/**
* Sets the adapter and the tablename of the resource retroactively.
* @param string $database name of the database
* @param string $table name of the table
*/
public function init($database, $table = null)
{
// get the user adapter
$username = Daiquiri_Auth::getInstance()->getCurrentUsername();
// check if this database is the user datasbase
if ($database === Daiquiri_Config::getInstance()->getUserDbName($username)) {
$adapter = Daiquiri_Config::getInstance()->getUserDbAdapter();
} else {
// get the database id and check permission on database
$databasesResource = new Data_Model_Resource_Databases();
$result = $databasesResource->checkACL($database, 'select');
if ($result !== true) {
throw new Daiquiri_Exception_NotFound();
}
// check permission on table access
if ($table) {
$tablesResource = new Data_Model_Resource_Tables();
$result = $tablesResource->checkACL($database, $table, 'select');
if ($result !== true) {
throw new Daiquiri_Exception_NotFound();
}
}
// if everything went ok get adapter
$adapter = Daiquiri_Config::getInstance()->getUserDbAdapter($database);
}
// set adapter and table
$this->setAdapter($adapter);
if ($table) {
$this->setTablename($table);
}
}
/**
* @brief checkDbTable method - checks whether user has access to a given database
* and table
* @param $database: database name
* @param $table: table name
* @param $permission: the desired permission
* @return TRUE or FALSE
*
* Checks whether the user has access to the given database and table with the desired
* permission. This uses the Data module for ACLing of the databases and tables. The information
* stored in the database meta data store is needed for this.
*/
public function checkDbTable($database, $table, $permission)
{
// switch of security for debugging
if (Daiquiri_Config::getInstance()->auth->debug === '1') {
return true;
}
// check if this is the users database
$userDB = Daiquiri_Config::getInstance()->getUserDbName($this->getCurrentUsername());
if ($database === $userDB) {
return true;
}
// check in the data module first, if metadata exists and handle them
// accordingly
$databasesResource = new Data_Model_Resource_Databases();
if ($databasesResource->checkACL($database, $permission)) {
if ($table === false) {
return true;
} else {
// access to database granted, so let's check for table access
$tablesResource = new Data_Model_Resource_Tables();
if ($tablesResource->checkACL($database, $table, $permission)) {
return true;
}
}
}
// scratch database has read access
$scratchDB = Daiquiri_Config::getInstance()->query->scratchdb;
if (!empty($scratchDB) && $database === $scratchDB && ($permission === "select" || $permission === "set")) {
return true;
}
return false;
}
