public function GetClassStimulusGrant($iProfile, $sClass, $sStimulusCode)
{
if (isset($this->m_aClassStimulusGrants[$iProfile][$sClass][$sStimulusCode])) {
return $this->m_aClassStimulusGrants[$iProfile][$sClass][$sStimulusCode];
}
// Get the permission for this profile/class/stimulus
$oSearch = DBObjectSearch::FromOQL_AllData("SELECT URP_StimulusGrant WHERE class = :class AND stimulus = :stimulus AND profileid = :profile AND permission = 'yes'");
$oSet = new DBObjectSet($oSearch, array(), array('class' => $sClass, 'stimulus' => $sStimulusCode, 'profile' => $iProfile));
if ($oSet->Count() >= 1) {
$oGrantRecord = $oSet->Fetch();
} else {
$oGrantRecord = null;
}
$this->m_aClassStimulusGrants[$iProfile][$sClass][$sStimulusCode] = $oGrantRecord;
return $oGrantRecord;
}
public function LoadCache()
{
if (!is_null($this->m_aProfiles)) {
return;
}
// Could be loaded in a shared memory (?)
$oKPI = new ExecutionKPI();
if (self::HasSharing()) {
SharedObject::InitSharedClassProperties();
}
$oProfileSet = new DBObjectSet(DBObjectSearch::FromOQL_AllData("SELECT URP_Profiles"));
$this->m_aProfiles = array();
while ($oProfile = $oProfileSet->Fetch()) {
$this->m_aProfiles[$oProfile->GetKey()] = $oProfile;
}
$oKPI->ComputeAndReport('Load of user management cache (excepted Action Grants)');
/*
echo "<pre>\n";
print_r($this->m_aProfiles);
print_r($this->m_aUserProfiles);
print_r($this->m_aUserOrgs);
echo "</pre>\n";
exit;
*/
return true;
}
public function DoCheckToWrite()
{
parent::DoCheckToWrite();
// Note: This MUST be factorized later: declare unique keys (set of columns) in the data model
$aChanges = $this->ListChanges();
if (array_key_exists('login', $aChanges)) {
if (strcasecmp($this->Get('login'), $this->GetOriginal('login')) !== 0) {
$sNewLogin = $aChanges['login'];
$oSearch = DBObjectSearch::FromOQL_AllData("SELECT User WHERE login = :newlogin");
if (!$this->IsNew()) {
$oSearch->AddCondition('id', $this->GetKey(), '!=');
}
$oSet = new DBObjectSet($oSearch, array(), array('newlogin' => $sNewLogin));
if ($oSet->Count() > 0) {
$this->m_aCheckIssues[] = Dict::Format('Class:User/Error:LoginMustBeUnique', $sNewLogin);
}
}
}
// Check that this user has at least one profile assigned
$oSet = $this->Get('profile_list');
if ($oSet->Count() == 0) {
$this->m_aCheckIssues[] = Dict::Format('Class:User/Error:AtLeastOneProfileIsNeeded');
}
}
protected function LoadValues($aArgs, $sContains = '')
{
$this->m_sContains = $sContains;
$this->m_aValues = array();
if ($this->m_bAllowAllData) {
$oFilter = DBObjectSearch::FromOQL_AllData($this->m_sFilterExpr);
} else {
$oFilter = DBObjectSearch::FromOQL($this->m_sFilterExpr);
}
if (!$oFilter) {
return false;
}
foreach ($this->m_aExtraConditions as $oExtraFilter) {
$oFilter = $oFilter->Intersect($oExtraFilter);
}
foreach ($this->m_aModifierProperties as $sPluginClass => $aProperties) {
foreach ($aProperties as $sProperty => $value) {
$oFilter->SetModifierProperty($sPluginClass, $sProperty, $value);
}
}
$oValueExpr = new ScalarExpression('%' . $sContains . '%');
$oNameExpr = new FieldExpression('friendlyname', $oFilter->GetClassAlias());
$oNewCondition = new BinaryExpression($oNameExpr, 'LIKE', $oValueExpr);
$oFilter->AddConditionExpression($oNewCondition);
$oObjects = new DBObjectSet($oFilter, $this->m_aOrderBy, $aArgs);
while ($oObject = $oObjects->Fetch()) {
if (empty($this->m_sValueAttCode)) {
$this->m_aValues[$oObject->GetKey()] = $oObject->GetName();
} else {
$this->m_aValues[$oObject->GetKey()] = $oObject->Get($this->m_sValueAttCode);
}
}
return true;
}
protected function GetUserActionGrant($oUser, $sClass, $iActionCode)
{
$this->LoadCache();
// load and cache permissions for the current user on the given class
//
$iUser = $oUser->GetKey();
$aTest = @$this->m_aObjectActionGrants[$iUser][$sClass][$iActionCode];
if (is_array($aTest)) {
return $aTest;
}
$sAction = self::$m_aActionCodes[$iActionCode];
$iPermission = UR_ALLOWED_NO;
$aAttributes = array();
foreach ($this->GetUserProfiles($iUser) as $iProfile => $oProfile) {
$iGrant = $this->GetProfileActionGrant($iProfile, $sClass, $sAction);
if (is_null($iGrant) || !$iGrant) {
continue;
// loop to the next profile
} else {
$iPermission = UR_ALLOWED_YES;
// update the list of attributes with those allowed for this profile
//
$oSearch = DBObjectSearch::FromOQL_AllData("SELECT URP_AttributeGrant WHERE actiongrantid = :actiongrantid");
$oSet = new DBObjectSet($oSearch, array(), array('actiongrantid' => $iGrant));
$aProfileAttributes = $oSet->GetColumnAsArray('attcode', false);
if (count($aProfileAttributes) == 0) {
$aAllAttributes = array_keys(MetaModel::ListAttributeDefs($sClass));
$aAttributes = array_merge($aAttributes, $aAllAttributes);
} else {
$aAttributes = array_merge($aAttributes, $aProfileAttributes);
}
}
}
$aRes = array('permission' => $iPermission, 'attributes' => $aAttributes);
$this->m_aObjectActionGrants[$iUser][$sClass][$iActionCode] = $aRes;
return $aRes;
}
