/** * Constructs sql restriction based on permission specified and fills list of used sql params to be bind in prepared * statement * * @param string $permission permission value (VIEW, EDIT, etc) * @param array &$valuesForBind list of params to be bind * * @return string */ private function getPermissionSqlRestriction($permission, &$valuesForBind) { if (!$this->permissionMap->contains($permission)) { throw new InvalidArgumentException(sprintf('There is no masks in permission map for specified permission "%s"', $permission)); } // Hack to omit mandatory object parameter which is not necessary $requiredMasks = $this->permissionMap->getMasks($permission, new \StdClass()); $maskSqlParams = []; // filling values for bind with mask params and prepare mask params array foreach ($requiredMasks as $maskKey => $mask) { $maskParam = "mask" . $maskKey; $maskSqlParams[$maskKey] = $maskParam; $valuesForBind[$maskParam] = ['value' => $mask, 'type' => PDO::PARAM_INT]; } $strategyMasksSqlRestrictions = []; foreach (static::$permissionStrategyCheckPatterns as $strategyKey => $pattern) { $strategyMasksSqlRestrictions[$strategyKey] = []; foreach ($requiredMasks as $maskKey => $mask) { $strategyMasksSqlRestrictions[$strategyKey][] = str_replace("%MASK_PARAM%", $maskSqlParams[$maskKey], $pattern); } } $strategySqlRestrictions = []; foreach ($strategyMasksSqlRestrictions as $strategyKey => $restrictions) { $strategySqlRestrictions[] = sprintf('(e.granting_strategy = "%s" AND (%s))', $strategyKey, implode(" OR ", $restrictions)); } $permissionSqlRestriction = sprintf('WHERE e.granting = 1 AND (%s)', implode(" OR ", $strategySqlRestrictions)); return $permissionSqlRestriction; }
/** * Resolves any variation of masks/permissions to an integer. * * @param string|int|array $masks * * @return type */ private function resolveMask($masks, $object) { $integerMask = 0; if (is_integer($masks)) { $integerMask = $masks; } elseif (is_string($masks)) { $permission = $this->permissionMap->getMasks($masks, $object); $integerMask = $this->resolveMask($permission, $object); } elseif (is_array($masks)) { foreach ($masks as $mask) { $integerMask += $this->resolveMask($mask, $object); } } else { throw new \RuntimeException('Not a valid mask type'); } return $integerMask; }
/** * {@inheritdoc} */ public function getMasks($permission, $object) { return $this->permissionMap->getMasks($permission, $object); }