/** * Wrong use of array_intersect() in ezsubtreenotificationrule.php * * @link http://issues.ez.no/16248 */ public function testCorrectUsageArrayIntersect() { $access = eZSubtreeNotificationRule::checkObjectAccess( eZContentObject::fetch( 1 ), $this->policy->attribute( 'id' ), array( 14 ) ); $this->assertEquals( array( 14 ), $access ); }
/** * Fetch allowed subtreenotification rules based on node_id list and a * content object * * @param array $nodeIDList node id list for notification event * @param eZContentObject content object to add * * @return array matching subtree notification rule data */ static function fetchUserList($nodeIDList, $contentObject) { if (count($nodeIDList) == 0) { $retValue = array(); return $retValue; } $db = eZDB::instance(); $concatString = $db->concatString(array('user_tree.path_string', "'%'")); // Select affected users $sqlINString = $db->generateSQLINStatement($nodeIDList, 'subtree_rule.node_id', false, false, 'int'); $sql = "SELECT DISTINCT subtree_rule.user_id,\n user_node.node_id\n FROM ezsubtree_notification_rule subtree_rule,\n ezcontentobject_tree user_node,\n ezuser_setting\n WHERE {$sqlINString} AND\n user_node.contentobject_id = subtree_rule.user_id AND\n ezuser_setting.user_id = subtree_rule.user_id AND\n user_node.is_invisible = 0 AND\n ezuser_setting.is_enabled = 1"; $userPart = $db->arrayQuery($sql); // Remove duplicates $userNodeIDList = array(); foreach ($userPart as $row) { $userNodeIDList[] = $row['node_id']; } $userNodeIDList = array_unique($userNodeIDList); if (count($userNodeIDList) == 0) { $retValue = array(); return $retValue; } // Select affected nodes $sqlINString = $db->generateSQLINStatement($userNodeIDList, 'user_node.node_id', false, false, 'int'); $sql = "SELECT DISTINCT user_node.node_id,\n user_node.path_string,\n user_tree.contentobject_id\n FROM ezcontentobject_tree user_node,\n ezcontentobject_tree user_tree\n WHERE {$sqlINString} AND\n user_node.path_string LIKE {$concatString}"; $nodePart = $db->arrayQuery($sql); // Remove duplicates $objectIDList = array(); foreach ($nodePart as $row) { if ($row['contentobject_id'] != '0') { $objectIDList[] = $row['contentobject_id']; } } $objectIDList = array_unique($objectIDList); if (count($objectIDList) == 0) { $retValue = array(); return $retValue; } // Select affected roles and policies $sqlINString = $db->generateSQLINStatement($objectIDList, 'user_role.contentobject_id', false, false, 'int'); $sql = "SELECT DISTINCT user_role.contentobject_id,\n policy.id AS policy_id,\n user_role.limit_identifier AS limitation,\n user_role.limit_value AS value\n FROM ezuser_role user_role,\n ezpolicy policy\n WHERE {$sqlINString} AND\n ( user_role.role_id=policy.role_id AND\n ( policy.module_name='*' OR\n ( policy.module_name='content' AND\n ( policy.function_name='*' OR\n policy.function_name='read'\n )\n )\n )\n )"; $rolePart = $db->arrayQuery($sql); // Build resultArray. Make sure there are no duplicates. $resultArray = array(); foreach ($userPart as $up) { foreach ($nodePart as $np) { if ($up['node_id'] == $np['node_id']) { foreach ($rolePart as $rp) { if ($np['contentobject_id'] == $rp['contentobject_id']) { $key = $rp['policy_id'] . $up['user_id'] . $rp['limitation'] . $rp['value']; $resultArray[$key] = array('policy_id' => $rp['policy_id'], 'user_id' => $up['user_id'], 'limitation' => $rp['limitation'], 'value' => $rp['value']); } } } } } $policyIDArray = array(); $limitedPolicyIDArray = array(); $userIDArray = array(); foreach ($resultArray as $result) { $userIDArray[(string) $result['user_id']] = (int) $result['user_id']; } foreach ($resultArray as $result) { if ($result['limitation'] == '') { $policyIDArray[(string) $result['policy_id']][] =& $userIDArray[(string) $result['user_id']]; } else { $limitedPolicyIDArray[] = array('user_id' => $userIDArray[(string) $result['user_id']], 'limitation' => $result['limitation'], 'value' => $result['value'], 'policyID' => $result['policy_id']); } } $acceptedUserArray = array(); foreach (array_keys($policyIDArray) as $policyID) { foreach (array_keys($policyIDArray[$policyID]) as $key) { if ($policyIDArray[$policyID][$key] === false) { unset($policyIDArray[$policyID][$key]); } } if (count($policyIDArray[$policyID]) == 0) { continue; } $userArray = eZSubtreeNotificationRule::checkObjectAccess($contentObject, $policyID, $policyIDArray[$policyID]); $acceptedUserArray = array_merge($acceptedUserArray, $userArray); foreach ($userArray as $userID) { $userIDArray[(string) $userID] = false; } } foreach ($limitedPolicyIDArray as $policyEntry) { if ($policyEntry['user_id'] === false) { continue; } $userArray = eZSubtreeNotificationRule::checkObjectAccess($contentObject, $policyEntry['policyID'], array($policyEntry['user_id']), array($policyEntry['limitation'] => $policyEntry['value'])); $acceptedUserArray = array_merge($acceptedUserArray, $userArray); foreach ($userArray as $userID) { $userIDArray[(string) $userID] = false; } } $acceptedUserArray = array_unique($acceptedUserArray); foreach (array_keys($acceptedUserArray) as $key) { if (!is_int($acceptedUserArray[$key]) or $acceptedUserArray[$key] == 0) { unset($acceptedUserArray[$key]); } } if (count($acceptedUserArray) == 0) { $retValue = array(); return $retValue; } $nodeIDWhereString = $db->generateSQLINStatement($nodeIDList, 'rule.node_id', false, false, 'int'); $userIDWhereString = $db->generateSQLINStatement($acceptedUserArray, 'rule.user_id', false, false, 'int'); $rules = $db->arrayQuery("SELECT rule.user_id, rule.use_digest, ezuser.email as address\n FROM ezsubtree_notification_rule rule, ezuser\n WHERE rule.user_id=ezuser.contentobject_id AND\n {$nodeIDWhereString} AND\n {$userIDWhereString}"); return $rules; }