本文整理汇总了PHP中ca_users::getUserGroups方法的典型用法代码示例。如果您正苦于以下问题:PHP ca_users::getUserGroups方法的具体用法?PHP ca_users::getUserGroups怎么用?PHP ca_users::getUserGroups使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类ca_users的用法示例。
在下文中一共展示了ca_users::getUserGroups方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: getRelatedItems
//.........这里部分代码省略.........
$va_rel_types = array_merge($va_rel_types, $va_children);
}
}
}
if (sizeof($va_rel_types)) {
$va_wheres[] = '(' . $vs_linking_table . '.type_id NOT IN (' . join(',', $va_rel_types) . '))';
}
}
}
}
// limit related items to a specific type
$va_type_ids = caMergeTypeRestrictionLists($t_rel_item, $pa_options);
if (is_array($va_type_ids) && sizeof($va_type_ids) > 0) {
$va_wheres[] = "({$vs_related_table}.type_id IN (" . join(',', $va_type_ids) . ')' . ($t_rel_item->getFieldInfo('type_id', 'IS_NULL') ? " OR ({$vs_related_table}.type_id IS NULL)" : '') . ')';
}
$va_source_ids = caMergeSourceRestrictionLists($t_rel_item, $pa_options);
if (method_exists($t_rel_item, "getSourceFieldName") && ($vs_source_id_fld = $t_rel_item->getSourceFieldName()) && is_array($va_source_ids) && sizeof($va_source_ids) > 0) {
$va_wheres[] = "({$vs_related_table}.{$vs_source_id_fld} IN (" . join(',', $va_source_ids) . "))";
}
if (isset($pa_options['excludeType']) && $pa_options['excludeType']) {
if (!isset($pa_options['excludeTypes']) || !is_array($pa_options['excludeTypes'])) {
$pa_options['excludeTypes'] = array();
}
$pa_options['excludeTypes'][] = $pa_options['excludeType'];
}
if (isset($pa_options['excludeTypes']) && is_array($pa_options['excludeTypes'])) {
$va_type_ids = caMakeTypeIDList($vs_related_table, $pa_options['excludeTypes']);
if (is_array($va_type_ids) && sizeof($va_type_ids) > 0) {
$va_wheres[] = "({$vs_related_table}.type_id NOT IN (" . join(',', $va_type_ids) . "))";
}
}
if ($this->getAppConfig()->get('perform_item_level_access_checking')) {
$t_user = new ca_users($vn_user_id, true);
if (is_array($va_groups = $t_user->getUserGroups()) && sizeof($va_groups)) {
$va_group_ids = array_keys($va_groups);
} else {
$va_group_ids = array();
}
// Join to limit what browse table items are used to generate facet
$va_joins_post_add[] = 'LEFT JOIN ca_acl ON ' . $vs_related_table_name . '.' . $t_rel_item->primaryKey() . ' = ca_acl.row_id AND ca_acl.table_num = ' . $t_rel_item->tableNum() . "\n";
$va_wheres[] = "(\n\t\t\t\t((\n\t\t\t\t\t(ca_acl.user_id = " . (int) $vn_user_id . ")\n\t\t\t\t\t" . (sizeof($va_group_ids) > 0 ? "OR\n\t\t\t\t\t(ca_acl.group_id IN (" . join(",", $va_group_ids) . "))" : "") . "\n\t\t\t\t\tOR\n\t\t\t\t\t(ca_acl.user_id IS NULL and ca_acl.group_id IS NULL)\n\t\t\t\t) AND ca_acl.access >= " . __CA_ACL_READONLY_ACCESS__ . ")\n\t\t\t\t" . ($vb_show_if_no_acl ? "OR ca_acl.acl_id IS NULL" : "") . "\n\t\t\t)";
}
if (is_array($va_get_where)) {
foreach ($va_get_where as $vs_fld => $vm_val) {
if ($t_rel_item->hasField($vs_fld)) {
$va_wheres[] = "({$vs_related_table_name}.{$vs_fld} = " . (!is_numeric($vm_val) ? "'" . $this->getDb()->escape($vm_val) . "'" : $vm_val) . ")";
}
}
}
if ($vs_idno_fld = $t_rel_item->getProperty('ID_NUMBERING_ID_FIELD')) {
$va_selects[] = "{$vs_related_table}.{$vs_idno_fld}";
}
if ($vs_idno_sort_fld = $t_rel_item->getProperty('ID_NUMBERING_SORT_FIELD')) {
$va_selects[] = "{$vs_related_table}.{$vs_idno_sort_fld}";
}
$va_selects[] = $va_path[1] . '.' . $vs_key;
if (isset($pa_options['fields']) && is_array($pa_options['fields'])) {
$va_selects = array_merge($va_selects, $pa_options['fields']);
}
// if related item is labelable then include the label table in the query as well
$vs_label_display_field = null;
if (method_exists($t_rel_item, "getLabelTableName") && (!isset($pa_options['dontReturnLabels']) || !$pa_options['dontReturnLabels'])) {
if ($vs_label_table_name = $t_rel_item->getLabelTableName()) {
// make sure it actually has a label table...
$va_path[] = $vs_label_table_name;
$t_rel_item_label = $this->getAppDatamodel()->getTableInstance($vs_label_table_name);示例2: filterHitsByACL
/**
* @param $pa_hits Array of row_ids to filter. *MUST HAVE row_ids AS KEYS, NOT VALUES*
*/
public function filterHitsByACL($pa_hits, $pn_user_id, $pn_access = __CA_ACL_READONLY_ACCESS__, $pa_options = null)
{
if (!sizeof($pa_hits)) {
return $pa_hits;
}
if (!(int) $pn_user_id) {
$pn_user_id = 0;
}
if (!($t_table = $this->opo_datamodel->getInstanceByTableNum($this->opn_tablenum, true))) {
return $pa_hits;
}
$vs_search_tmp_table = $this->loadListIntoTemporaryResultTable($pa_hits, md5(isset($pa_options['search']) ? $pa_options['search'] : rand(0, 1000000)));
$vs_table_name = $t_table->tableName();
$vs_table_pk = $t_table->primaryKey();
$t_user = new ca_users($pn_user_id);
if (is_array($va_groups = $t_user->getUserGroups()) && sizeof($va_groups)) {
$va_group_ids = array_keys($va_groups);
$vs_group_sql = '
OR
(ca_acl.group_id IN (?))';
$va_params = array((int) $this->opn_tablenum, (int) $pn_user_id, $va_group_ids, (int) $pn_access);
} else {
$va_group_ids = null;
$vs_group_sql = '';
$va_params = array((int) $this->opn_tablenum, (int) $pn_user_id, (int) $pn_access);
}
$va_hits = array();
if ($pn_access <= $this->opo_app_config->get('default_item_access_level')) {
// Requested access is more restrictive than default access (so return items with default ACL)
// Find records that have ACL that matches
$qr_sort = $this->opo_db->query("\n\t\t\t\t\tSELECT ca_acl.row_id\n\t\t\t\t\tFROM ca_acl\n\t\t\t\t\tINNER JOIN {$vs_search_tmp_table} ON {$vs_search_tmp_table}.row_id = ca_acl.row_id\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t(ca_acl.table_num = ?)\n\t\t\t\t\t\tAND\n\t\t\t\t\t\t(\n\t\t\t\t\t\t\t(ca_acl.user_id = ?)\n\t\t\t\t\t\t\t{$vs_group_sql}\n\t\t\t\t\t\t\tOR \n\t\t\t\t\t\t\t(ca_acl.user_id IS NULL AND ca_acl.group_id IS NULL)\n\t\t\t\t\t\t)\n\t\t\t\t\t\tAND\n\t\t\t\t\t\t(ca_acl.access >= ?)\n\t\t\t\t", $va_params);
while ($qr_sort->nextRow()) {
$va_row = $qr_sort->getRow();
$va_hits[$va_row['row_id']] = true;
}
// Find records with default ACL
$qr_sort = $this->opo_db->query("\n\t\t\t\t\tSELECT {$vs_search_tmp_table}.row_id\n\t\t\t\t\tFROM {$vs_search_tmp_table}\n\t\t\t\t\tLEFT OUTER JOIN ca_acl ON {$vs_search_tmp_table}.row_id = ca_acl.row_id AND ca_acl.table_num = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tca_acl.row_id IS NULL;\n\t\t\t\t", array((int) $this->opn_tablenum));
while ($qr_sort->nextRow()) {
$va_row = $qr_sort->getRow();
$va_hits[$va_row['row_id']] = true;
}
} else {
// Default access is more restrictive than requested access (so *don't* return items with default ACL)
// Find records that have ACL that matches
$qr_sort = $this->opo_db->query("\n\t\t\t\t\tSELECT ca_acl.row_id\n\t\t\t\t\tFROM ca_acl\n\t\t\t\t\tINNER JOIN {$vs_search_tmp_table} ON {$vs_search_tmp_table}.row_id = ca_acl.row_id\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t(ca_acl.table_num = ?)\n\t\t\t\t\t\tAND\n\t\t\t\t\t\t(\n\t\t\t\t\t\t\t(ca_acl.user_id = ?)\n\t\t\t\t\t\t\t{$vs_group_sql}\n\t\t\t\t\t\t\tOR \n\t\t\t\t\t\t\t(ca_acl.user_id IS NULL AND ca_acl.group_id IS NULL)\n\t\t\t\t\t\t)\n\t\t\t\t\t\tAND\n\t\t\t\t\t\t(ca_acl.access >= ?)\n\t\t\t\t", $va_params);
while ($qr_sort->nextRow()) {
$va_row = $qr_sort->getRow();
$va_hits[$va_row['row_id']] = true;
}
}
$this->cleanupTemporaryResultTable();
return $va_hits;
}示例3: getFacetContent
/**
* Return list of items from the specified table that are related to the current browse set. This is the method that actually
* pulls the facet content, regardless of whether the facet is cached yet or not. If you want to use the facet cache, call
* BrowseEngine::getFacet()
*
* @see BrowseEngine::getFacet()
* Options:
* checkAccess = array of access values to filter facets that have an 'access' field by
* checkAvailabilityOnly = if true then content is not actually fetch - only the availablility of content is verified
* user_id = If set item level access control is performed relative to specified user_id, otherwise defaults to logged in user
*/
public function getFacetContent($ps_facet_name, $pa_options = null)
{
global $AUTH_CURRENT_USER_ID;
$vs_browse_table_name = $this->ops_browse_table_name;
$vs_browse_table_num = $this->opn_browse_table_num;
$vn_user_id = isset($pa_options['user_id']) && (int) $pa_options['user_id'] ? (int) $pa_options['user_id'] : (int) $AUTH_CURRENT_USER_ID;
$vb_show_if_no_acl = (bool) ($this->opo_config->get('default_item_access_level') > __CA_ACL_NO_ACCESS__);
$t_user = new ca_users($vn_user_id);
if (is_array($va_groups = $t_user->getUserGroups()) && sizeof($va_groups)) {
$va_group_ids = array_keys($va_groups);
} else {
$va_group_ids = array();
}
if (!is_array($this->opa_browse_settings)) {
return null;
}
if (!isset($this->opa_browse_settings['facets'][$ps_facet_name])) {
return null;
}
if (!is_array($pa_options)) {
$pa_options = array();
}
$vb_check_availability_only = isset($pa_options['checkAvailabilityOnly']) ? (bool) $pa_options['checkAvailabilityOnly'] : false;
$va_all_criteria = $this->getCriteria();
$va_criteria = $this->getCriteria($ps_facet_name);
$va_facet_info = $this->opa_browse_settings['facets'][$ps_facet_name];
$t_subject = $this->getSubjectInstance();
if ($va_facet_info['relative_to']) {
$vs_browse_table_name = $va_facet_info['relative_to'];
$vs_browse_table_num = $this->opo_datamodel->getTableNum($vs_browse_table_name);
}
$vs_browse_type_limit_sql = '';
if (($va_browse_type_ids = $this->getTypeRestrictionList()) && sizeof($va_browse_type_ids)) {
// type restrictions
$vs_browse_type_limit_sql = '(' . $t_subject->tableName() . '.' . $t_subject->getTypeFieldName() . ' IN (' . join(', ', $va_browse_type_ids) . ')' . ($t_subject->getFieldInfo('type_id', 'IS_NULL') ? " OR (" . $this->ops_browse_table_name . '.' . $t_subject->getTypeFieldName() . " IS NULL)" : '') . ')';
if (is_array($va_facet_info['type_restrictions'])) {
// facet type restrictions bind a facet to specific types; we check them here
$va_restrict_to_types = $this->_convertTypeCodesToIDs($va_facet_info['type_restrictions']);
$vb_is_ok_to_browse = false;
foreach ($va_browse_type_ids as $vn_type_id) {
if (in_array($vn_type_id, $va_restrict_to_types)) {
$vb_is_ok_to_browse = true;
break;
}
}
if (!$vb_is_ok_to_browse) {
return array();
}
}
}
// Values to exclude from list attributes and authorities; can be idnos or ids
$va_exclude_values = caGetOption('exclude_values', $va_facet_info, array(), array('castTo' => 'array'));
$va_results = $this->opo_ca_browse_cache->getResults();
$vb_single_value_is_present = false;
$vs_single_value = isset($va_facet_info['single_value']) ? $va_facet_info['single_value'] : null;
$va_wheres = array();
switch ($va_facet_info['type']) {
# -----------------------------------------------------
case 'has':
$vn_state = null;
if (isset($va_all_criteria[$ps_facet_name])) {
break;
}
// only one instance of this facet allowed per browse
if (!($t_item = $this->opo_datamodel->getInstanceByTableName($vs_browse_table_name, true))) {
break;
}
$vs_yes_text = isset($va_facet_info['label_yes']) && $va_facet_info['label_yes'] ? $va_facet_info['label_yes'] : _t('Yes');
$vs_no_text = isset($va_facet_info['label_no']) && $va_facet_info['label_no'] ? $va_facet_info['label_no'] : _t('No');
$va_facet_values = array('yes' => array('id' => 1, 'label' => $vs_yes_text), 'no' => array('id' => 0, 'label' => $vs_no_text));
// Actually check that both yes and no values will result in something
if ($va_facet_info['element_code']) {
$t_element = new ca_metadata_elements();
if (!$t_element->load(array('element_code' => $va_facet_info['element_code']))) {
break;
}
$vs_element_code = $va_facet_info['element_code'];
$va_facet = array();
$va_counts = array();
foreach ($va_facet_values as $vs_state_name => $va_state_info) {
$va_wheres = array();
$va_joins = array();
if (!(bool) $va_state_info['id']) {
// no option
$va_wheres[] = $this->ops_browse_table_name . '.' . $t_item->primaryKey() . " NOT IN (select row_id from ca_attributes where table_num = " . $t_item->tableNum() . " AND element_id = " . $t_element->getPrimaryKey() . ")";
} else {
// yes option
$va_joins[] = "LEFT JOIN ca_attributes AS caa ON " . $this->ops_browse_table_name . '.' . $t_item->primaryKey() . " = caa.row_id AND " . $t_item->tableNum() . " = caa.table_num";
$va_wheres[] = "caa.element_id = " . $t_element->getPrimaryKey();
//.........这里部分代码省略.........
示例4: accessForRow
/**
* Checks access control list for the specified row and user and returns an access value. Values are:
*
* __CA_ACL_NO_ACCESS__ (0)
* __CA_ACL_READONLY_ACCESS__ (1)
* __CA_ACL_EDIT_ACCESS__ (2)
* __CA_ACL_EDIT_DELETE_ACCESS__ (3)
*
* @param ca_users $t_user A ca_users object
* @param int $pn_table_num The table number for the row to check
* @param int $pn_row_id The primary key value for the row to check.
* @return int An access value
*/
public static function accessForRow($t_user, $pn_table_num, $pn_row_id)
{
if (!is_object($t_user)) {
$t_user = new ca_users();
}
$o_db = new Db();
$vn_user_id = (int) $t_user->getPrimaryKey();
if (isset(ca_acl::$s_acl_access_value_cache[$vn_user_id][$pn_table_num][$pn_row_id])) {
return ca_acl::$s_acl_access_value_cache[$vn_user_id][$pn_table_num][$pn_row_id];
}
$vn_access = null;
// try to load ACL for user
if ($vn_user_id) {
$qr_res = $o_db->query("\n\t\t\t\tSELECT max(access) a\n\t\t\t\tFROM ca_acl\n\t\t\t\tWHERE\n\t\t\t\t\ttable_num = ? AND row_id = ? AND user_id = ?\n\t\t\t\t\t\n\t\t\t", (int) $pn_table_num, (int) $pn_row_id, $vn_user_id);
if ($qr_res->nextRow()) {
if (strlen($vs_access = $qr_res->get('a'))) {
$vn_access = (int) $vs_access;
if ($vn_access >= __CA_ACL_EDIT_DELETE_ACCESS__) {
return ca_acl::$s_acl_access_value_cache[$vn_user_id][$pn_table_num][$pn_row_id] = $vn_access;
}
// max access found so just return
}
}
// user group acls
$va_groups = $t_user->getUserGroups();
if (is_array($va_groups)) {
$va_group_ids = array_keys($va_groups);
if (is_array($va_group_ids) && sizeof($va_group_ids) > 0) {
$qr_res = $o_db->query("\n\t\t\t\t\t\tSELECT max(access) a \n\t\t\t\t\t\tFROM ca_acl\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\ttable_num = ? AND row_id = ? AND group_id IN (?)\n\t\t\t\t\t\t\t\n\t\t\t\t\t", (int) $pn_table_num, (int) $pn_row_id, $va_group_ids);
if ($qr_res->nextRow()) {
if (strlen($vs_access = $qr_res->get('a'))) {
$vn_acl_access = (int) $vs_access;
if ($vn_acl_access >= $vn_access) {
$vn_access = $vn_acl_access;
}
if ($vn_access >= __CA_ACL_EDIT_DELETE_ACCESS__) {
return ca_acl::$s_acl_access_value_cache[$vn_user_id][$pn_table_num][$pn_row_id] = $vn_access;
}
// max access found so just return
}
}
}
}
// exceptions trump global access and the config setting so if we found some ACLs for either
// the user or one of their groups, we use the maximum access value from that list of ACLs
if (!is_null($vn_access)) {
return $vn_access;
}
}
// If no valid exceptions found, get world access for this item
$qr_res = $o_db->query("\n\t\t\tSELECT max(access) a \n\t\t\tFROM ca_acl\n\t\t\tWHERE\n\t\t\t\ttable_num = ? AND row_id = ? AND group_id IS NULL AND user_id IS NULL\n\t\t\t\t\n\t\t", (int) $pn_table_num, (int) $pn_row_id);
if ($qr_res->nextRow()) {
if (strlen($vs_access = $qr_res->get('a')) && (int) $vs_access >= $vn_access) {
return ca_acl::$s_acl_access_value_cache[$vn_user_id][$pn_table_num][$pn_row_id] = (int) $vs_access;
}
}
if (!is_null($vn_access)) {
return ca_acl::$s_acl_access_value_cache[$vn_user_id][$pn_table_num][$pn_row_id] = $vn_access;
}
// If no valid ACL exists return default from config
$o_config = Configuration::load();
return ca_acl::$s_acl_access_value_cache[$vn_user_id][$pn_table_num][$pn_row_id] = (int) $o_config->get('default_item_access_level');
}示例5: getSetsForUser
public function getSetsForUser($pa_options)
{
if (!is_array($pa_options)) {
$pa_options = array();
}
$pn_user_id = isset($pa_options['user_id']) ? (int) $pa_options['user_id'] : null;
$pm_table_name_or_num = isset($pa_options['table']) ? $pa_options['table'] : null;
if ($pm_table_name_or_num && !($vn_table_num = $this->_getTableNum($pm_table_name_or_num))) {
return null;
}
$pm_type = isset($pa_options['setType']) ? $pa_options['setType'] : null;
$pn_access = isset($pa_options['access']) ? $pa_options['access'] : null;
$pa_public_access = isset($pa_options['checkAccess']) ? $pa_options['checkAccess'] : null;
if ($pa_public_access && is_numeric($pa_public_access) && !is_array($pa_public_access)) {
$pa_public_access = array($pa_public_access);
}
for ($vn_i = 0; $vn_i < sizeof($pa_public_access); $vn_i++) {
$pa_public_access[$vn_i] = intval($pa_public_access[$vn_i]);
}
if ($pn_user_id) {
$va_extra_joins = array();
$va_sql_wheres = array("(cs.deleted = 0)");
$va_sql_params = array();
$o_db = $this->getDb();
if ($vn_table_num) {
$va_sql_wheres[] = "(cs.table_num = ?)";
$va_sql_params[] = (int) $vn_table_num;
}
if (!is_null($pa_public_access) && is_array($pa_public_access) && sizeof($pa_public_access)) {
$va_sql_wheres[] = "(cs.access IN (?))";
$va_sql_params[] = $pa_public_access;
}
if (isset($pm_type) && $pm_type) {
if (is_numeric($pm_type)) {
$va_sql_wheres[] = "(cs.type_id = ?)";
$va_sql_params[] = (int) $pm_type;
} else {
# --- look up code of set type
$t_list = new ca_lists();
$vn_type_id = $t_list->getItemIDFromList("set_types", $pm_type);
if ($vn_type_id) {
$va_sql_wheres[] = "(cs.type_id = ?)";
$va_sql_params[] = (int) $vn_type_id;
}
}
}
if ($pa_options["owner"]) {
$va_sql_wheres[] = "(cs.user_id = " . $pn_user_id . ")";
} else {
# --- if owner is not set to true, we're finding all sets the user has access to or is owner of
# --- we also check the users' access to the set if set
$t_user = new ca_users();
$t_user->load($pn_user_id);
if ($t_user->getPrimaryKey()) {
$vs_access_sql = $pn_access > 0 ? " AND (access >= " . intval($pn_access) . ")" : "";
if (is_array($va_groups = $t_user->getUserGroups()) && sizeof($va_groups)) {
$vs_sql = "(\n\t\t\t\t\t\t\t(cs.user_id = " . intval($pn_user_id) . ") OR \n\t\t\t\t\t\t\t(cs.set_id IN (\n\t\t\t\t\t\t\t\t\tSELECT set_id \n\t\t\t\t\t\t\t\t\tFROM ca_sets_x_user_groups \n\t\t\t\t\t\t\t\t\tWHERE \n\t\t\t\t\t\t\t\t\t\tgroup_id IN (" . join(',', array_keys($va_groups)) . ") {$vs_access_sql}\n\t\t\t\t\t\t\t\t\t\tAND\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t (sdatetime IS NULL AND edatetime IS NULL)\n\t\t\t\t\t\t\t\t\t\t\t OR \n\t\t\t\t\t\t\t\t\t\t\t (\n\t\t\t\t\t\t\t\t\t\t\t\tsdatetime <= " . time() . " AND edatetime >= " . time() . "\n\t\t\t\t\t\t\t\t\t\t\t )\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t)\n\t\t\t\t\t\t)";
} else {
$vs_sql = "(cs.user_id = {$pn_user_id})";
}
$vs_sql .= " OR (cs.set_id IN (\n\t\t\t\t\t\t\t\t\t\t\tSELECT set_id \n\t\t\t\t\t\t\t\t\t\t\tFROM ca_sets_x_users \n\t\t\t\t\t\t\t\t\t\t\tWHERE \n\t\t\t\t\t\t\t\t\t\t\t\tuser_id = {$pn_user_id} {$vs_access_sql}\n\t\t\t\t\t\t\t\t\t\t\t\tAND\n\t\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\t\t (sdatetime IS NULL AND edatetime IS NULL)\n\t\t\t\t\t\t\t\t\t\t\t\t\t OR \n\t\t\t\t\t\t\t\t\t\t\t\t\t (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tsdatetime <= " . time() . " AND edatetime >= " . time() . "\n\t\t\t\t\t\t\t\t\t\t\t\t\t )\n\t\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t)";
$va_sql_wheres[] = "({$vs_sql})";
}
}
$qr_res = $o_db->query("SELECT cs.set_id, cs.user_id, type_id, cu.fname, cu.lname\n\t\t\t\t\t\t\t\t\tFROM ca_sets cs\n\t\t\t\t\t\t\t\t\tINNER JOIN ca_users AS cu ON cs.user_id = cu.user_id\n\t\t\t\t\t\t\t\t\t" . join("\n", $va_extra_joins) . "\n\t\t\t\t\t\t\t\t\t" . (sizeof($va_sql_wheres) ? "WHERE " : "") . " " . join(" AND ", $va_sql_wheres) . "\n\t\t\t\t\t\t\t\t\t", $va_sql_params);
$va_sets = array();
$t_list = new ca_lists();
while ($qr_res->nextRow()) {
$vn_table_num = $qr_res->get('table_num');
if (!isset($va_type_name_cache[$vn_table_num]) || !($vs_set_type = $va_type_name_cache[$vn_table_num])) {
$vs_set_type = $va_type_name_cache[$vn_table_num] = $this->getSetContentTypeName($vn_table_num, array('number' => 'plural'));
}
$vs_type = $t_list->getItemFromListForDisplayByItemID('set_types', $qr_res->get('type_id'));
$va_sets[$qr_res->get('set_id')] = array_merge($qr_res->getRow(), array('set_content_type' => $vs_set_type, 'set_type' => $vs_type));
}
return $va_sets;
} else {
return false;
}
}示例6: filterHitsByACL
/**
* Filter list of hits by ACL
* @param array $pa_hits
* @param int $pn_table_num
* @param int $pn_user_id
* @param int $pn_access
* @return array
*/
public function filterHitsByACL($pa_hits, $pn_table_num, $pn_user_id, $pn_access = __CA_ACL_READONLY_ACCESS__)
{
if (!sizeof($pa_hits)) {
return $pa_hits;
}
if (!(int) $pn_user_id) {
$pn_user_id = 0;
}
$o_dm = Datamodel::load();
$o_conf = Configuration::load();
if (!($t_table = $o_dm->getInstanceByTableNum($pn_table_num, true))) {
return $pa_hits;
}
$t_user = new ca_users($pn_user_id);
if (is_array($va_groups = $t_user->getUserGroups()) && sizeof($va_groups)) {
$va_group_ids = array_keys($va_groups);
$vs_group_sql = 'OR (ca_acl.group_id IN (' . join(',', $va_group_ids) . '))';
} else {
$vs_group_sql = '';
}
$vs_search_tmp_table = $this->loadListIntoTemporaryResultTable($pa_hits, md5(rand(1, 100000)));
// first get all items where user has an exception that grants him access.
// those trump everything and are definitely part of the result set
$qr_items = $this->opo_db->query($vs_sql = "\n\t\t\t\tSELECT row_id\n\t\t\t\tFROM ca_acl\n\t\t\t\tWHERE\n\t\t\t\t\trow_id IN (SELECT * FROM {$vs_search_tmp_table})\n\t\t\t\t\tAND table_num = ? AND access >= ?\n\t\t\t\t\tAND ((ca_acl.user_id = ?) {$vs_group_sql})\n\t\t\t", (int) $pn_table_num, (int) $pn_access, (int) $pn_user_id);
$va_hits = $qr_items->getAllFieldValues('row_id');
// then get all items that have sufficient global access on item-level,
// minus those with an exception that prevents the current user from accessing
$qr_items = $this->opo_db->query("\n\t\t\t\tSELECT row_id\n\t\t\t\tFROM ca_acl\n\t\t\t\tWHERE\n\t\t\t\t\trow_id IN (SELECT row_id FROM {$vs_search_tmp_table})\n\t\t\t\t\tAND table_num = ? AND user_id IS NULL AND group_id IS NULL AND access >= ?\n\t\t\t\t\tAND row_id NOT IN (\n\t\t\t\t\t\tSELECT row_id FROM ca_acl\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\trow_id IN (?)\n\t\t\t\t\t\t\tAND table_num = ? AND access < ?\n\t\t\t\t\t\t\tAND (user_id = ? {$vs_group_sql})\n\t\t\t\t\t)\n\t\t\t", (int) $pn_table_num, (int) $pn_access, $pa_hits, (int) $pn_table_num, (int) $pn_access, (int) $pn_user_id);
$va_hits = array_merge($va_hits, $qr_items->getAllFieldValues('row_id'));
// If requested access is less restrictive than default access,
// add items with no ACL that don't have an exception for this user and his groups
if ($pn_access <= $o_conf->get('default_item_access_level')) {
// Find records with default ACL for this user/group
$qr_sort = $this->opo_db->query("\n\t\t\t\t\tSELECT {$vs_search_tmp_table}.row_id\n\t\t\t\t\tFROM {$vs_search_tmp_table}\n\t\t\t\t\tLEFT JOIN (SELECT * FROM ca_acl WHERE ((ca_acl.user_id = ?) {$vs_group_sql}) OR (ca_acl.user_id IS NULL)) AS ca_acl ON {$vs_search_tmp_table}.row_id = ca_acl.row_id AND ca_acl.table_num = ?\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tca_acl.row_id IS NULL\n\t\t\t\t", array($pn_user_id, (int) $pn_table_num));
$va_hits = array_merge($va_hits, $qr_sort->getAllFieldValues('row_id'));
}
$this->cleanupTemporaryResultTable();
return array_values(array_unique($va_hits));
}示例7: authenticate
public static function authenticate($ps_username, $ps_password = '', $pa_options = null)
{
$po_auth_config = Configuration::load(Configuration::load()->get('authentication_config'));
if (!function_exists("ldap_connect")) {
throw new OpenLDAPException(_t("PHP's LDAP module is required for LDAP authentication!"));
}
if (!$ps_username) {
return false;
}
// ldap config
$vs_ldaphost = $po_auth_config->get("ldap_host");
$vs_ldapport = $po_auth_config->get("ldap_port");
$vs_base_dn = $po_auth_config->get("ldap_base_dn");
$vs_user_ou = $po_auth_config->get("ldap_user_ou");
$vs_bind_rdn = self::postProcessLDAPConfigValue("ldap_bind_rdn_format", $ps_username, $vs_user_ou, $vs_base_dn);
$va_default_roles = $po_auth_config->get("ldap_users_default_roles");
if (!is_array($va_default_roles)) {
$va_default_roles = array();
}
$va_default_groups = $po_auth_config->get("ldap_users_default_groups");
if (!is_array($va_default_groups)) {
$va_default_groups = array();
}
$vo_ldap = ldap_connect($vs_ldaphost, $vs_ldapport);
ldap_set_option($vo_ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
if (!$vo_ldap) {
return false;
}
$vs_bind_rdn_filter = self::postProcessLDAPConfigValue("ldap_bind_rdn_filter", $ps_username, $vs_user_ou, $vs_base_dn);
if (strlen($vs_bind_rdn_filter) > 0) {
$vo_dn_search_results = ldap_search($vo_ldap, $vs_base_dn, $vs_bind_rdn_filter);
$va_dn_search_results = ldap_get_entries($vo_ldap, $vo_dn_search_results);
if (isset($va_dn_search_results[0]['dn'])) {
$vs_bind_rdn = $va_dn_search_results[0]['dn'];
}
}
// log in
$vo_bind = @ldap_bind($vo_ldap, $vs_bind_rdn, $ps_password);
if (!$vo_bind) {
// wrong credentials
if (ldap_get_option($vo_ldap, 0x32, $extended_error)) {
caLogEvent("ERR", "LDAP ERROR (" . ldap_errno($vo_ldap) . ") {$extended_error} [{$vs_bind_rdn}]", "OpenLDAP::Authenticate");
}
ldap_unbind($vo_ldap);
return false;
}
// check group membership
if (!self::isMemberinAtLeastOneGroup($ps_username, $vo_ldap)) {
ldap_unbind($vo_ldap);
return false;
}
// user role and group membership syncing with directory
$t_user = new ca_users();
if ($t_user->load($ps_username)) {
// don't try to sync roles for non-existing users (the first auth call is before the user is actually created)
if ($po_auth_config->get('ldap_sync_user_roles')) {
$va_expected_roles = array_merge($va_default_roles, self::getRolesToAddFromDirectory($ps_username, $vo_ldap));
foreach ($va_expected_roles as $vs_role) {
if (!$t_user->hasUserRole($vs_role)) {
$t_user->addRoles($vs_role);
}
}
foreach ($t_user->getUserRoles() as $vn_id => $va_role_info) {
if (!in_array($va_role_info['code'], $va_expected_roles)) {
$t_user->removeRoles($vn_id);
}
}
}
if ($po_auth_config->get('ldap_sync_user_groups')) {
$va_expected_groups = array_merge($va_default_groups, self::getGroupsToAddFromDirectory($ps_username, $vo_ldap));
foreach ($va_expected_groups as $vs_group) {
if (!$t_user->inGroup($vs_group)) {
$t_user->addToGroups($vs_group);
}
}
foreach ($t_user->getUserGroups() as $vn_id => $va_group_info) {
if (!in_array($va_group_info['code'], $va_expected_groups)) {
$t_user->removeFromGroups($vn_id);
}
}
}
}
ldap_unbind($vo_ldap);
return true;
}示例8: accessForRow
/**
* Checks access control list for the specified row and user and returns an access value. Values are:
*
* __CA_ACL_NO_ACCESS__ (0)
* __CA_ACL_READONLY_ACCESS__ (1)
* __CA_ACL_EDIT_ACCESS__ (2)
* __CA_ACL_EDIT_DELETE_ACCESS__ (3)
*
* @param ca_users $t_user A ca_users object
* @param int $pn_table_num The table number for the row to check
* @param int $pn_row_id The primary key value for the row to check.
* @return int An access value
*/
public static function accessForRow($t_user, $pn_table_num, $pn_row_id)
{
if (!is_object($t_user)) {
$t_user = new ca_users();
}
$o_db = new Db();
$vn_user_id = (int) $t_user->getPrimaryKey();
if (isset(ca_acl::$s_acl_access_value_cache[$vn_user_id][$pn_table_num][$pn_row_id])) {
return ca_acl::$s_acl_access_value_cache[$vn_user_id][$pn_table_num][$pn_row_id];
}
$vn_access = null;
// try to load ACL for user
if ($vn_user_id) {
$qr_res = $o_db->query("\n\t\t\t\tSELECT max(access) a\n\t\t\t\tFROM ca_acl\n\t\t\t\tWHERE\n\t\t\t\t\ttable_num = ? AND row_id = ? AND user_id = ?\n\t\t\t\t\t\n\t\t\t", (int) $pn_table_num, (int) $pn_row_id, $vn_user_id);
if ($qr_res->nextRow()) {
if (strlen($vs_access = $qr_res->get('a'))) {
$vn_access = (int) $vs_access;
if ($vn_access >= __CA_ACL_EDIT_DELETE_ACCESS__) {
return ca_acl::$s_acl_access_value_cache[$vn_user_id][$pn_table_num][$pn_row_id] = $vn_access;
}
// max access found so just return
}
}
$va_groups = $t_user->getUserGroups();
if (is_array($va_groups)) {
$va_group_ids = array_keys($va_groups);
if (is_array($va_group_ids) && sizeof($va_group_ids) > 0) {
$qr_res = $o_db->query("\n\t\t\t\t\t\tSELECT max(access) a \n\t\t\t\t\t\tFROM ca_acl\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\ttable_num = ? AND row_id = ? AND group_id IN (?)\n\t\t\t\t\t\t\t\n\t\t\t\t\t", (int) $pn_table_num, (int) $pn_row_id, $va_group_ids);
if ($qr_res->nextRow()) {
if (strlen($vs_access = $qr_res->get('a'))) {
$vn_acl_access = (int) $vs_access;
if ($vn_acl_access >= $vn_access) {
$vn_access = $vn_acl_access;
}
if ($vn_access >= __CA_ACL_EDIT_DELETE_ACCESS__) {
return ca_acl::$s_acl_access_value_cache[$vn_user_id][$pn_table_num][$pn_row_id] = $vn_access;
}
// max access found so just return
}
}
}
}
}
// Get world access
$qr_res = $o_db->query("\n\t\t\tSELECT max(access) a \n\t\t\tFROM ca_acl\n\t\t\tWHERE\n\t\t\t\ttable_num = ? AND row_id = ? AND group_id IS NULL AND user_id IS NULL\n\t\t\t\t\n\t\t", (int) $pn_table_num, (int) $pn_row_id);
if ($qr_res->nextRow()) {
if (strlen($vs_access = $qr_res->get('a')) && (int) $vs_access >= $vn_access) {
return ca_acl::$s_acl_access_value_cache[$vn_user_id][$pn_table_num][$pn_row_id] = (int) $vs_access;
}
}
if (!is_null($vn_access)) {
return ca_acl::$s_acl_access_value_cache[$vn_user_id][$pn_table_num][$pn_row_id] = $vn_access;
}
// If no ACL exists return default
$o_config = Configuration::load();
return ca_acl::$s_acl_access_value_cache[$vn_user_id][$pn_table_num][$pn_row_id] = (int) $o_config->get('default_item_access_level');
}示例9: syncWithDirectory
private function syncWithDirectory($ps_username)
{
$va_default_roles = $this->getConfigValue("ldap_users_default_roles", array());
$va_default_groups = $this->getConfigValue("ldap_users_default_groups", array());
$t_user = new ca_users();
// don't try to sync roles for non-existing users (the first auth call is before the user is actually created)
if (!$t_user->load($ps_username)) {
return;
}
if ($this->getConfigValue('ldap_sync_user_roles')) {
$va_expected_roles = array_merge($va_default_roles, $this->getRolesToAddFromDirectory($ps_username));
foreach ($va_expected_roles as $vs_role) {
if (!$t_user->hasUserRole($vs_role)) {
$t_user->addRoles($vs_role);
}
}
foreach ($t_user->getUserRoles() as $vn_id => $va_role_info) {
if (!in_array($va_role_info['code'], $va_expected_roles)) {
$t_user->removeRoles($vn_id);
}
}
}
if ($this->getConfigValue('ldap_sync_user_groups')) {
$va_expected_groups = array_merge($va_default_groups, $this->getGroupsToAddFromDirectory($ps_username));
foreach ($va_expected_groups as $vs_group) {
if (!$t_user->inGroup($vs_group)) {
$t_user->addToGroups($vs_group);
}
}
foreach ($t_user->getUserGroups() as $vn_id => $va_group_info) {
if (!in_array($va_group_info['code'], $va_expected_groups)) {
$t_user->removeFromGroups($vn_id);
}
}
}
}示例10: getScreens
/**
* Returns list of screens for a given UI.
*
* @param int $pn_type_id Optional type to restrict screens to
* @param array $pa_options Options include:
* showAll = Include screens that do not have placements. Default is false.
* user_id = User_id to apply access control for
*
* @return array List of screens for this user interface
*/
public function getScreens($pn_type_id = null, $pa_options = null)
{
if (!$this->getPrimaryKey()) {
return false;
}
if (!($t_instance = $this->_DATAMODEL->getInstanceByTableNum($this->get('editor_type')))) {
return null;
}
if ($t_instance instanceof BaseRelationshipModel) {
$va_types = $t_instance->getRelationshipTypes();
} else {
$va_types = $t_instance->getTypeList();
}
$va_sql_params = array((int) $this->getPrimaryKey());
$o_db = $this->getDb();
$va_type_list = caMakeTypeIDList($this->get('editor_type'), array($pn_type_id), array('dontIncludeSubtypesInTypeRestriction' => true));
if (!sizeof($va_type_list)) {
$va_type_list = array($pn_type_id);
}
$vs_type_sql = (int) $pn_type_id ? "AND (ceustr.type_id IS NULL OR ceustr.type_id IN (" . join(",", $va_type_list) . "))" : '';
$vs_access_sql = '';
$t_user = new ca_users();
if (($vn_user_id = caGetOption('user_id', $pa_options, null)) && $t_user->load($vn_user_id)) {
$vs_access_sql = " AND ((ceus.screen_id IN \n\t\t\t\t\t(\n\t\t\t\t\t\tSELECT screen_id \n\t\t\t\t\t\tFROM ca_editor_ui_screens_x_users\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tuser_id = ?\n\t\t\t\t\t)\n\t\t\t\t)";
$va_sql_params[] = $vn_user_id;
$va_groups = $t_user->getUserGroups();
if (is_array($va_groups) && sizeof($va_groups)) {
$vs_access_sql .= " OR (ceus.screen_id IN \n\t\t\t\t\t(\n\t\t\t\t\t\tSELECT screen_id \n\t\t\t\t\t\tFROM ca_editor_ui_screens_x_user_groups\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tgroup_id IN (?)\n\t\t\t\t\t)\n\t\t\t\t)";
$va_sql_params[] = array_keys($va_groups);
}
$va_roles = $t_user->getUserRoles();
if (is_array($va_roles) && sizeof($va_roles)) {
$vs_access_sql .= " OR (ceus.screen_id IN \n\t\t\t\t\t(\n\t\t\t\t\t\tSELECT screen_id \n\t\t\t\t\t\tFROM ca_editor_ui_screens_x_roles\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\trole_id IN (?)\n\t\t\t\t\t)\n\t\t\t\t)";
$va_sql_params[] = array_keys($va_roles);
}
$vs_access_sql .= "\n\t\t\t\tOR (\n\t\t\t\t\tceus.screen_id NOT IN (\n\t\t\t\t\t\tSELECT screen_id FROM ca_editor_ui_screens_x_users\n\t\t\t\t\t)\n\t\t\t\t\tAND\n\t\t\t\t\tceus.screen_id NOT IN (\n\t\t\t\t\t\tSELECT screen_id FROM ca_editor_ui_screens_x_user_groups\n\t\t\t\t\t)\n\t\t\t\t\tAND\n\t\t\t\t\tceus.screen_id NOT IN (\n\t\t\t\t\t\tSELECT screen_id FROM ca_editor_ui_screens_x_roles\n\t\t\t\t\t)\n\t\t\t\t)\n\t\t\t)";
}
$qr_res = $o_db->query("\n\t\t\tSELECT ceus.*, ceusl.*, ceustr.type_id restriction_type_id\n\t\t\tFROM ca_editor_ui_screens ceus\n\t\t\tINNER JOIN ca_editor_ui_screen_labels AS ceusl ON ceus.screen_id = ceusl.screen_id\n\t\t\tLEFT JOIN ca_editor_ui_screen_type_restrictions AS ceustr ON ceus.screen_id = ceustr.screen_id\n\t\t\tWHERE\n\t\t\t\t(ceus.ui_id = ?) {$vs_type_sql}\n\t\t\t\t{$vs_access_sql}\n\t\t\tORDER BY \n\t\t\t\tceus.rank, ceus.screen_id\n\t\t", $va_sql_params);
$va_screens = array();
while ($qr_res->nextRow()) {
if (!$va_screens[$vn_screen_id = $qr_res->get('screen_id')][$vn_screen_locale_id = $qr_res->get('locale_id')]) {
$va_screens[$vn_screen_id][$vn_screen_locale_id] = $qr_res->getRow();
if ((bool) $va_screens[$vn_screen_id][$vn_screen_locale_id]['is_default']) {
$va_screens[$vn_screen_id][$vn_screen_locale_id]['isDefault'] = "◉";
}
$va_screens[$vn_screen_id][$vn_screen_locale_id]['numPlacements'] = sizeof($this->getScreenBundlePlacements($vn_screen_id));
}
if ($qr_res->get('restriction_type_id')) {
$vs_key_to_add = $t_instance instanceof BaseRelationshipModel ? 'type_code' : 'name_plural';
$va_screens[$vn_screen_id][$vn_screen_locale_id]['typeRestrictions'][$qr_res->get('restriction_type_id')] = $va_types[$qr_res->get('restriction_type_id')][$vs_key_to_add];
}
}
$va_screens_with_bundles = null;
if ((!isset($pa_options['showAll']) || !$pa_options['showAll']) && sizeof($va_screens)) {
// Get placements for all screens, so we can filter screens without placements
$qr_res = $o_db->query("\n\t\t\t\tSELECT screen_id, placement_id, bundle_name\n\t\t\t\tFROM ca_editor_ui_bundle_placements\n\t\t\t\tWHERE\n\t\t\t\t\tscreen_id IN (?)\n\t\t\t", array(array_keys($va_screens)));
$vs_table = $t_instance->tableName();
$va_screens_with_bundles = array();
while ($qr_res->nextRow()) {
$vn_screen_id = $qr_res->get('screen_id');
if (isset($va_screens_with_bundles[$vn_screen_id])) {
continue;
}
if (caGetBundleAccessLevel($vs_table, $qr_res->get('bundle_name')) != __CA_BUNDLE_ACCESS_NONE__) {
$va_screens_with_bundles[$vn_screen_id] = true;
}
}
}
foreach ($va_screens as $vn_screen_id => $va_screen_labels_by_locale) {
if (is_array($va_screens_with_bundles) && !isset($va_screens_with_bundles[$vn_screen_id])) {
unset($va_screens[$vn_screen_id]);
continue;
}
foreach ($va_screen_labels_by_locale as $vn_locale_id => $va_restriction_info) {
if (!is_array($va_screens[$vn_screen_id][$vn_locale_id]['typeRestrictions'])) {
continue;
}
$va_screens[$vn_screen_id][$vn_locale_id]['typeRestrictionsForDisplay'] = join(', ', $va_screens[$vn_screen_id][$vn_locale_id]['typeRestrictions']);
}
}
return caExtractValuesByUserLocale($va_screens);
}