|
|
@@ -597,12 +597,12 @@ class UserRightsProfile extends UserRightsAddOnAPI
|
|
|
}
|
|
|
|
|
|
|
|
|
- protected $m_aAdmins; // id of users being linked to the well-known admin profile
|
|
|
- protected $m_aPortalUsers; // id of users being linked to the well-known admin profile
|
|
|
+ protected $m_aAdmins = array(); // id -> bool, true if the user has the well-known admin profile
|
|
|
+ protected $m_aPortalUsers = array(); // id -> bool, true if the user has the well-known portal user profile
|
|
|
|
|
|
protected $m_aProfiles; // id -> object
|
|
|
- protected $m_aUserProfiles; // userid,profileid -> object
|
|
|
- protected $m_aUserOrgs; // userid -> orgid
|
|
|
+ protected $m_aUserProfiles = array(); // userid,profileid -> object
|
|
|
+ protected $m_aUserOrgs = array(); // userid -> array of orgid
|
|
|
|
|
|
// Those arrays could be completed on demand (inheriting parent permissions)
|
|
|
protected $m_aClassActionGrants = null; // profile, class, action -> actiongrantid (or false if NO, or null/missing if undefined)
|
|
|
@@ -611,20 +611,76 @@ class UserRightsProfile extends UserRightsAddOnAPI
|
|
|
// Built on demand, could be optimized if necessary (doing a query for each attribute that needs to be read)
|
|
|
protected $m_aObjectActionGrants = array();
|
|
|
|
|
|
- protected function GetUserOrgs($oUser, $sClass)
|
|
|
+ /**
|
|
|
+ * Read and cache organizations allowed to the given user
|
|
|
+ */
|
|
|
+ protected function GetUserOrgs($iUser)
|
|
|
{
|
|
|
- return @$this->m_aUserOrgs[$oUser->GetKey()];
|
|
|
+ if (!array_key_exists($iUser, $this->m_aUserOrgs))
|
|
|
+ {
|
|
|
+ $this->m_aUserOrgs[$iUser] = array();
|
|
|
+
|
|
|
+ $sHierarchicalKeyCode = MetaModel::IsHierarchicalClass('Organization');
|
|
|
+ if ($sHierarchicalKeyCode !== false)
|
|
|
+ {
|
|
|
+ $sUserOrgQuery = 'SELECT UserOrg, Org FROM Organization AS Org JOIN Organization AS Root ON Org.'.$sHierarchicalKeyCode.' BELOW Root.id JOIN URP_UserOrg AS UserOrg ON UserOrg.allowed_org_id = Root.id WHERE UserOrg.userid = :userid';
|
|
|
+ $oUserOrgSet = new DBObjectSet(DBObjectSearch::FromOQL_AllData($sUserOrgQuery), array(), array('userid' => $iUser));
|
|
|
+ while ($aRow = $oUserOrgSet->FetchAssoc())
|
|
|
+ {
|
|
|
+ $oUserOrg = $aRow['UserOrg'];
|
|
|
+ $oOrg = $aRow['Org'];
|
|
|
+ $this->m_aUserOrgs[$iUser][] = $oOrg->GetKey();
|
|
|
+ }
|
|
|
+ }
|
|
|
+ else
|
|
|
+ {
|
|
|
+ $oSearch = new DBObjectSearch('URP_UserOrg');
|
|
|
+ $oSearch->AllowAllData();
|
|
|
+ $oCondition = new BinaryExpression(new FieldExpression('userid'), '=', new VariableExpression('userid'));
|
|
|
+ $oSearch->AddConditionExpression($oCondition);
|
|
|
+
|
|
|
+ $oUserOrgSet = new DBObjectSet($oSearch, array(), array('userid' => $iUser));
|
|
|
+ while ($oUserOrg = $oUserOrgSet->Fetch())
|
|
|
+ {
|
|
|
+ $this->m_aUserOrgs[$iUser][] = $oUserOrg->Get('allowed_org_id');
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ return $this->m_aUserOrgs[$iUser];
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * Read and cache profiles of the given user
|
|
|
+ */
|
|
|
+ protected function GetUserProfiles($iUser)
|
|
|
+ {
|
|
|
+ if (!array_key_exists($iUser, $this->m_aUserProfiles))
|
|
|
+ {
|
|
|
+ $oSearch = new DBObjectSearch('URP_UserProfile');
|
|
|
+ $oSearch->AllowAllData();
|
|
|
+ $oCondition = new BinaryExpression(new FieldExpression('userid'), '=', new VariableExpression('userid'));
|
|
|
+ $oSearch->AddConditionExpression($oCondition);
|
|
|
+
|
|
|
+ $this->m_aUserProfiles[$iUser] = array();
|
|
|
+ $oUserProfileSet = new DBObjectSet($oSearch, array(), array('userid' => $iUser));
|
|
|
+ while ($oUserProfile = $oUserProfileSet->Fetch())
|
|
|
+ {
|
|
|
+ $this->m_aUserProfiles[$iUser][$oUserProfile->Get('profileid')] = $oUserProfile;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ return $this->m_aUserProfiles[$iUser];
|
|
|
+
|
|
|
}
|
|
|
|
|
|
public function ResetCache()
|
|
|
{
|
|
|
// Loaded by Load cache
|
|
|
$this->m_aProfiles = null;
|
|
|
- $this->m_aUserProfiles = null;
|
|
|
- $this->m_aUserOrgs = null;
|
|
|
+ $this->m_aUserProfiles = array();
|
|
|
+ $this->m_aUserOrgs = array();
|
|
|
|
|
|
- $this->m_aAdmins = null;
|
|
|
- $this->m_aPortalUsers = null;
|
|
|
+ $this->m_aAdmins = array();
|
|
|
+ $this->m_aPortalUsers = array();
|
|
|
|
|
|
// Loaded on demand (time consuming as compared to the others)
|
|
|
$this->m_aClassActionGrants = null;
|
|
|
@@ -671,46 +727,6 @@ class UserRightsProfile extends UserRightsAddOnAPI
|
|
|
$this->m_aProfiles[$oProfile->GetKey()] = $oProfile;
|
|
|
}
|
|
|
|
|
|
- $oUserProfileSet = new DBObjectSet(DBObjectSearch::FromOQL_AllData("SELECT URP_UserProfile"));
|
|
|
- $this->m_aUserProfiles = array();
|
|
|
- $this->m_aAdmins = array();
|
|
|
- $this->m_aPortalUsers = array();
|
|
|
- while ($oUserProfile = $oUserProfileSet->Fetch())
|
|
|
- {
|
|
|
- $this->m_aUserProfiles[$oUserProfile->Get('userid')][$oUserProfile->Get('profileid')] = $oUserProfile;
|
|
|
- if ($oUserProfile->Get('profile') == ADMIN_PROFILE_NAME)
|
|
|
- {
|
|
|
- $this->m_aAdmins[] = $oUserProfile->Get('userid');
|
|
|
- }
|
|
|
- elseif ($oUserProfile->Get('profile') == PORTAL_PROFILE_NAME)
|
|
|
- {
|
|
|
- $this->m_aPortalUsers[] = $oUserProfile->Get('userid');
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- $this->m_aUserOrgs = array();
|
|
|
-
|
|
|
- $sHierarchicalKeyCode = MetaModel::IsHierarchicalClass('Organization');
|
|
|
- if ($sHierarchicalKeyCode !== false)
|
|
|
- {
|
|
|
- $sUserOrgQuery = 'SELECT UserOrg, Org FROM Organization AS Org JOIN Organization AS Root ON Org.'.$sHierarchicalKeyCode.' BELOW Root.id JOIN URP_UserOrg AS UserOrg ON UserOrg.allowed_org_id = Root.id';
|
|
|
- $oUserOrgSet = new DBObjectSet(DBObjectSearch::FromOQL_AllData($sUserOrgQuery));
|
|
|
- while ($aRow = $oUserOrgSet->FetchAssoc())
|
|
|
- {
|
|
|
- $oUserOrg = $aRow['UserOrg'];
|
|
|
- $oOrg = $aRow['Org'];
|
|
|
- $this->m_aUserOrgs[$oUserOrg->Get('userid')][] = $oOrg->GetKey();
|
|
|
- }
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- $oUserOrgSet = new DBObjectSet(DBObjectSearch::FromOQL_AllData("SELECT URP_UserOrg"));
|
|
|
- while ($oUserOrg = $oUserOrgSet->Fetch())
|
|
|
- {
|
|
|
- $this->m_aUserOrgs[$oUserOrg->Get('userid')][] = $oUserOrg->Get('allowed_org_id');
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
$this->m_aClassStimulusGrants = array();
|
|
|
$oStimGrantSet = new DBObjectSet(DBObjectSearch::FromOQL_AllData("SELECT URP_StimulusGrant"));
|
|
|
$this->m_aStimGrants = array();
|
|
|
@@ -737,30 +753,42 @@ exit;
|
|
|
|
|
|
public function IsAdministrator($oUser)
|
|
|
{
|
|
|
- $this->LoadCache();
|
|
|
-
|
|
|
- if (in_array($oUser->GetKey(), $this->m_aAdmins))
|
|
|
+ //$this->LoadCache();
|
|
|
+ $iUser = $oUser->GetKey();
|
|
|
+ if (!array_key_exists($iUser, $this->m_aAdmins))
|
|
|
{
|
|
|
- return true;
|
|
|
- }
|
|
|
- else
|
|
|
+ $bIsAdmin = false;
|
|
|
+ foreach($this->GetUserProfiles($iUser) as $oUserProfile)
|
|
|
{
|
|
|
- return false;
|
|
|
+ if ($oUserProfile->Get('profile') == ADMIN_PROFILE_NAME)
|
|
|
+ {
|
|
|
+ $bIsAdmin = true;
|
|
|
+ break;
|
|
|
}
|
|
|
}
|
|
|
+ $this->m_aAdmins[$iUser] = $bIsAdmin;
|
|
|
+ }
|
|
|
+ return $this->m_aAdmins[$iUser];
|
|
|
+ }
|
|
|
|
|
|
public function IsPortalUser($oUser)
|
|
|
{
|
|
|
- $this->LoadCache();
|
|
|
-
|
|
|
- if (in_array($oUser->GetKey(), $this->m_aPortalUsers))
|
|
|
+ //$this->LoadCache();
|
|
|
+ $iUser = $oUser->GetKey();
|
|
|
+ if (!array_key_exists($iUser, $this->m_aPortalUsers))
|
|
|
{
|
|
|
- return true;
|
|
|
- }
|
|
|
- else
|
|
|
+ $bIsPortalUser = false;
|
|
|
+ foreach($this->GetUserProfiles($iUser) as $oUserProfile)
|
|
|
{
|
|
|
- return false;
|
|
|
+ if ($oUserProfile->Get('profile') == PORTAL_PROFILE_NAME)
|
|
|
+ {
|
|
|
+ $bIsPortalUser = true;
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ $this->m_aPortalUsers[$iUser] = $bIsPortalUser;
|
|
|
}
|
|
|
+ return $this->m_aPortalUsers[$iUser];
|
|
|
}
|
|
|
|
|
|
public function GetSelectFilter($oUser, $sClass, $aSettings = array())
|
|
|
@@ -783,10 +811,10 @@ exit;
|
|
|
}
|
|
|
// Position the user
|
|
|
//
|
|
|
- $aUserOrgs = $this->GetUserOrgs($oUser, $sClass);
|
|
|
- if (is_null($aUserOrgs) || count($aUserOrgs) == 0)
|
|
|
+ $aUserOrgs = $this->GetUserOrgs($oUser->GetKey());
|
|
|
+ if (count($aUserOrgs) == 0)
|
|
|
{
|
|
|
- // No position means 'Everywhere'
|
|
|
+ // No org means 'any org'
|
|
|
return true;
|
|
|
}
|
|
|
|
|
|
@@ -898,10 +926,8 @@ exit;
|
|
|
|
|
|
$iPermission = UR_ALLOWED_NO;
|
|
|
$aAttributes = array();
|
|
|
- if (isset($this->m_aUserProfiles[$iUser]))
|
|
|
+ foreach($this->GetUserProfiles($iUser) as $iProfile => $oProfile)
|
|
|
{
|
|
|
- foreach($this->m_aUserProfiles[$iUser] as $iProfile => $oProfile)
|
|
|
- {
|
|
|
$iGrant = $this->GetProfileActionGrant($iProfile, $sClass, $sAction);
|
|
|
if (is_null($iGrant) || !$iGrant)
|
|
|
{
|
|
|
@@ -910,7 +936,7 @@ exit;
|
|
|
else
|
|
|
{
|
|
|
$iPermission = UR_ALLOWED_YES;
|
|
|
-
|
|
|
+
|
|
|
// update the list of attributes with those allowed for this profile
|
|
|
//
|
|
|
$oSearch = DBObjectSearch::FromOQL_AllData("SELECT URP_AttributeGrant WHERE actiongrantid = :actiongrantid");
|
|
|
@@ -927,7 +953,6 @@ exit;
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
- }
|
|
|
|
|
|
$aRes = array(
|
|
|
'permission' => $iPermission,
|
|
|
@@ -1055,10 +1080,8 @@ exit;
|
|
|
// Note: The object set is ignored because it was interesting to optimize for huge data sets
|
|
|
// and acceptable to consider only the root class of the object set
|
|
|
$iPermission = UR_ALLOWED_NO;
|
|
|
- if (isset($this->m_aUserProfiles[$iUser]))
|
|
|
+ foreach($this->GetUserProfiles($iUser) as $iProfile => $oProfile)
|
|
|
{
|
|
|
- foreach($this->m_aUserProfiles[$iUser] as $iProfile => $oProfile)
|
|
|
- {
|
|
|
$oGrantRecord = $this->GetClassStimulusGrant($iProfile, $sClass, $sStimulusCode);
|
|
|
if (!is_null($oGrantRecord))
|
|
|
{
|
|
|
@@ -1066,7 +1089,6 @@ exit;
|
|
|
$iPermission = UR_ALLOWED_YES;
|
|
|
}
|
|
|
}
|
|
|
- }
|
|
|
return $iPermission;
|
|
|
}
|
|
|
|
romainq