgq}"; $params = array_merge($params, $orgp); } } } } // add to query if ($useOr) { $q->orWhere($str, $params); } else { $q->addWhere($str, $params); } }
/** * Apply authz rules for who may manage a User. * * @param AIR2_Query $q * @param User $u * @param string $alias (optional) */ public static function query_may_manage(AIR2_Query $q, User $u, $alias = null) { if ($u->is_system()) { return; } $a = $alias ? "{$alias}." : ""; // delete-usr authz in org $manage_org_ids = $u->get_authz_str(ACTION_ORG_USR_DELETE, 'uo_org_id', false); $stat = UserOrg::$STATUS_ACTIVE; $usr_ids = "select uo_user_id from user_org where {$manage_org_ids}"; $q->addWhere("{$a}user_id in ({$usr_ids})"); }
/** * Apply authz rules for who may manage. * * @param AIR2_Query $q * @param User $u * @param string $alias (optional) */ public static function query_may_manage(AIR2_Query $q, User $u, $alias = null) { if ($u->is_system()) { return; } $a = $alias ? "{$alias}." : ""; $user_id = $u->user_id; $prjq = $q->createSubquery(); $prjq->select('prj.prj_id'); $prjq->from('Project prj'); Project::query_may_manage($prjq, $u); $q->addWhere("{$a}prjan_prj_id IN (" . $prjq->getDql() . ")"); $q->addWhere("{$a}prjan_cre_user = ?", $u->user_id); }