/**
* Restrict to owner, and anyone able to update sources in a tank_org.
*
* @param AIR2_Query $q
* @param User $u
* @param string $alias (optional)
*/
public static function query_may_read(AIR2_Query $q, User $u, $alias = null)
{
if ($u->is_system()) {
return;
}
$a = $alias ? "{$alias}." : "";
$uid = $u->user_id;
$authz_str = $u->get_authz_str(ACTION_ORG_SRC_UPDATE, 'to_org_id');
$subselect = "select to_tank_id from tank_org where {$authz_str}";
$q->addWhere("({$a}tank_id in ({$subselect}) or {$a}tank_user_id = {$uid})");
}
/**
* Add custom search query (from the get param 'q')
*
* @return unknown
* @param AIR2_Query $q
* @param string $alias
* @param string $search
* @param boolean $useOr
*/
public static function add_search_str(&$q, $alias, $search, $useOr = null)
{
$a = $alias ? "{$alias}." : "";
$str = "({$a}prj_name LIKE ? OR {$a}prj_display_name LIKE ?)";
if ($useOr) {
$q->orWhere($str, array("%{$search}%", "{$search}%"));
} else {
$q->addWhere($str, array("%{$search}%", "{$search}%"));
}
}
/**
* Restrict user access to Sources based on which Organizations the Sources
* have opted-in with, and what roles the User has in those Organizations.
*
* @param AIR2_Query $q
* @param User $u
* @param string $alias (optional)
*/
public static function query_may_manage(AIR2_Query $q, User $u, $alias = null)
{
if ($u->is_system()) {
return;
}
$a = $alias ? "{$alias}." : "";
// look in cache for manageable sources
$readable_org_ids = $u->get_authz_str(ACTION_ORG_SRC_DELETE, 'soc_org_id');
$cache = "select soc_src_id from src_org_cache where {$readable_org_ids}";
$q->addWhere("{$a}src_id in ({$cache})");
}
/**
* Apply authz rules for who may manage a SrcResponseSet.
*
* @param AIR2_Query $q
* @param User $u
* @param string $alias (optional)
*/
public static function query_may_manage(AIR2_Query $q, User $u, $alias = null)
{
if ($u->is_system()) {
return;
}
$a = $alias ? "{$alias}." : "";
// manageable
$mg_org_ids = $u->get_authz_str(ACTION_ORG_PRJ_INQ_SRS_DELETE, 'porg_org_id', true);
$prj_ids = "select porg_prj_id from project_org where {$mg_org_ids}";
$inq_ids = "select pinq_inq_id from project_inquiry where pinq_prj_id in ({$prj_ids})";
// fetch actual id's, to prevent doctrine from adding its own alias to
// our columns (pinq fields will get re-aliased by doctrine).
$conn = AIR2_DBManager::get_connection();
$rs = $conn->fetchColumn($inq_ids, array(), 0);
$inq_ids = count($rs) ? implode(',', $rs) : 'NULL';
// add to query
$q->addWhere("{$a}srs_inq_id in ({$inq_ids})");
}
/**
* Apply authz rules for who may write.
*
* @param AIR2_Query $q
* @param User $u
* @param string $alias (optional)
*/
public static function query_may_write(AIR2_Query $q, User $u, $alias = null)
{
if ($u->is_system()) {
return;
}
$a = $alias ? "{$alias}." : "";
// readable inquiries
$tmp = AIR2_Query::create();
Inquiry::query_may_read($tmp, $u);
$tmp = array_pop($tmp->getDqlPart('where'));
$inq_ids = "select inq_id from inquiry where {$tmp}";
// add to query
$user_id = $u->user_id;
$own = "{$a}inqan_cre_user = {$user_id}";
$q->addWhere("({$a}inqan_inq_id in ({$inq_ids}) and {$own})");
}
/**
* Add custom search query (from the get param 'q')
*
* @param AIR2_Query $q
* @param string $alias
* @param string $search
* @param boolean $useOr
*/
public static function add_search_str(&$q, $alias, $search, $useOr = null)
{
$mod = 'Organization';
if (InqOrg::$UUID_COL == 'Inquiry:inq_uuid') {
$mod = 'Inquiry';
}
// make sure "Organization" or "Inquiry" is part of the query
$from_parts = $q->getDqlPart('from');
foreach ($from_parts as $string_part) {
if ($match = strpos($string_part, "{$alias}.{$mod}")) {
$offset = strlen("{$alias}.{$mod}") + 1;
// remove space
$org_alias = substr($string_part, $match + $offset);
$a = $org_alias ? "{$org_alias}." : "";
if ($mod == 'Organization') {
$str = "(" . $a . "org_name LIKE ? OR " . $a . "org_display_name LIKE ?)";
} else {
$str = "(" . $a . "inq_title LIKE ? OR " . $a . "inq_ext_title LIKE ?)";
}
if ($useOr) {
$q->orWhere($str, array("%{$search}%", "%{$search}%"));
} else {
$q->addWhere($str, array("%{$search}%", "%{$search}%"));
}
break;
}
}
}
/**
* Add custom search query (from the get param 'q')
*
* @param AIR2_Query $q
* @param string $alias
* @param string $search
* @param boolean $useOr
*/
public static function add_search_str(&$q, $alias, $search, $useOr = null)
{
// make sure "SavedSearch" is part of the query
$from_parts = $q->getDqlPart('from');
foreach ($from_parts as $string_part) {
if ($match = strpos($string_part, "{$alias}.SavedSearch")) {
$offset = strlen("{$alias}.SavedSearch") + 1;
// remove space
$pss_alias = substr($string_part, $match + $offset);
$a = $pss_alias ? "{$pss_alias}." : "";
$str = "(" . $a . "ssearch_name LIKE ?)";
if ($useOr) {
$q->orWhere($str, array("{$search}%"));
} else {
$q->addWhere($str, array("{$search}%"));
}
break;
}
}
}
/**
* Add a query string to for "from" text
*
* @param AIR2_Query $q
* @param string $alias
* @param string $search
* @param boolean $useOr (optional)
*/
public static function add_search_str(&$q, $alias, $search, $useOr = null)
{
$a = $alias ? "{$alias}." : "";
$str = "{$a}xm_xlate_from like ?";
if ($useOr) {
$q->orWhere($str, array("%{$search}%"));
} else {
$q->addWhere($str, array("%{$search}%"));
}
}
/**
* Apply authz rules for who may manage a SrcResponse.
*
* @param AIR2_Query $q
* @param User $u
* @param string $alias (optional)
*/
public static function query_may_manage(AIR2_Query $q, User $u, $alias = null)
{
if ($u->is_system()) {
return;
}
$a = $alias ? "{$alias}." : "";
// manageable src_response_sets
$tmp = AIR2_Query::create();
SrcResponseSet::query_may_manage($tmp, $u);
$tmp = array_pop($tmp->getDqlPart('where'));
$srs_ids = "select srs_id from src_response_set where {$tmp}";
// add to query
$q->addWhere("{$a}sr_srs_id in ({$srs_ids})");
}
/**
* Inherit from Project
*
* @param AIR2_Query $q
* @param User $u
* @param string $alias (optional)
*/
public static function query_may_read(AIR2_Query $q, User $u, $alias = null)
{
if ($u->is_system()) {
return;
}
$a = $alias ? "{$alias}." : "";
// readable projects
$tmp = AIR2_Query::create();
Project::query_may_read($tmp, $u);
$tmp = array_pop($tmp->getDqlPart('where'));
$prj_ids = "select prj_id from project where {$tmp}";
// fetch actual id's, to prevent doctrine from adding its own alias to
// our columns (porg fields will get re-aliased by doctrine).
$conn = AIR2_DBManager::get_connection();
$rs = $conn->fetchColumn($prj_ids, array(), 0);
$prj_ids = count($rs) ? implode(',', $rs) : 'NULL';
$q->addWhere("{$a}porg_prj_id in ({$prj_ids})");
}
/**
* Add custom search query (from the get param 'q')
*
* @param AIR2_Query $q
* @param string $alias
* @param string $search
* @param boolean $useOr
*/
public static function add_search_str(&$q, $alias, $search, $useOr = null)
{
$a = $alias ? "{$alias}." : "";
$str = "(" . $a . "tm_name REGEXP ? OR iptc_name REGEXP ?)";
if ($useOr) {
$q->orWhere($str, array("[[:<:]]{$search}", "[[:<:]]{$search}"));
} else {
$q->addWhere($str, array("[[:<:]]{$search}", "[[:<:]]{$search}"));
}
}
/**
* Apply authz rules for who may manage an Organization
*
* @param AIR2_Query $q
* @param User $u
* @param string $alias (optional)
*/
public static function query_may_manage(AIR2_Query $q, User $u, $alias = null)
{
if ($u->is_system()) {
return;
}
$a = $alias ? "{$alias}." : "";
$org_ids = $u->get_authz_str(ACTION_ORG_DELETE, 'org_id', false);
$q->addWhere($a . $org_ids);
}
/**
* Apply authz rules for who may view the existence of a Saved Search.
*
* @param AIR2_Query $q
* @param User $u
* @param string $alias (optional)
*/
public static function query_may_write(AIR2_Query $q, User $u, $alias = null)
{
if ($u->is_system()) {
return;
}
$a = $alias ? "{$alias}." : "";
$q->addWhere("{$a}ssearch_cre_user = ?", $u->user_id);
}
/**
* Add custom search query (from the get param 'q')
*
* @param AIR2_Query $q
* @param string $alias
* @param string $search
* @param boolean $useOr
*/
public static function add_search_str(&$q, $alias, $search, $useOr = null)
{
$a = $alias ? "{$alias}." : "";
$str = "({$a}email_campaign_name like ? or email_subject_line like ?)";
$params = array("%{$search}%", "%{$search}%");
// try searching cre_user and organization
if ($alias) {
$parts = $q->getDqlPart('from');
foreach ($parts as $dql) {
// CreUser
if (preg_match("/{$alias}.CreUser.*\$/", $dql, $matches)) {
$usr_alias = preg_replace("/{$alias}.CreUser\\s*/", '', $matches[0]);
if ($usr_alias) {
$tmp = Doctrine_Query::create();
User::add_search_str($tmp, $usr_alias, $search);
$usrq = array_pop($tmp->getDqlPart('where'));
$usrp = $tmp->getFlattenedParams();
$str .= " or {$usrq}";
$params = array_merge($params, $usrp);
}
}
// Organization
if (preg_match("/{$alias}.Organization.*\$/", $dql, $matches)) {
$org_alias = preg_replace("/{$alias}.Organization\\s*/", '', $matches[0]);
if ($org_alias) {
$tmp = Doctrine_Query::create();
Organization::add_search_str($tmp, $org_alias, $search);
$orgq = array_pop($tmp->getDqlPart('where'));
$orgp = $tmp->getFlattenedParams();
$str .= " or {$orgq}";
$params = array_merge($params, $orgp);
}
}
}
}
// add to query
if ($useOr) {
$q->orWhere($str, $params);
} else {
$q->addWhere($str, $params);
}
}
/**
* Apply authz rules for who may manage a User.
*
* @param AIR2_Query $q
* @param User $u
* @param string $alias (optional)
*/
public static function query_may_manage(AIR2_Query $q, User $u, $alias = null)
{
if ($u->is_system()) {
return;
}
$a = $alias ? "{$alias}." : "";
// delete-usr authz in org
$manage_org_ids = $u->get_authz_str(ACTION_ORG_USR_DELETE, 'uo_org_id', false);
$stat = UserOrg::$STATUS_ACTIVE;
$usr_ids = "select uo_user_id from user_org where {$manage_org_ids}";
$q->addWhere("{$a}user_id in ({$usr_ids})");
}
/**
* Apply authz rules for who may manage.
*
* @param AIR2_Query $q
* @param User $u
* @param string $alias (optional)
*/
public static function query_may_manage(AIR2_Query $q, User $u, $alias = null)
{
if ($u->is_system()) {
return;
}
$a = $alias ? "{$alias}." : "";
$user_id = $u->user_id;
$prjq = $q->createSubquery();
$prjq->select('prj.prj_id');
$prjq->from('Project prj');
Project::query_may_manage($prjq, $u);
$q->addWhere("{$a}prjan_prj_id IN (" . $prjq->getDql() . ")");
$q->addWhere("{$a}prjan_cre_user = ?", $u->user_id);
}
