/**
* Given an implicit returns the matching explicit user Authorizations.
* Explicit Authorizations can be modified. A null argument will be
* treated as a wildcard.
*
* @param object Authorization $implicitAuthorization
*
* @return object AuthorizationIterator
*
* @throws object AuthorizationException An exception with
* one of the following messages defined in
* org.osid.authorization.AuthorizationException may be thrown:
* {@link
* org.osid.authorization.AuthorizationException#OPERATION_FAILED
* OPERATION_FAILED}, {@link
* org.osid.authorization.AuthorizationException#PERMISSION_DENIED
* PERMISSION_DENIED}, {@link
* org.osid.authorization.AuthorizationException#CONFIGURATION_ERROR
* CONFIGURATION_ERROR}, {@link
* org.osid.authorization.AuthorizationException#UNIMPLEMENTED
* UNIMPLEMENTED}, {@link
* org.osid.authorization.AuthorizationException#NULL_ARGUMENT
* NULL_ARGUMENT}, {@link
* org.osid.authorization.AuthorizationException#UNKNOWN_ID
* UNKNOWN_ID}, {@link
* org.osid.authorization.AuthorizationException#UNKNOWN_TYPE
* UNKNOWN_TYPE}
*
* @access public
*/
function getExplicitUserAZsForImplicitAZ(Authorization $implicitAuthorization)
{
if ($implicitAuthorization->isExplicit()) {
// "The Authorization must be implicit."
throwError(new Error(AuthorizationExeption::OPERATION_FAILED(), "AuthorizationManager", true));
}
$agentId = $implicitAuthorization->getAgentId();
$function = $implicitAuthorization->getFunction();
$functionId = $function->getId();
$qualifier = $implicitAuthorization->getQualifier();
$qualifierId = $qualifier->getId();
$authorizations = $this->_cache->getAZs($agentId->getIdString(), $functionId->getIdString(), $qualifierId->getIdString(), null, true, true, $implicitAuthorization->isActiveNow(), $this->_getContainingGroupIdStrings($agentId));
// isActiveNow
// Make sure that we are only returning explicit AZs for implicit
// AZs, not other explicit AZs at this node. This means, only return
// AZs where the agentId or the qualifier Id are different from those
// of the implicit AZ
$explicitForImplicit = array();
foreach (array_keys($authorizations) as $key) {
$az = $authorizations[$key];
$aId = $az->getAgentId();
$q = $az->getQualifier();
$qId = $q->getId();
if ($agentId->isEqual($aId) && $qualifierId->isEqual($qId)) {
continue;
} else {
$explicitForImplicit[] = $az;
}
}
$i = new HarmoniAuthorizationIterator($explicitForImplicit);
return $i;
}
/**
* Given an implicit returns the matching explicit user Authorizations.
* Explicit Authorizations can be modified. A null argument will be
* treated as a wildcard.
*
* @param object Authorization $implicitAuthorization
*
* @return object AuthorizationIterator
*
* @throws object AuthorizationException An exception with
* one of the following messages defined in
* org.osid.authorization.AuthorizationException may be thrown:
* {@link
* org.osid.authorization.AuthorizationException#OPERATION_FAILED
* OPERATION_FAILED}, {@link
* org.osid.authorization.AuthorizationException#PERMISSION_DENIED
* PERMISSION_DENIED}, {@link
* org.osid.authorization.AuthorizationException#CONFIGURATION_ERROR
* CONFIGURATION_ERROR}, {@link
* org.osid.authorization.AuthorizationException#UNIMPLEMENTED
* UNIMPLEMENTED}, {@link
* org.osid.authorization.AuthorizationException#NULL_ARGUMENT
* NULL_ARGUMENT}, {@link
* org.osid.authorization.AuthorizationException#UNKNOWN_ID
* UNKNOWN_ID}, {@link
* org.osid.authorization.AuthorizationException#UNKNOWN_TYPE
* UNKNOWN_TYPE}
*
* @access public
*/
function getExplicitUserAZsForImplicitAZ(Authorization $implicitAuthorization)
{
if ($implicitAuthorization->isExplicit()) {
// "The Authorization must be implicit."
throwError(new Error(AuthorizationExeption::OPERATION_FAILED(), "AuthorizationManager", true));
}
return new HarmoniIterator(array($implicitAuthorization->getExplicitAZ()));
}
/**
* Answer true if the authorization is an implicit view AZ cascading up from
* a descendent and should hence be ignored when determining roles.
*
* @param object Authorization $az
* @return boolean
* @access protected
* @since 7/11/08
*/
protected function isCascadingUpView(Authorization $az)
{
// We are only interested in implicit AZs
if ($az->isExplicit()) {
return false;
}
// Return false if not a view AZ
$authZ = Services::getService("AuthZ");
$idMgr = Services::getService("Id");
$viewId = $idMgr->getId('edu.middlebury.authorization.view');
if (!$az->getFunction()->getId()->isEqual($viewId)) {
return false;
}
// Load a list of descendents
$qualifierId = $az->getQualifier()->getId();
if (!isset($this->descendentIds)) {
$this->descendentIds = array();
}
if (!isset($this->descendentIds[$qualifierId->getIdString()])) {
$descendents = array();
$descendents = $authZ->getQualifierDescendants($qualifierId);
$descendentIds = array();
while ($descendents->hasNext()) {
$descendentIds[] = $descendents->next()->getId();
}
$this->descendentIds[$qualifierId->getIdString()] = $descendentIds;
}
// Check the explicit AZ's qualifier against our list of descendents.
$explicitAZ = $az->getExplicitAZ();
$explicitQualifierId = $explicitAZ->getQualifier()->getId();
foreach ($this->descendentIds[$qualifierId->getIdString()] as $id) {
if ($id->isEqual($explicitQualifierId)) {
return true;
}
}
return false;
}
