eZ publish: ezrole.php Source File

00001 <?php
00002 //
00003 // Definition of eZRole class
00004 //
00005 // Created on: <14-Aug-2002 14:08:46 sp>
00006 //
00007 // ## BEGIN COPYRIGHT, LICENSE AND WARRANTY NOTICE ##
00008 // SOFTWARE NAME: eZ publish
00009 // SOFTWARE RELEASE: 3.9.x
00010 // COPYRIGHT NOTICE: Copyright (C) 1999-2006 eZ systems AS
00011 // SOFTWARE LICENSE: GNU General Public License v2.0
00012 // NOTICE: >
00013 //   This program is free software; you can redistribute it and/or
00014 //   modify it under the terms of version 2.0  of the GNU General
00015 //   Public License as published by the Free Software Foundation.
00016 //
00017 //   This program is distributed in the hope that it will be useful,
00018 //   but WITHOUT ANY WARRANTY; without even the implied warranty of
00019 //   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00020 //   GNU General Public License for more details.
00021 //
00022 //   You should have received a copy of version 2.0 of the GNU General
00023 //   Public License along with this program; if not, write to the Free
00024 //   Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
00025 //   MA 02110-1301, USA.
00026 //
00027 //
00028 // ## END COPYRIGHT, LICENSE AND WARRANTY NOTICE ##
00029 //
00030 
00031 /*! \file ezrole.php
00032 */
00033 
00034 /*! \defgroup eZRole Role based permission system */
00035 
00036 /*!
00037   \class eZRole ezrole.php
00038   \ingroup eZRole
00039   \brief A container for policies in the permission system
00040 
00041   It consists merely of a name() and has a DB id() and a version() number.
00042   The actual permissions are stored in policies and policy values
00043   which can be fetched with the method policyList().
00044 
00045   To fetch permission access array you can use accessArrayByUserID() and accessArray().
00046 
00047   There are multiple ways to fetch a role,
00048   directly from an id() with fetch(), by a role name() with fetchByName(),
00049   by a given user with fetchByUser() or the whole list with fetchList() and fetchByOffset().
00050 
00051   Creating roles is done with create(), after which new policies can be added
00052   using appendPolicy().
00053 
00054   Remove roles with remove() and its policies with removePolicies().
00055 
00056 */
00057 include_once( 'kernel/classes/ezpersistentobject.php' );
00058 include_once( 'lib/ezutils/classes/ezini.php' );
00059 include_once( "lib/ezdb/classes/ezdb.php" );
00060 
00061 class eZRole extends eZPersistentObject
00062 {
00063     /*!
00064      Constructor
00065     */
00066     function eZRole( $row = array() )
00067     {
00068         $this->eZPersistentObject( $row );
00069         $this->PolicyArray = 0;
00070         $this->LimitIdentifier = false;
00071         $this->LimitValue = false;
00072         if ( isset( $row['limit_identifier'] ) )
00073             $this->LimitIdentifier = $row['limit_identifier'];
00074         if ( isset( $row['limit_value'] ) )
00075             $this->LimitValue = $row['limit_value'];
00076         if ( isset( $row['user_role_id'] ) )
00077             $this->UserRoleID = $row['user_role_id'];
00078     }
00079 
00080     function definition()
00081     {
00082         return array( "fields" => array( "id" => array( 'name' => 'ID',
00083                                                         'datatype' => 'integer',
00084                                                         'default' => 0,
00085                                                         'required' => true ),
00086                                          "version" => array( 'name' => "Version",
00087                                                              'datatype' => 'integer',
00088                                                              'default' => 0,
00089                                                              'required' => true ),
00090                                          "name" => array( 'name' => "Name",
00091                                                           'datatype' => 'string',
00092                                                           'default' => '',
00093                                                           'required' => true ),
00094                                          "is_new" => array( 'name' => "IsNew",
00095                                                             'datatype' => 'integer',
00096                                                             'default' => '0',
00097                                                             'required' => false ) ),
00098                       "function_attributes" => array( "policies" => "policyList",
00099                                                       'limit_identifier' => 'limitIdentifier',
00100                                                       'limit_value' => 'limitValue',
00101                                                       'user_role_id' => 'userRoleID' ),
00102                       "keys" => array( "id" ),
00103                       "increment_key" => "id",
00104                       "sort" => array( "id" => "asc" ),
00105                       "class_name" => "eZRole",
00106                       "name" => "ezrole" );
00107     }
00108 
00109     /*!
00110      Returns the limit identifier if it is set.
00111      \note This will only be available when fetching roles for a specific user
00112      \sa limitValue
00113     */
00114     function &limitIdentifier()
00115     {
00116         return $this->LimitIdentifier;
00117     }
00118 
00119     /*!
00120      Returns the limit value if it is set.
00121      \note This will only be available when fetching roles for a specific user
00122      \sa limitIdentifier
00123     */
00124     function &limitValue()
00125     {
00126         return $this->LimitValue;
00127     }
00128 
00129     /*!
00130      Returns the user role ID if it is set.
00131     \note This will only be available when fetching roles for a specific user
00132     \sa userRoleID
00133     */
00134     function &userRoleID()
00135     {
00136         return $this->UserRoleID;
00137     }
00138 
00139     /*!
00140      Copies this role, stores it and returns it.
00141      \note Transaction unsafe. If you call several transaction unsafe methods you must enclose
00142      the calls within a db transaction; thus within db->begin and db->commit.
00143     */
00144     function copy()
00145     {
00146         $db =& eZDB::instance();
00147         $db->begin();
00148 
00149         $newRole = eZRole::createNew();
00150         $this->copyPolicies( $newRole->attribute( 'id' ) );
00151         $newRole->setAttribute( 'name', ezi18n( 'kernel/role/edit', 'Copy of %rolename', null,
00152                                                 array( '%rolename' => $this->attribute( 'name' ) ) ) );
00153         $newRole->store();
00154         $db->commit();
00155         return $newRole;
00156     }
00157 
00158     /*!
00159      \note Transaction unsafe. If you call several transaction unsafe methods you must enclose
00160      the calls within a db transaction; thus within db->begin and db->commit.
00161     */
00162     function createTemporaryVersion()
00163     {
00164         $db =& eZDB::instance();
00165         $db->begin();
00166 
00167         $newRole = eZRole::createNew();
00168         $this->copyPolicies( $newRole->attribute( 'id' ) );
00169         $newRole->setAttribute( 'name', $this->attribute( 'name' ) );
00170         $newRole->setAttribute( 'version', $this->attribute( 'id' ) );
00171         $newRole->store();
00172 
00173         $db->commit();
00174         return $newRole;
00175     }
00176 
00177     /*!
00178      \static
00179      Creates a new role with the name 'New role', stores it and returns it.
00180      \note Transaction unsafe. If you call several transaction unsafe methods you must enclose
00181      the calls within a db transaction; thus within db->begin and db->commit.
00182     */
00183     function createNew()
00184     {
00185         $role = new eZRole( array() );
00186         $role->setAttribute( 'name', ezi18n( 'kernel/role/edit', 'New role' ) );
00187         $role->setAttribute( 'is_new', 1 );
00188         $role->store();
00189         return $role;
00190     }
00191 
00192     /*!
00193      \static
00194      Creates a new role with the name \a $roleName and version \a $version and returns it.
00195      \note The role is not stored.
00196     */
00197     function create( $roleName, $version = 0 )
00198     {
00199         $row = array( 'id' => null,
00200                       'name' => $roleName,
00201                       'version' => 0 );
00202         $role = new eZRole( $row );
00203         return $role;
00204     }
00205 
00206     /*!
00207      Appends a new policy to the current role and returns it.
00208      \note The policy and it's limitation values will be stored to the database before returning.
00209      \param $module Which module to give access to or \c true to give access to all modules.
00210      \param $function Which function to give access to or \c true to give access to all functions.
00211      \param $limitations An associative array with limitations and their values, use an empty array for no limitations.
00212 
00213      \code
00214      // Access to content/read
00215      $policy1 = $role->appendPolicy( 'content', 'read' );
00216      // Access to content/read in section 1
00217      $policy2 = $role->appendPolicy( 'content', 'read', array( 'Section' => 1 ) );
00218      // Access to content/read for class 2 and 5
00219      $policy3 = $role->appendPolicy( 'content', 'read', array( 'Class' => array( 2, 5 ) ) );
00220      \encode
00221 
00222      \note Transaction unsafe. If you call several transaction unsafe methods you must enclose
00223      the calls within a db transaction; thus within db->begin and db->commit.
00224     */
00225     function appendPolicy( $module, $function, $limitations = array() )
00226     {
00227         include_once( 'kernel/classes/ezpolicy.php' );
00228         $policy = eZPolicy::create( $this->ID, $module, $function );
00229 
00230         $db =& eZDB::instance();
00231         $db->begin();
00232         $policy->store();
00233         if ( count( $limitations ) > 0 )
00234         {
00235             foreach ( $limitations as $limitationIdentifier => $limitationValues )
00236             {
00237                 if ( !is_array( $limitationValues ) )
00238                     $limitationValues = array( $limitationValues );
00239                 $policy->appendLimitation( $limitationIdentifier, $limitationValues );
00240             }
00241         }
00242         $db->commit();
00243 
00244         if ( isset( $this->Policies ) )
00245         {
00246             $this->Policies[] =& $policy;
00247         }
00248         return $policy;
00249     }
00250 
00251     /*!
00252      Copies all policies for this role and assigns them to the role identified by ID \a $roleID.
00253      \note Transaction unsafe. If you call several transaction unsafe methods you must enclose
00254      the calls within a db transaction; thus within db->begin and db->commit.
00255     */
00256     function copyPolicies( $roleID )
00257     {
00258         $db =& eZDB::instance();
00259         $db->begin();
00260         foreach ( $this->attribute( 'policies' ) as $policy )
00261         {
00262             $policy->copy( $roleID );
00263         }
00264         $db->commit();
00265     }
00266 
00267     /*!
00268      \note Transaction unsafe. If you call several transaction unsafe methods you must enclose
00269      the calls within a db transaction; thus within db->begin and db->commit.
00270      */
00271     function revertFromTemporaryVersion()
00272     {
00273         $temporaryVersion = eZRole::fetch( 0, $this->attribute( 'id' ) );
00274         if ( is_null( $temporaryVersion ) )
00275             return 0;
00276         $this->removePolicies();
00277         $this->setAttribute( 'name', $temporaryVersion->attribute( 'name') );
00278         $this->setAttribute( 'is_new', 0 );
00279 
00280         $db =& eZDB::instance();
00281         $db->begin();
00282         $this->store();
00283 
00284         $query = "UPDATE  ezpolicy
00285                   SET role_id = " . $this->attribute( 'id' ) . "
00286                   WHERE role_id = " . $temporaryVersion->attribute( 'id' );
00287         $db->query( $query );
00288         $temporaryVersion->removePolicies( false );
00289         $temporaryVersion->remove();
00290         $db->commit();
00291 
00292         // Expire role cache
00293         include_once( 'lib/ezutils/classes/ezexpiryhandler.php' );
00294         $handler =& eZExpiryHandler::instance();
00295         $handler->setTimestamp( 'user-access-cache', mktime() );
00296         $handler->setTimestamp( 'user-info-cache', mktime() );
00297         $handler->setTimestamp( 'user-class-cache', mktime() );
00298         $handler->store();
00299     }
00300 
00301     /*!
00302      \static
00303      Removes all temporary roles and roles without policies from the database.
00304      \note Transaction unsafe. If you call several transaction unsafe methods you must enclose
00305      the calls within a db transaction; thus within db->begin and db->commit.
00306     */
00307     function removeTemporary()
00308     {
00309         $temporaryRoles = eZRole::fetchList( true );
00310 
00311         $db =& eZDB::instance();
00312         $db->begin();
00313         foreach ( $temporaryRoles as $role )
00314         {
00315             $role->remove();
00316         }
00317         $db->commit();
00318     }
00319 
00320     /*!
00321      \static
00322      Removes the role, it's policies and any assignments to users/groups.
00323      \param $roleID If this is \c false then the function is not static and the ID is fetched from \c $this.
00324      \note Transaction unsafe. If you call several transaction unsafe methods you must enclose
00325      the calls within a db transaction; thus within db->begin and db->commit.
00326     */
00327     function remove( $roleID = false )
00328     {
00329         if ( $roleID )
00330         {
00331             $role = eZRole::fetch( $roleID );
00332         }
00333         else
00334         {
00335             $role = $this;
00336             $roleID = $this->attribute('id');
00337         }
00338         if ( !isset( $role->ID ) )
00339         {
00340             return 0;
00341         }
00342 
00343         $db =& eZDB::instance();
00344         $db->begin();
00345         foreach ( $role->attribute( 'policies' ) as $policy )
00346         {
00347             $policy->remove();
00348         }
00349         $db->query( "DELETE FROM ezrole WHERE id='$roleID'" );
00350         $db->query( "DELETE FROM ezuser_role WHERE role_id = '$roleID'" );
00351         $db->commit();
00352     }
00353 
00354     /*!
00355      Removes the policy object list from this role.
00356      \param $fromDB If \c true then the policies are removed from database.
00357      \note Transaction unsafe. If you call several transaction unsafe methods you must enclose
00358      the calls within a db transaction; thus within db->begin and db->commit.
00359     */
00360     function removePolicies( $fromDB = true )
00361     {
00362         $db =& eZDB::instance();
00363         $db->begin();
00364         if ( $fromDB )
00365         {
00366             foreach ( $this->attribute( 'policies' ) as $policy )
00367             {
00368                 $policy->remove();
00369             }
00370         }
00371         $db->commit();
00372         unset( $this->Policies );
00373     }
00374 
00375     /*!
00376      Removes the policy object(s) by specified \a $moduleName and/or \a $functionName.
00377      Removes all policies for module \a $moduleName if \a $functionName is \c false.
00378      \param $moduleName Module name
00379      \param $functionName function name. Default is \c false.
00380      \note Transaction unsafe. If you call several transaction unsafe methods you must enclose
00381      the calls within a db transaction; thus within db->begin and db->commit.
00382     */
00383     function removePolicy( $moduleName, $functionName = false )
00384     {
00385         $policyList =& $this->policyList();
00386         if ( is_array( $policyList ) && count( $policyList ) > 0 )
00387         {
00388             $db =& eZDB::instance();
00389             $db->begin();
00390 
00391             foreach( array_keys( $policyList ) as $policyKey )
00392             {
00393                 $policy =& $policyList[$policyKey];
00394                 if ( is_object( $policy ) )
00395                 {
00396                     if ( $policy->attribute( 'module_name' ) == $moduleName )
00397                     {
00398                         if ( ( $functionName === false ) || ( $policy->attribute( 'function_name' ) == $functionName ) )
00399                         {
00400                             $policy->remove();
00401                             unset( $policyList[$policyKey] );
00402                         }
00403                     }
00404                 }
00405             }
00406 
00407             $db->commit();
00408         }
00409     }
00410 
00411     /*!
00412      \static
00413      Cleans up policies and role assignments related to node when this node is removed
00414      \note Transaction unsafe. If you call several transaction unsafe methods you must enclose
00415      the calls within a db transaction; thus within db->begin and db->commit.
00416     */
00417     function cleanupByNode( $node )
00418     {
00419         // Clean up role assignments with limitations related to this object
00420         $db =& eZDB::instance();
00421         $db->begin();
00422         $pathString = $node->attribute( 'path_string' );
00423         $nodeID = $node->attribute( 'node_id' );
00424         $db->query( "DELETE FROM ezuser_role
00425                      WHERE limit_value LIKE '$pathString%' AND limit_identifier='Subtree'" );
00426                         // Clean up subtree limitations related to this object
00427 
00428 
00429         $limitationsToFix = eZPolicyLimitation::findByType( 'SubTree', $node->attribute( 'path_string' ), true, true );
00430 
00431         foreach( $limitationsToFix as $limitation )
00432         {
00433             $values =& $limitation->attribute( 'values' );
00434             $valueCount = count( $values );
00435             if ( $valueCount > 0 )
00436             {
00437                 foreach ( $values as $value )
00438                 {
00439                     if ( strpos( $value->attribute( 'value' ), $node->attribute( 'path_string' ) ) === 0 )
00440                     {
00441                         $value->remove();
00442                         $valueCount--;
00443                     }
00444                 }
00445             }
00446             if( $valueCount == 0 )
00447             {
00448                 $policy = eZPolicy::fetch( $limitation->attribute( 'policy_id' ) );
00449                 if ( is_object ( $policy ) )
00450                 {
00451                     $policy->remove();
00452                 }
00453             }
00454         }
00455 
00456         $limitationsToFixNode = eZPolicyLimitation::findByType( 'Node', $node->attribute( 'node_id' ) );
00457 
00458         foreach( $limitationsToFixNode as $limitation )
00459         {
00460             $values =& $limitation->attribute( 'values' );
00461             $valueCount = count( $values );
00462             if ( $valueCount > 0 )
00463             {
00464                 foreach ( $values as $value )
00465                 {
00466                     if ( $value->attribute( 'value' ) == $node->attribute( 'node_id' ) )
00467                     {
00468                         $value->remove();
00469                         $valueCount--;
00470                     }
00471                 }
00472             }
00473             if( $valueCount == 0 )
00474             {
00475                 $policy = eZPolicy::fetch( $limitation->attribute( 'policy_id' ) );
00476                 if ( is_object ( $policy ) )
00477                 {
00478                     $policy->remove();
00479                 }
00480             }
00481         }
00482 
00483         eZRole::expireCache();
00484 
00485         $db->commit();
00486 
00487     }
00488 
00489     /*!
00490      \static
00491      Returns the roles which the corresponds to the array of content object id's ( Users and user group id's ).
00492 
00493      \param recursive, default false
00494     */
00495     function fetchByUser( $idArray, $recursive = false )
00496     {
00497         $db =& eZDB::instance();
00498 
00499         if ( !$recursive )
00500         {
00501             $groupString = $db->implodeWithTypeCast( ',', $idArray, 'int' );
00502             $query = "SELECT DISTINCT ezrole.id,
00503                                       ezrole.name,
00504                                       ezuser_role.limit_identifier,
00505                                       ezuser_role.limit_value,
00506                                       ezuser_role.id as user_role_id
00507                       FROM ezrole,
00508                            ezuser_role
00509                       WHERE ezuser_role.contentobject_id IN ( $groupString ) AND
00510                             ezuser_role.role_id = ezrole.id";
00511         }
00512         else
00513         {
00514             $userNodeIDArray = array();
00515             foreach( $idArray as $id )
00516             {
00517                 $nodeDefinition = eZContentObjectTreeNode::fetchByContentObjectID( $id );
00518                 foreach ( $nodeDefinition as $nodeDefinitionElement )
00519                 {
00520                     $userNodeIDArray = array_merge( $nodeDefinitionElement->attribute( 'path_array' ), $userNodeIDArray );
00521                 }
00522             }
00523 
00524             $query = 'SELECT DISTINCT ezrole.id,
00525                                       ezrole.name,
00526                                       ezuser_role.limit_identifier,
00527                                       ezuser_role.limit_value,
00528                                       ezuser_role.id as user_role_id
00529                       FROM ezrole,
00530                            ezuser_role,
00531                            ezcontentobject_tree role_tree
00532                       WHERE ezuser_role.contentobject_id = role_tree.contentobject_id AND
00533                             ezuser_role.role_id = ezrole.id AND
00534                             role_tree.node_id IN ( ' . implode( ',', $userNodeIDArray ) . ' )';
00535         }
00536 
00537         $roleArray = $db->arrayQuery( $query );
00538 
00539         $roles = array();
00540         foreach ( $roleArray as $roleRow )
00541         {
00542             $role = new eZRole( $roleRow );
00543             $roles[] = $role;
00544         }
00545 
00546         return $roles;
00547     }
00548 
00549     /*!
00550       Expires all roles, policies and limitations cache.
00551     */
00552     function expireCache()
00553     {
00554         $http =& eZHTTPTool::instance();
00555 
00556         $http->removeSessionVariable( 'UserPolicies' );
00557         $http->removeSessionVariable( 'UserLimitations' );
00558         $http->removeSessionVariable( 'UserLimitationValues' );
00559         $http->removeSessionVariable( 'CanInstantiateClassesCachedForUser' );
00560         $http->removeSessionVariable( 'CanInstantiateClassList' );
00561         $http->removeSessionVariable( 'ClassesCachedForUser' );
00562 
00563         // Expire role cache
00564         include_once( 'lib/ezutils/classes/ezexpiryhandler.php' );
00565         $handler =& eZExpiryHandler::instance();
00566         $handler->setTimestamp( 'user-access-cache', mktime() );
00567         $handler->store();
00568     }
00569 
00570     /*!
00571       \static
00572       \param user id
00573       \return array containing complete access limitation description
00574       Returns newly generated access array which corresponds to the array of user/group ids list.
00575     */
00576     function accessArrayByUserID( $userIDArray )
00577     {
00578         $roles = eZRole::fetchByUser( $userIDArray );
00579         $userLimitation = false;
00580 
00581         $accessArray = array();
00582         foreach ( array_keys ( $roles )  as $roleKey )
00583         {
00584             $accessArray = array_merge_recursive( $accessArray, $roles[$roleKey]->accessArray() );
00585             if ( $roles[$roleKey]->attribute( 'limit_identifier' ) )
00586             {
00587                 $userLimitation = true;
00588             }
00589         }
00590 
00591         if ( $userLimitation )
00592         {
00593             foreach( array_keys( $accessArray ) as $moduleKey )
00594             {
00595                 foreach( array_keys( $accessArray[$moduleKey] ) as $functionKey )
00596                 {
00597                     foreach( array_keys( $accessArray[$moduleKey][$functionKey] ) as $policyKey )
00598                     {
00599                         if ( is_array( $accessArray[$moduleKey][$functionKey][$policyKey] ) )
00600                         {
00601                             foreach( array_keys( $accessArray[$moduleKey][$functionKey][$policyKey] ) as $limitationKey )
00602                             {
00603                                 $limitKeyArray =& $accessArray[$moduleKey][$functionKey][$policyKey][$limitationKey];
00604                                 if ( is_array( $limitKeyArray ) )
00605                                 {
00606                                     $limitKeyArray = array_unique( $limitKeyArray );
00607                                 }
00608                             }
00609                         }
00610                     }
00611                 }
00612             }
00613         }
00614         return $accessArray;
00615     }
00616 
00617     /*!
00618      Fetch access array of current role
00619     */
00620     function accessArray( $ignoreLimitIdentifier = false )
00621     {
00622         $accessArray = array();
00623 
00624         $policies =& $this->attribute( 'policies' );
00625         foreach ( array_keys( $policies ) as $policyKey )
00626         {
00627             $accessArray = array_merge_recursive( $accessArray, $policies[$policyKey]->accessArray( $ignoreLimitIdentifier ) );
00628         }
00629 
00630         return $accessArray;
00631     }
00632 
00633     function &policyList()
00634     {
00635         if ( !isset( $this->Policies ) )
00636         {
00637             include_once( "kernel/classes/ezpolicy.php" );
00638             $policies = eZPersistentObject::fetchObjectList( eZPolicy::definition(),
00639                                                               null, array( 'role_id' => $this->attribute( 'id') ), null, null,
00640                                                               true );
00641 
00642             if ( $this->LimitIdentifier )
00643             {
00644                 foreach ( array_keys( $policies ) as $policyKey )
00645                 {
00646                     $policies[$policyKey]->setAttribute( 'limit_identifier', 'User_' . $this->attribute( 'limit_identifier' ) );
00647                     $policies[$policyKey]->setAttribute( 'limit_value', $this->attribute( 'limit_value' ) );
00648                     $policies[$policyKey]->setAttribute( 'user_role_id', $this->attribute( 'user_role_id' ) );
00649                 }
00650             }
00651             $this->Policies =& $policies;
00652         }
00653 
00654         return $this->Policies;
00655     }
00656 
00657     /*!
00658      Returns a list of role ids which the corresponds to the array of content object id's ( Users and user group id's ).
00659     */
00660     function &fetchIDListByUser( $idArray )
00661     {
00662         $db =& eZDB::instance();
00663 
00664         $groupString = $db->implodeWithTypeCast( ',', $idArray, 'int' );
00665         $query = "SELECT DISTINCT ezrole.id
00666                   FROM ezrole,
00667                        ezuser_role
00668                   WHERE ezuser_role.contentobject_id IN ( $groupString ) AND
00669                         ezuser_role.role_id = ezrole.id ORDER BY ezrole.id";
00670 
00671         $roleArray = $db->arrayQuery( $query );
00672         $roles = array();
00673 
00674         $keys = array_keys( $roleArray );
00675         foreach ( $keys as $key )
00676         {
00677             $roles[] = $roleArray[$key]['id'];
00678         }
00679 
00680         return $roles;
00681     }
00682 
00683     /*!
00684      Assigns the current role to the given user or user group identified by the id.
00685      \note Transaction unsafe. If you call several transaction unsafe methods you must enclose
00686      the calls within a db transaction; thus within db->begin and db->commit.
00687      \note WARNING: Roles and content caches need to be cleared after calling this function.
00688     */
00689     function assignToUser( $userID, $limitIdent = '', $limitValue = '' )
00690     {
00691         $db =& eZDB::instance();
00692         $limitIdent = $db->escapeString( $limitIdent );
00693         $limitValue = $db->escapeString( $limitValue );
00694         $userID =(int) $userID;
00695 
00696         // Who assign which role to whom should be logged.
00697         $object = eZContentObject::fetch( $userID );
00698         $objectName = $object ? $object->attribute( 'name' ) : 'null';
00699 
00700         include_once( "kernel/classes/ezaudit.php" );
00701         eZAudit::writeAudit( 'role-assign', array( 'Role ID' => $this->ID, 'Role name' => $this->attribute( 'name' ),
00702                                                    'Assign to content object ID' => $userID,
00703                                                    'Content object name' => $objectName,
00704                                                    'Comment' => 'Assigned the current role to user or user group identified by the id: eZRole::assignToUser()' ) );
00705 
00706         switch( $limitIdent )
00707         {
00708             case 'subtree':
00709             {
00710                 include_once( 'kernel/classes/ezcontentobjecttreenode.php' );
00711 
00712                 $node = eZContentObjectTreeNode::fetch( $limitValue, false, false );
00713                 if ( $node )
00714                 {
00715                     $limitIdent = 'Subtree';
00716                     $limitValue = $node['path_string'];
00717                 }
00718                 else
00719                 {
00720                     $limitValue = '';
00721                     $limitIdent = '';
00722                 }
00723             } break;
00724             case 'section':
00725             {
00726                 $limitIdent = 'Section';
00727             } break;
00728         }
00729 
00730         $query = "SELECT * FROM ezuser_role WHERE role_id='$this->ID' AND contentobject_id='$userID' AND limit_identifier='$limitIdent' AND limit_value='$limitValue'";
00731 
00732         $rows = $db->arrayQuery( $query );
00733         if ( count( $rows ) > 0 )
00734             return false;
00735 
00736         $db->begin();
00737 
00738         $query = "INSERT INTO ezuser_role ( role_id, contentobject_id, limit_identifier, limit_value ) VALUES ( '$this->ID', '$userID', '$limitIdent', '$limitValue' )";
00739         $db->query( $query );
00740 
00741         $db->commit();
00742         return true;
00743     }
00744 
00745     /*!
00746      Fetch user id array which have been assigned to this role.
00747     */
00748     function &fetchUserID()
00749     {
00750         $db =& eZDB::instance();
00751 
00752         $query = "SELECT contentobject_id FROM  ezuser_role WHERE role_id='$this->ID'";
00753 
00754         $results = $db->arrayQuery( $query );
00755         $idArray = array();
00756         foreach ( $results as $result )
00757         {
00758             $idArray[] = $result['contentobject_id'];
00759         }
00760         return $idArray;
00761     }
00762 
00763     /*!
00764      Removes the role assignment
00765      \note Transaction unsafe. If you call several transaction unsafe methods you must enclose
00766      the calls within a db transaction; thus within db->begin and db->commit.
00767      \note WARNING: Roles and content caches need to be cleared after calling this function.
00768     */
00769     function removeUserAssignment( $userID )
00770     {
00771         $db =& eZDB::instance();
00772         $userID =(int) $userID;
00773         $query = "DELETE FROM ezuser_role WHERE role_id='$this->ID' AND contentobject_id='$userID'";
00774 
00775         $db->query( $query );
00776     }
00777 
00778     /*!
00779      Remove ezuser_role by id
00780 
00781      \param ezuser_role id
00782      \note Transaction unsafe. If you call several transaction unsafe methods you must enclose
00783      the calls within a db transaction; thus within db->begin and db->commit.
00784      \note WARNING: Roles and content caches need to be cleared after calling this function.
00785     */
00786     function removeUserAssignmentByID( $id )
00787     {
00788         // Remove the assignment.
00789         $db =& eZDB::instance();
00790         $id =(int) $id;
00791         $query = "DELETE FROM ezuser_role WHERE id='$id'";
00792         $db->query( $query );
00793     }
00794 
00795     /*!
00796       \return the users and user groups assigned to the current role.
00797     */
00798     function &fetchUserByRole( )
00799     {
00800         $db =& eZDB::instance();
00801 
00802         $query = "SELECT
00803                      ezuser_role.contentobject_id as user_id,
00804                      ezuser_role.limit_value,
00805                      ezuser_role.limit_identifier,
00806                      ezuser_role.id
00807                   FROM
00808                      ezuser_role
00809                   WHERE
00810                     ezuser_role.role_id = '$this->ID'";
00811 
00812         $userRoleArray = $db->arrayQuery( $query );
00813         $userRoles = array();
00814         foreach ( $userRoleArray as $userRole )
00815         {
00816             $role = array();
00817             $role['user_object'] = eZContentObject::fetch( $userRole['user_id'] );
00818             $role['user_role_id'] = $userRole['id'];
00819             $role['limit_ident'] = $userRole['limit_identifier'];
00820             $role['limit_value'] = $userRole['limit_value'];
00821 
00822             $userRoles[] = $role;
00823         }
00824         return $userRoles;
00825     }
00826 
00827     function &fetchRolesByLimitation( $limit_identifier, $limit_value )
00828     {
00829         $db =& eZDB::instance();
00830         $limit_identifier = $db->escapeString( $limit_identifier );
00831         $limit_value = $db->escapeString( $limit_value );
00832         $query = "SELECT DISTINCT
00833                      ezuser_role.role_id as role_id,
00834                      ezuser_role.contentobject_id as user_id
00835                   FROM
00836                      ezuser_role
00837                   WHERE
00838                      ezuser_role.limit_value = '$limit_value' AND
00839                      ezuser_role.limit_identifier = '$limit_identifier'";
00840 
00841         $userRoleArray = $db->arrayQuery( $query );
00842         $userRoles = array();
00843         foreach ( $userRoleArray as $userRole )
00844         {
00845             $role = array();
00846             $role['user'] = eZContentObject::fetch( $userRole['user_id'] );
00847             $role['role'] = eZRole::fetch( $userRole['role_id'] );
00848             $userRoles[] = $role;
00849         }
00850         return $userRoles;
00851     }
00852 
00853     /*!
00854      Fetches the role identified by the role ID \a $roleID and returns it.
00855      \param $version Which version to fetch, 0 is the published one. Temporary versions get
00856       the id of the role.
00857     */
00858     function fetch( $roleID, $version = 0 )
00859     {
00860         if ( $version != 0 )
00861         {
00862             return eZPersistentObject::fetchObject( eZRole::definition(),
00863                                                     null, array( 'version' => $version ), true );
00864         }
00865         return eZPersistentObject::fetchObject( eZRole::definition(),
00866                                                 null, array('id' => $roleID ), true );
00867     }
00868 
00869     /*!
00870      Fetches the role identified by the role name \a $roleName and returns it.
00871      \param $version Which version to fetch, 0 is the published one and 1 is the temporary.
00872     */
00873     function fetchByName( $roleName, $version = 0 )
00874     {
00875         return eZPersistentObject::fetchObject( eZRole::definition(),
00876                                                 null, array( 'name' => $roleName,
00877                                                              'version' => $version ), true );
00878     }
00879 
00880     function fetchList( $tempVersions = false )
00881     {
00882         if ( !$tempVersions )
00883         {
00884             return eZPersistentObject::fetchObjectList( eZRole::definition(),
00885                                                         null, array( 'version' => '0'), null,null,
00886                                                         true );
00887         }
00888         else
00889         {
00890             return eZPersistentObject::fetchObjectList( eZRole::definition(),
00891                                                         null, array( 'version' => array( '>', '0') ), null,null,
00892                                                         true);
00893         }
00894     }
00895 
00896     function fetchByOffset( $offset, $limit, $asObject = true, $ignoreTemp = false, $ignoreNew = true )
00897     {
00898 
00899         if ( $ignoreTemp && $ignoreNew )
00900             $igTemp = array( 'version' => '0',
00901                              'is_new' => '0' );
00902         elseif ( $ignoreTemp )
00903             $igTemp = array( 'version' => '0' );
00904         elseif ( $ignoreNew )
00905             $igTemp = array( 'is_new' => '0' );
00906         else
00907             $igTemp = null;
00908 
00909         return eZPersistentObject::fetchObjectList( eZRole::definition(),
00910                                                     null,
00911                                                     $igTemp,
00912                                                     array( 'name' => 'ASC' ),
00913                                                     array( 'offset' => $offset, 'length' => $limit ),
00914                                                     $asObject );
00915     }
00916 
00917     /*!
00918      \static
00919      \return the number of roles in the database.
00920     */
00921     function roleCount()
00922     {
00923         $db =& eZDB::instance();
00924 
00925         $countArray = $db->arrayQuery(  "SELECT count( * ) AS count FROM ezrole WHERE version=0" );
00926         return $countArray[0]['count'];
00927     }
00928 
00929     /*!
00930      Sets caching of policies to off for this role.
00931     */
00932     function turnOffCaching()
00933     {
00934         $this->CachePolicies = false;
00935     }
00936 
00937     /*!
00938      Sets caching of policies to on for this role.
00939     */
00940     function turnOnCaching()
00941     {
00942         $this->CachePolicies = true;
00943     }
00944 
00945 
00946     /// \privatesection
00947     var $ID;
00948     var $Name;
00949     var $Modules;
00950     var $Functions;
00951     var $LimitValue;
00952     var $LimitIdentifier;
00953     var $UserRoleID;
00954     var $PolicyArray;
00955     var $Sets;
00956     var $Policies;
00957     var $AccessArray;
00958     var $CachePolicies = true;
00959 }
00960 
00961 ?>