/**
* (non-PHPdoc)
* @see \oat\generis\model\data\PermissionInterface::getPermissions()
*/
public function getPermissions(User $user, array $resourceIds)
{
if (in_array(INSTANCE_ROLE_SYSADMIN, $user->getRoles())) {
$permissions = array();
foreach ($resourceIds as $id) {
$permissions[$id] = $this->getSupportedRights();
}
return $permissions;
}
$dbAccess = new DataBaseAccess();
$userIds = $user->getRoles();
$userIds[] = $user->getIdentifier();
return $dbAccess->getPermissions($userIds, $resourceIds);
}
/**
* (non-PHPdoc)
* @see \oat\tao\model\accessControl\func\FuncAccessControl::accessPossible()
*/
public function accessPossible(User $user, $controller, $action)
{
$isUser = false;
foreach ($user->getRoles() as $role) {
if ($role == INSTANCE_ROLE_BASEUSER) {
$isUser = true;
break;
}
}
return $isUser || $this->inWhiteList($controller, $action);
}
/**
* (non-PHPdoc)
* @see \oat\tao\model\accessControl\func\FuncAccessControl::accessPossible()
*/
public function accessPossible(User $user, $controller, $action)
{
$userRoles = $user->getRoles();
try {
$controllerAccess = funcAcl_helpers_Cache::getControllerAccess($controller);
$allowedRoles = isset($controllerAccess['actions'][$action]) ? array_merge($controllerAccess['module'], $controllerAccess['actions'][$action]) : $controllerAccess['module'];
$accessAllowed = count(array_intersect($userRoles, $allowedRoles)) > 0;
if (!$accessAllowed) {
common_Logger::i('Access denied to ' . $controller . '@' . $action . ' for user \'' . $user->getIdentifier() . '\'');
}
} catch (ReflectionException $e) {
common_Logger::i('Unknown controller ' . $controller);
$accessAllowed = false;
}
return (bool) $accessAllowed;
}
