/** * Short description of method checkNoIsolatedActivity * * @access public * @author Joel Bout, <*****@*****.**> * @return boolean */ public function checkNoIsolatedActivity() { $returnValue = (bool) false; $returnValue = true; //need to be initiated as true $this->isolatedActivities = array(); $connectorsClass = new core_kernel_classes_Class(CLASS_CONNECTORS); $process = $this->process; foreach ($this->authoringService->getActivitiesByProcess($process) as $activity) { if (!$this->activityService->isInitial($activity)) { //should have a previous activity: $connectors = $connectorsClass->searchInstances(array(PROPERTY_STEP_NEXT => $activity->getUri()), array('like' => false, 'recursive' => 0)); if (empty($connectors)) { $returnValue = false; $this->isolatedActivities[$activity->getUri()] = $activity; } } } return (bool) $returnValue; }
/** * Check the ACL of a user for a given activity. * It returns false if the user cannot access the activity. * * @access public * @author Somsack Sipasseuth, <*****@*****.**> * @param Resource activityExecution * @param Resource currentUser * @param Resource processExecution * @return boolean */ public function checkAcl(core_kernel_classes_Resource $activityExecution, core_kernel_classes_Resource $currentUser, core_kernel_classes_Resource $processExecution = null) { $returnValue = (bool) false; if (!is_null($activityExecution) && !is_null($currentUser)) { if (is_null($processExecution)) { $processExecution = $this->getRelatedProcessExecution($activityExecution); } //get cached value: $cachedValue = $this->getCache(__METHOD__, array($activityExecution, $currentUser, $processExecution)); if (!is_null($cachedValue) && is_bool($cachedValue)) { // var_dump('ACL results from cache '.$activityExecution->getUri().' '.$currentUser->getLabel()); $returnValue = $cachedValue; return $returnValue; } //activity and current must be set to the activty execution otherwise a common Exception is thrown $modeUri = $activityExecution->getOnePropertyValue($this->ACLModeProperty); if (is_null($modeUri)) { $returnValue = true; //if no mode defined, the activity is allowed } else { switch ($modeUri->getUri()) { //check if th current user is the restricted user case INSTANCE_ACL_USER: $activityUser = $this->getRestrictedUser($activityExecution); if (!is_null($activityUser)) { if ($activityUser->getUri() == $currentUser->getUri()) { $returnValue = true; } } break; //check if the current user has the restricted role //check if the current user has the restricted role case INSTANCE_ACL_ROLE: $userService = tao_models_classes_UserService::singleton(); $activityRole = $this->getRestrictedRole($activityExecution); $returnValue = $userService->userHasRoles($currentUser, $activityRole); break; //check if the current user has the restricted role and is the restricted user //check if the current user has the restricted role and is the restricted user case INSTANCE_ACL_ROLE_RESTRICTED_USER: //check if an activity execution already exists for the current activity or if there are several in parallel, check if there is one spot available. If so create the activity execution: //need to know the current process execution, from it, get the process definition and the number of activity executions associated to it. //from the process definition get the number of allowed activity executions for this activity definition (normally only 1 but can be more, for a parallel connector) $userService = tao_models_classes_UserService::singleton(); $activityRole = $this->getRestrictedRole($activityExecution); if (true === $userService->userHasRoles($currentUser, $activityRole)) { $assignedUser = $this->getActivityExecutionUser($activityExecution); if (is_null($assignedUser) || $assignedUser->getUri() == $currentUser->getUri()) { $returnValue = true; } } break; //check if the current user has the restricted role and is the restricted user based on the previous activity with the given role //check if the current user has the restricted role and is the restricted user based on the previous activity with the given role case INSTANCE_ACL_ROLE_RESTRICTED_USER_INHERITED: $userService = tao_models_classes_UserService::singleton(); $activityRole = $this->getRestrictedRole($activityExecution); if (true === $userService->userHasRoles($currentUser, $activityRole)) { $roleSearchPattern = array(); $roleSearchPattern[] = $activityRole->getUri(); $relatedProcessVariable = $this->getRestrictedRole($activityExecution, false); if (!is_null($relatedProcessVariable) && $relatedProcessVariable->getUri() != $activityRole->getUri()) { $roleSearchPattern[] = $relatedProcessVariable->getUri(); } //search for a past activity execution that has the the right role: $activityExecutionsClass = new core_kernel_classes_Class(CLASS_ACTIVITY_EXECUTION); $pastActivityExecutions = $activityExecutionsClass->searchInstances(array(PROPERTY_ACTIVITY_EXECUTION_ACTIVITY => $this->getExecutionOf($activityExecution)->getUri(), PROPERTY_ACTIVITY_EXECUTION_PROCESSEXECUTION => $processExecution->getUri(), PROPERTY_ACTIVITY_EXECUTION_ACL_MODE => INSTANCE_ACL_ROLE_RESTRICTED_USER_INHERITED, PROPERTY_ACTIVITY_EXECUTION_RESTRICTED_ROLE => $roleSearchPattern), array('like' => false)); $count = count($pastActivityExecutions); if ($count > 0) { foreach ($pastActivityExecutions as $pastActivityExecution) { $pastUser = $this->getActivityExecutionUser($pastActivityExecution); if (!is_null($pastUser)) { if ($pastUser->getUri() == $currentUser->getUri()) { $returnValue = true; //user's activity execution } break 2; } else { continue; } } $returnValue = true; //no user has taken it } else { //throw exception here, since there should be at least the current acitivty exec here throw new wfEngine_models_classes_ProcessExecutionException('cannot even found a single activity execution that for the inherited role'); } break; } break; //special case for deliveries //special case for deliveries case INSTANCE_ACL_ROLE_RESTRICTED_USER_DELIVERY: $userService = tao_models_classes_UserService::singleton(); $activity = $this->getExecutionOf($activityExecution); if ($this->activityService->isInitial($activity)) { $activityRole = $this->getRestrictedRole($activityExecution); $returnValue = $userService->userHasRoles($currentUser, $activityRole); } else { $process = $processExecution->getOnePropertyValue(new core_kernel_classes_Property(PROPERTY_PROCESSINSTANCES_EXECUTIONOF)); if (!is_null($process)) { $processDefinitionService = wfEngine_models_classes_ProcessDefinitionService::singleton(); foreach ($processDefinitionService->getRootActivities($process) as $initialActivity) { if (!is_null($this->getExecution($initialActivity, $currentUser, $processExecution))) { $returnValue = true; } break; } } } break; } } //set cached value: if (is_null($cachedValue) || !is_bool($cachedValue)) { $this->setCache(__METHOD__, array($activityExecution, $currentUser, $processExecution), $returnValue); } } return (bool) $returnValue; }