/**
* Get a list of user permissions by action and class of resource
*
* @param myUser $user - user session
* @param string $action - requested ACL action
* @param string $class - resource class
*
* @return QubitQuery list of QubitAclPermissions
*/
public static function getUserPermissionsByAction($user, $class, $action)
{
// Get user's groups
if ($user->isAuthenticated()) {
foreach ($user->listGroups() as $group) {
$userGroupIds[] = $group->id;
}
} else {
$userGroupIds = array(QubitAclGroup::ANONYMOUS_ID);
}
// Find relevant rules
$criteria = new Criteria();
$c1 = $criteria->getNewCriterion(QubitAclPermission::ACTION, $action);
$c2 = $criteria->getNewCriterion(QubitAclPermission::ACTION, null, Criteria::ISNULL);
$c1->addOr($c2);
// Find by group/user
$c3 = $criteria->getNewCriterion(QubitAclPermission::GROUP_ID, $userGroupIds, Criteria::IN);
if ($user->isAuthenticated()) {
$c4 = $criteria->getNewCriterion(QubitAclPermission::USER_ID, $user->getUserID());
$c3->addOr($c4);
}
$c1->addAnd($c3);
// Find by object type
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$c4 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c5 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, $class);
$c4->addOr($c5);
// Final conjunction
$c1->addAnd($c4);
$criteria->add($c1);
return QubitAclPermission::get($criteria);
}
