/**
* return the value of the right on the given subject (and on the optional resource).
*
* The resource "-" (meaning 'all resources') has the priority over specific resources.
* It means that if you give a specific resource, it will be ignored if there is a positive right
* with "-". The right on the given resource will be checked if there is no rights for "-".
*
* @param string $subject the key of the subject
* @param string $resource the id of a resource
* @return boolean true if the user has the right on the given subject
*/
public function getRight($subject, $resource = '-')
{
if (!jAuth::isConnected()) {
return $this->getAnonymousRight($subject, $resource);
}
if (empty($resource)) {
$resource = '-';
}
$login = jCache::normalizeKey(jAuth::getUserSession()->login);
$rightkey = 'acl2db/' . $login . '/rights';
$groups = null;
if ($this->acl === null) {
$rights = jCache::get($rightkey, 'acl2db');
if ($rights === false) {
$this->acl = array();
// let's load all rights for the groups on which the current user is attached
$groups = jAcl2DbUserGroup::getGroups();
if (count($groups)) {
$dao = jDao::get('jacl2db~jacl2rights', 'jacl2_profile');
foreach ($dao->getRightsByGroups($groups) as $rec) {
// if there is already a right on a same subject on an other group
// we should take care when this rights says "cancel"
if (isset($this->acl[$rec->id_aclsbj])) {
if ($rec->canceled) {
$this->acl[$rec->id_aclsbj] = false;
}
} else {
$this->acl[$rec->id_aclsbj] = $rec->canceled ? false : true;
}
}
}
jCache::set($rightkey, $this->acl, null, 'acl2db');
} else {
$this->acl = $rights;
}
}
if (!isset($this->acl[$subject])) {
$this->acl[$subject] = false;
jCache::set($rightkey, $this->acl, null, 'acl2db');
}
// no resource given, just return the global right for the given subject
if ($resource == '-') {
return $this->acl[$subject];
}
$rightreskey = 'acl2db/' . $login . '/rightsres/' . $subject;
if (!isset($this->aclres[$subject])) {
$rights = jCache::get($rightreskey, 'acl2db');
if ($rights !== false) {
$this->aclres[$subject] = $rights;
}
}
// if we already have loaded the corresponding right, returns it
if (isset($this->aclres[$subject][$resource])) {
return $this->aclres[$subject][$resource];
}
// default right for the resource is the global right
$this->aclres[$subject][$resource] = $this->acl[$subject];
// if the general right is not given, check the specific right for the resource
if (!$this->acl[$subject]) {
if ($groups === null) {
$groups = jAcl2DbUserGroup::getGroups();
}
if (count($groups)) {
$dao = jDao::get('jacl2db~jacl2rights', 'jacl2_profile');
$right = $dao->getRightWithRes($subject, $groups, $resource);
$this->aclres[$subject][$resource] = $right != false ? $right->canceled ? false : true : false;
}
jCache::set($rightreskey, $this->aclres[$subject], null, 'acl2db');
return $this->aclres[$subject][$resource];
} else {
jCache::set($rightreskey, $this->aclres[$subject], null, 'acl2db');
return true;
}
}
