PHP CB Security::getEstimatedUserAccessForObject示例

示例#1

文件： Security.php 项目： youprofit/casebox

 /**
  * update a security set
  * @param  int  $set_id
  * @param  int  $onlyForUserId
  * @return void
  */
 public static function updateSecuritySet($set_id, $onlyForUserId = false)
 {
     $acl = array();
     /* get set */
     $set = '';
     $res = DB\dbQuery('SELECT `set`
         FROM tree_acl_security_sets
         WHERE id = $1', $set_id) or die(DB\dbQueryError());
     if ($r = $res->fetch_assoc()) {
         $set = $r['set'];
     }
     $res->close();
     /* end of get set*/
     $obj_ids = explode(',', $set);
     $everyoneGroupId = static::getSystemGroupId('everyone');
     $users = array();
     $updatingUser = false;
     /* iterate the full set of access credentials(users and/or groups)
        and estimate access for every user including everyone group */
     if (!empty($set)) {
         $object_id = $obj_ids[sizeof($obj_ids) - 1];
         $groupUsers = array();
         if (!empty($onlyForUserId)) {
             $groupUsers = static::getGroupUserIds($onlyForUserId);
             if (empty($groupUsers)) {
                 $updatingUser = true;
                 $users[$onlyForUserId] = Security::getEstimatedUserAccessForObject($object_id, $onlyForUserId);
             }
         }
         if (!$updatingUser) {
             $res = DB\dbQuery('SELECT DISTINCT
                     u.id
                     ,u.`type`
                 FROM tree_acl a
                 JOIN users_groups u on a.user_group_id = u.id
                 WHERE a.node_id in(0' . implode(',', $obj_ids) . ')
                 ORDER BY u.`type`') or die(DB\dbQueryError());
             while ($r = $res->fetch_assoc()) {
                 $group_users = array();
                 if ($r['id'] == $everyoneGroupId || $r['type'] == 2) {
                     $group_users[] = $r['id'];
                 } else {
                     $group_users = Security::getGroupUserIds($r['id']);
                 }
                 foreach ($group_users as $user_id) {
                     if (empty($users[$user_id])) {
                         $users[$user_id] = Security::getEstimatedUserAccessForObject($object_id, $user_id);
                     }
                 }
             }
             $res->close();
         }
     }
     /* end of iterate the full set of access credentials(users and/or groups) and estimate access for every user including everyone group */
     /* update set in database */
     $res = DB\dbQuery('DELETE
         FROM tree_acl_security_sets_result
         WHERE security_set_id = $1
             and (ISNULL($2) OR ($2 = user_id))', array($set_id, $updatingUser ? $onlyForUserId : null)) or die(DB\dbQueryError());
     $sql = 'INSERT INTO tree_acl_security_sets_result
             (security_set_id
             ,user_id
             ,bit0
             ,bit1
             ,bit2
             ,bit3
             ,bit4
             ,bit5
             ,bit6
             ,bit7
             ,bit8
             ,bit9
             ,bit10
             ,bit11)
         VALUES ($1
             ,$2
             ,$3
             ,$4
             ,$5
             ,$6
             ,$7
             ,$8
             ,$9
             ,$10
             ,$11
             ,$12
             ,$13
             ,$14)';
     foreach ($users as $user_id => $access) {
         $params = array($set_id, $user_id);
         for ($i = 0; $i < sizeof($access[0]); $i++) {
             $params[] = empty($access[1][$i]) && $access[0][$i] > 0 ? 1 : 0;
         }
         $res = DB\dbQuery($sql, $params) or die(DB\dbQueryError());
     }
     $res = DB\dbQuery('UPDATE tree_acl_security_sets
         SET updated = 0
         WHERE id = $1', $set_id) or die(DB\dbQueryError());
     /* end of update set in database */
 }