/** * Sets the adapter and the tablename of the resource retroactively. * @param string $database name of the database * @param string $table name of the table */ public function init($database, $table = null) { // get the user adapter $username = Daiquiri_Auth::getInstance()->getCurrentUsername(); // check if this database is the user datasbase if ($database === Daiquiri_Config::getInstance()->getUserDbName($username)) { $adapter = Daiquiri_Config::getInstance()->getUserDbAdapter(); } else { // get the database id and check permission on database $databasesResource = new Data_Model_Resource_Databases(); $result = $databasesResource->checkACL($database, 'select'); if ($result !== true) { throw new Daiquiri_Exception_NotFound(); } // check permission on table access if ($table) { $tablesResource = new Data_Model_Resource_Tables(); $result = $tablesResource->checkACL($database, $table, 'select'); if ($result !== true) { throw new Daiquiri_Exception_NotFound(); } } // if everything went ok get adapter $adapter = Daiquiri_Config::getInstance()->getUserDbAdapter($database); } // set adapter and table $this->setAdapter($adapter); if ($table) { $this->setTablename($table); } }
/** * @brief checkDbTable method - checks whether user has access to a given database * and table * @param $database: database name * @param $table: table name * @param $permission: the desired permission * @return TRUE or FALSE * * Checks whether the user has access to the given database and table with the desired * permission. This uses the Data module for ACLing of the databases and tables. The information * stored in the database meta data store is needed for this. */ public function checkDbTable($database, $table, $permission) { // switch of security for debugging if (Daiquiri_Config::getInstance()->auth->debug === '1') { return true; } // check if this is the users database $userDB = Daiquiri_Config::getInstance()->getUserDbName($this->getCurrentUsername()); if ($database === $userDB) { return true; } // check in the data module first, if metadata exists and handle them // accordingly $databasesResource = new Data_Model_Resource_Databases(); if ($databasesResource->checkACL($database, $permission)) { if ($table === false) { return true; } else { // access to database granted, so let's check for table access $tablesResource = new Data_Model_Resource_Tables(); if ($tablesResource->checkACL($database, $table, $permission)) { return true; } } } // scratch database has read access $scratchDB = Daiquiri_Config::getInstance()->query->scratchdb; if (!empty($scratchDB) && $database === $scratchDB && ($permission === "select" || $permission === "set")) { return true; } return false; }