public function GetClassStimulusGrant($iProfile, $sClass, $sStimulusCode) { if (isset($this->m_aClassStimulusGrants[$iProfile][$sClass][$sStimulusCode])) { return $this->m_aClassStimulusGrants[$iProfile][$sClass][$sStimulusCode]; } // Get the permission for this profile/class/stimulus $oSearch = DBObjectSearch::FromOQL_AllData("SELECT URP_StimulusGrant WHERE class = :class AND stimulus = :stimulus AND profileid = :profile AND permission = 'yes'"); $oSet = new DBObjectSet($oSearch, array(), array('class' => $sClass, 'stimulus' => $sStimulusCode, 'profile' => $iProfile)); if ($oSet->Count() >= 1) { $oGrantRecord = $oSet->Fetch(); } else { $oGrantRecord = null; } $this->m_aClassStimulusGrants[$iProfile][$sClass][$sStimulusCode] = $oGrantRecord; return $oGrantRecord; }
public function LoadCache() { if (!is_null($this->m_aProfiles)) { return; } // Could be loaded in a shared memory (?) $oKPI = new ExecutionKPI(); if (self::HasSharing()) { SharedObject::InitSharedClassProperties(); } $oProfileSet = new DBObjectSet(DBObjectSearch::FromOQL_AllData("SELECT URP_Profiles")); $this->m_aProfiles = array(); while ($oProfile = $oProfileSet->Fetch()) { $this->m_aProfiles[$oProfile->GetKey()] = $oProfile; } $oKPI->ComputeAndReport('Load of user management cache (excepted Action Grants)'); /* echo "<pre>\n"; print_r($this->m_aProfiles); print_r($this->m_aUserProfiles); print_r($this->m_aUserOrgs); echo "</pre>\n"; exit; */ return true; }
public function DoCheckToWrite() { parent::DoCheckToWrite(); // Note: This MUST be factorized later: declare unique keys (set of columns) in the data model $aChanges = $this->ListChanges(); if (array_key_exists('login', $aChanges)) { if (strcasecmp($this->Get('login'), $this->GetOriginal('login')) !== 0) { $sNewLogin = $aChanges['login']; $oSearch = DBObjectSearch::FromOQL_AllData("SELECT User WHERE login = :newlogin"); if (!$this->IsNew()) { $oSearch->AddCondition('id', $this->GetKey(), '!='); } $oSet = new DBObjectSet($oSearch, array(), array('newlogin' => $sNewLogin)); if ($oSet->Count() > 0) { $this->m_aCheckIssues[] = Dict::Format('Class:User/Error:LoginMustBeUnique', $sNewLogin); } } } // Check that this user has at least one profile assigned $oSet = $this->Get('profile_list'); if ($oSet->Count() == 0) { $this->m_aCheckIssues[] = Dict::Format('Class:User/Error:AtLeastOneProfileIsNeeded'); } }
protected function LoadValues($aArgs, $sContains = '') { $this->m_sContains = $sContains; $this->m_aValues = array(); if ($this->m_bAllowAllData) { $oFilter = DBObjectSearch::FromOQL_AllData($this->m_sFilterExpr); } else { $oFilter = DBObjectSearch::FromOQL($this->m_sFilterExpr); } if (!$oFilter) { return false; } foreach ($this->m_aExtraConditions as $oExtraFilter) { $oFilter = $oFilter->Intersect($oExtraFilter); } foreach ($this->m_aModifierProperties as $sPluginClass => $aProperties) { foreach ($aProperties as $sProperty => $value) { $oFilter->SetModifierProperty($sPluginClass, $sProperty, $value); } } $oValueExpr = new ScalarExpression('%' . $sContains . '%'); $oNameExpr = new FieldExpression('friendlyname', $oFilter->GetClassAlias()); $oNewCondition = new BinaryExpression($oNameExpr, 'LIKE', $oValueExpr); $oFilter->AddConditionExpression($oNewCondition); $oObjects = new DBObjectSet($oFilter, $this->m_aOrderBy, $aArgs); while ($oObject = $oObjects->Fetch()) { if (empty($this->m_sValueAttCode)) { $this->m_aValues[$oObject->GetKey()] = $oObject->GetName(); } else { $this->m_aValues[$oObject->GetKey()] = $oObject->Get($this->m_sValueAttCode); } } return true; }
protected function GetUserActionGrant($oUser, $sClass, $iActionCode) { $this->LoadCache(); // load and cache permissions for the current user on the given class // $iUser = $oUser->GetKey(); $aTest = @$this->m_aObjectActionGrants[$iUser][$sClass][$iActionCode]; if (is_array($aTest)) { return $aTest; } $sAction = self::$m_aActionCodes[$iActionCode]; $iPermission = UR_ALLOWED_NO; $aAttributes = array(); foreach ($this->GetUserProfiles($iUser) as $iProfile => $oProfile) { $iGrant = $this->GetProfileActionGrant($iProfile, $sClass, $sAction); if (is_null($iGrant) || !$iGrant) { continue; // loop to the next profile } else { $iPermission = UR_ALLOWED_YES; // update the list of attributes with those allowed for this profile // $oSearch = DBObjectSearch::FromOQL_AllData("SELECT URP_AttributeGrant WHERE actiongrantid = :actiongrantid"); $oSet = new DBObjectSet($oSearch, array(), array('actiongrantid' => $iGrant)); $aProfileAttributes = $oSet->GetColumnAsArray('attcode', false); if (count($aProfileAttributes) == 0) { $aAllAttributes = array_keys(MetaModel::ListAttributeDefs($sClass)); $aAttributes = array_merge($aAttributes, $aAllAttributes); } else { $aAttributes = array_merge($aAttributes, $aProfileAttributes); } } } $aRes = array('permission' => $iPermission, 'attributes' => $aAttributes); $this->m_aObjectActionGrants[$iUser][$sClass][$iActionCode] = $aRes; return $aRes; }