/** * Get a list of user permissions by action and class of resource * * @param myUser $user - user session * @param string $action - requested ACL action * @param string $class - resource class * * @return QubitQuery list of QubitAclPermissions */ public static function getUserPermissionsByAction($user, $class, $action) { // Get user's groups if ($user->isAuthenticated()) { foreach ($user->listGroups() as $group) { $userGroupIds[] = $group->id; } } else { $userGroupIds = array(QubitAclGroup::ANONYMOUS_ID); } // Find relevant rules $criteria = new Criteria(); $c1 = $criteria->getNewCriterion(QubitAclPermission::ACTION, $action); $c2 = $criteria->getNewCriterion(QubitAclPermission::ACTION, null, Criteria::ISNULL); $c1->addOr($c2); // Find by group/user $c3 = $criteria->getNewCriterion(QubitAclPermission::GROUP_ID, $userGroupIds, Criteria::IN); if ($user->isAuthenticated()) { $c4 = $criteria->getNewCriterion(QubitAclPermission::USER_ID, $user->getUserID()); $c3->addOr($c4); } $c1->addAnd($c3); // Find by object type $criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN); $c4 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL); $c5 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, $class); $c4->addOr($c5); // Final conjunction $c1->addAnd($c4); $criteria->add($c1); return QubitAclPermission::get($criteria); }