/** * Drop the privilege. If we are a known DB record, we delete us, otherwise * we return silently. * * @return boolean Indicating success. */ public function drop() { $this->_sync_to_db_object(); if (!$this->__guid) { debug_add('We are not stored, GUID is empty. Ignoring silently.'); return true; } if (!$this->validate()) { debug_add('This privilege failed to validate, rejecting to drop it, see the debug log for details.', MIDCOM_LOG_WARN); debug_print_r('Privilege dump:', $this); return false; } if (!$this->__privilege_object->guid) { // We created this via collector, instantiate a new one $privilege = new midcom_core_privilege($this->__guid); return $privilege->drop(); } try { if (!$this->__privilege_object->delete()) { debug_add('Failed to delete privilege record, aborting. Error: ' . midcom_connection::get_error_string(), MIDCOM_LOG_ERROR); return false; } } catch (Exception $e) { debug_add('Failed to delete privilege record, aborting. Error: ' . $e->getMessage(), MIDCOM_LOG_ERROR); return false; } debug_add("Delete privilege record {$this->__guid} ({$this->__privilege_object->objectguid} {$this->__privilege_object->privilegename} {$this->__privilege_object->assignee} {$this->__privilege_object->value}"); $this->__privilege_object->purge(); $this->_invalidate_cache(); $this->value = MIDCOM_PRIVILEGE_INHERIT; return true; }
/** * This is an internal helper adds full privileges to the owner of the object. * This is essentially sets the midgard:owner privilege for the current user. * * @param midcom_core_dbaobject $object The DBA object we're working on */ private static function _set_owner_privileges(midcom_core_dbaobject $object) { if (!midcom::get('auth')->user) { debug_add("Could not retrieve the midcom_core_user instance for the creator of " . get_class($object) . " {$object->guid}, skipping owner privilege assignment.", MIDCOM_LOG_INFO); return; } // Circumvent the main privilege class as we need full access here regardless of // the actual circumstances. $privilege = new midcom_core_privilege_db(); $privilege->assignee = midcom::get('auth')->user->id; $privilege->privilegename = 'midgard:owner'; $privilege->objectguid = $object->guid; $privilege->value = MIDCOM_PRIVILEGE_ALLOW; if (!$privilege->create()) { debug_add("Could not set the owner privilege {$privilege->privilegename} for {$object->guid}, see debug level log for details. Last Midgard Error: " . midcom_connection::get_error_string(), MIDCOM_LOG_WARN); return; } }