/**
  * Deletes an existing Authorization.
  * 
  * @param object Authorization $authorization
  * 
  * @throws object AuthorizationException An exception with
  *		   one of the following messages defined in
  *		   org.osid.authorization.AuthorizationException may be thrown:
  *		   {@link
  *		   org.osid.authorization.AuthorizationException#OPERATION_FAILED
  *		   OPERATION_FAILED}, {@link
  *		   org.osid.authorization.AuthorizationException#PERMISSION_DENIED
  *		   PERMISSION_DENIED}, {@link
  *		   org.osid.authorization.AuthorizationException#CONFIGURATION_ERROR
  *		   CONFIGURATION_ERROR}, {@link
  *		   org.osid.authorization.AuthorizationException#UNIMPLEMENTED
  *		   UNIMPLEMENTED}, {@link
  *		   org.osid.authorization.AuthorizationException#NULL_ARGUMENT
  *		   NULL_ARGUMENT}, {@link
  *		   org.osid.authorization.AuthorizationException#UNKNOWN_ID
  *		   UNKNOWN_ID}
  * 
  * @access public
  */
 function deleteAuthorization(Authorization $authorization)
 {
     $qualifier = $authorization->getQualifier();
     $qualifierId = $qualifier->getId();
     $this->_cache->deleteAuthorization($authorization);
     $isAuthorizedCache = $this->getIsAuthorizedCache();
     $isAuthorizedCache->dirtyNode($qualifierId);
 }
Пример #2
0
 /**
  * Answer true if the authorization is an implicit view AZ cascading up from
  * a descendent and should hence be ignored when determining roles.
  * 
  * @param object Authorization $az
  * @return boolean
  * @access protected
  * @since 7/11/08
  */
 protected function isCascadingUpView(Authorization $az)
 {
     // We are only interested in implicit AZs
     if ($az->isExplicit()) {
         return false;
     }
     // Return false if not a view AZ
     $authZ = Services::getService("AuthZ");
     $idMgr = Services::getService("Id");
     $viewId = $idMgr->getId('edu.middlebury.authorization.view');
     if (!$az->getFunction()->getId()->isEqual($viewId)) {
         return false;
     }
     // Load a list of descendents
     $qualifierId = $az->getQualifier()->getId();
     if (!isset($this->descendentIds)) {
         $this->descendentIds = array();
     }
     if (!isset($this->descendentIds[$qualifierId->getIdString()])) {
         $descendents = array();
         $descendents = $authZ->getQualifierDescendants($qualifierId);
         $descendentIds = array();
         while ($descendents->hasNext()) {
             $descendentIds[] = $descendents->next()->getId();
         }
         $this->descendentIds[$qualifierId->getIdString()] = $descendentIds;
     }
     // Check the explicit AZ's qualifier against our list of descendents.
     $explicitAZ = $az->getExplicitAZ();
     $explicitQualifierId = $explicitAZ->getQualifier()->getId();
     foreach ($this->descendentIds[$qualifierId->getIdString()] as $id) {
         if ($id->isEqual($explicitQualifierId)) {
             return true;
         }
     }
     return false;
 }
 /**
  * Given an implicit returns the matching explicit user Authorizations.
  * Explicit Authorizations can be modified.	 A null argument will be
  * treated as a wildcard.
  * 
  * @param object Authorization $implicitAuthorization
  *	
  * @return object AuthorizationIterator
  * 
  * @throws object AuthorizationException An exception with
  *		   one of the following messages defined in
  *		   org.osid.authorization.AuthorizationException may be thrown:
  *		   {@link
  *		   org.osid.authorization.AuthorizationException#OPERATION_FAILED
  *		   OPERATION_FAILED}, {@link
  *		   org.osid.authorization.AuthorizationException#PERMISSION_DENIED
  *		   PERMISSION_DENIED}, {@link
  *		   org.osid.authorization.AuthorizationException#CONFIGURATION_ERROR
  *		   CONFIGURATION_ERROR}, {@link
  *		   org.osid.authorization.AuthorizationException#UNIMPLEMENTED
  *		   UNIMPLEMENTED}, {@link
  *		   org.osid.authorization.AuthorizationException#NULL_ARGUMENT
  *		   NULL_ARGUMENT}, {@link
  *		   org.osid.authorization.AuthorizationException#UNKNOWN_ID
  *		   UNKNOWN_ID}, {@link
  *		   org.osid.authorization.AuthorizationException#UNKNOWN_TYPE
  *		   UNKNOWN_TYPE}
  * 
  * @access public
  */
 function getExplicitUserAZsForImplicitAZ(Authorization $implicitAuthorization)
 {
     if ($implicitAuthorization->isExplicit()) {
         // "The Authorization must be implicit."
         throwError(new Error(AuthorizationExeption::OPERATION_FAILED(), "AuthorizationManager", true));
     }
     $agentId = $implicitAuthorization->getAgentId();
     $function = $implicitAuthorization->getFunction();
     $functionId = $function->getId();
     $qualifier = $implicitAuthorization->getQualifier();
     $qualifierId = $qualifier->getId();
     $authorizations = $this->_cache->getAZs($agentId->getIdString(), $functionId->getIdString(), $qualifierId->getIdString(), null, true, true, $implicitAuthorization->isActiveNow(), $this->_getContainingGroupIdStrings($agentId));
     // isActiveNow
     // Make sure that we are only returning explicit AZs for implicit
     // AZs, not other explicit AZs at this node. This means, only return
     // AZs where the agentId or the qualifier Id are different from those
     // of the implicit AZ
     $explicitForImplicit = array();
     foreach (array_keys($authorizations) as $key) {
         $az = $authorizations[$key];
         $aId = $az->getAgentId();
         $q = $az->getQualifier();
         $qId = $q->getId();
         if ($agentId->isEqual($aId) && $qualifierId->isEqual($qId)) {
             continue;
         } else {
             $explicitForImplicit[] = $az;
         }
     }
     $i = new HarmoniAuthorizationIterator($explicitForImplicit);
     return $i;
 }
 /**
  * Create implicit Authorizations for an explicit authorization going up the
  * hierarchy.
  * 
  * @param object Authorization $explicitAZ
  * @return void
  * @access protected
  * @since 4/21/08
  */
 public function createImplicitAZsUpForAZ(Authorization $explicitAZ)
 {
     $idMgr = Services::getService("Id");
     if (!$explicitAZ->getFunction()->getId()->isEqual($idMgr->getId("edu.middlebury.authorization.view"))) {
         return;
     }
     $ancestorIds = $this->getQualifierAncestorIds($explicitAZ->getQualifier()->getId());
     $this->createImplicitAZs(array($explicitAZ), $ancestorIds);
 }