1.7.5.1
|
eZ Publish
[4.0]
|
00001 <?php 00002 // 00003 // Definition of eZRole class 00004 // 00005 // Created on: <14-Aug-2002 14:08:46 sp> 00006 // 00007 // ## BEGIN COPYRIGHT, LICENSE AND WARRANTY NOTICE ## 00008 // SOFTWARE NAME: eZ Publish 00009 // SOFTWARE RELEASE: 4.0.x 00010 // COPYRIGHT NOTICE: Copyright (C) 1999-2008 eZ Systems AS 00011 // SOFTWARE LICENSE: GNU General Public License v2.0 00012 // NOTICE: > 00013 // This program is free software; you can redistribute it and/or 00014 // modify it under the terms of version 2.0 of the GNU General 00015 // Public License as published by the Free Software Foundation. 00016 // 00017 // This program is distributed in the hope that it will be useful, 00018 // but WITHOUT ANY WARRANTY; without even the implied warranty of 00019 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00020 // GNU General Public License for more details. 00021 // 00022 // You should have received a copy of version 2.0 of the GNU General 00023 // Public License along with this program; if not, write to the Free 00024 // Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 00025 // MA 02110-1301, USA. 00026 // 00027 // 00028 // ## END COPYRIGHT, LICENSE AND WARRANTY NOTICE ## 00029 // 00030 00031 /*! \file ezrole.php 00032 */ 00033 00034 /*! \defgroup eZRole Role based permission system */ 00035 00036 /*! 00037 \class eZRole ezrole.php 00038 \ingroup eZRole 00039 \brief A container for policies in the permission system 00040 00041 It consists merely of a name() and has a DB id() and a version() number. 00042 The actual permissions are stored in policies and policy values 00043 which can be fetched with the method policyList(). 00044 00045 To fetch permission access array you can use accessArrayByUserID() and accessArray(). 00046 00047 There are multiple ways to fetch a role, 00048 directly from an id() with fetch(), by a role name() with fetchByName(), 00049 by a given user with fetchByUser() or the whole list with fetchList() and fetchByOffset(). 00050 00051 Creating roles is done with create(), after which new policies can be added 00052 using appendPolicy(). 00053 00054 Remove roles with remove() and its policies with removePolicies(). 00055 00056 */ 00057 //include_once( 'kernel/classes/ezpersistentobject.php' ); 00058 //include_once( 'lib/ezutils/classes/ezini.php' ); 00059 //include_once( "lib/ezdb/classes/ezdb.php" ); 00060 00061 class eZRole extends eZPersistentObject 00062 { 00063 /*! 00064 Constructor 00065 */ 00066 function eZRole( $row = array() ) 00067 { 00068 $this->eZPersistentObject( $row ); 00069 $this->PolicyArray = 0; 00070 $this->LimitIdentifier = false; 00071 $this->LimitValue = false; 00072 if ( isset( $row['limit_identifier'] ) ) 00073 $this->LimitIdentifier = $row['limit_identifier']; 00074 if ( isset( $row['limit_value'] ) ) 00075 $this->LimitValue = $row['limit_value']; 00076 if ( isset( $row['user_role_id'] ) ) 00077 $this->UserRoleID = $row['user_role_id']; 00078 } 00079 00080 static function definition() 00081 { 00082 return array( "fields" => array( "id" => array( 'name' => 'ID', 00083 'datatype' => 'integer', 00084 'default' => 0, 00085 'required' => true ), 00086 "version" => array( 'name' => "Version", 00087 'datatype' => 'integer', 00088 'default' => 0, 00089 'required' => true ), 00090 "name" => array( 'name' => "Name", 00091 'datatype' => 'string', 00092 'default' => '', 00093 'required' => true ), 00094 "is_new" => array( 'name' => "IsNew", 00095 'datatype' => 'integer', 00096 'default' => '0', 00097 'required' => false ) ), 00098 "function_attributes" => array( "policies" => "policyList", 00099 'limit_identifier' => 'limitIdentifier', 00100 'limit_value' => 'limitValue', 00101 'user_role_id' => 'userRoleID' ), 00102 "keys" => array( "id" ), 00103 "increment_key" => "id", 00104 "sort" => array( "id" => "asc" ), 00105 "class_name" => "eZRole", 00106 "name" => "ezrole" ); 00107 } 00108 00109 /*! 00110 Returns the limit identifier if it is set. 00111 \note This will only be available when fetching roles for a specific user 00112 \sa limitValue 00113 */ 00114 function limitIdentifier() 00115 { 00116 return $this->LimitIdentifier; 00117 } 00118 00119 /*! 00120 Returns the limit value if it is set. 00121 \note This will only be available when fetching roles for a specific user 00122 \sa limitIdentifier 00123 */ 00124 function limitValue() 00125 { 00126 return $this->LimitValue; 00127 } 00128 00129 /*! 00130 Returns the user role ID if it is set. 00131 \note This will only be available when fetching roles for a specific user 00132 \sa userRoleID 00133 */ 00134 function userRoleID() 00135 { 00136 return $this->UserRoleID; 00137 } 00138 00139 /*! 00140 Copies this role, stores it and returns it. 00141 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 00142 the calls within a db transaction; thus within db->begin and db->commit. 00143 */ 00144 function copy() 00145 { 00146 $db = eZDB::instance(); 00147 $db->begin(); 00148 00149 $newRole = eZRole::createNew(); 00150 $this->copyPolicies( $newRole->attribute( 'id' ) ); 00151 $newRole->setAttribute( 'name', ezi18n( 'kernel/role/edit', 'Copy of %rolename', null, 00152 array( '%rolename' => $this->attribute( 'name' ) ) ) ); 00153 $newRole->store(); 00154 $db->commit(); 00155 return $newRole; 00156 } 00157 00158 /*! 00159 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 00160 the calls within a db transaction; thus within db->begin and db->commit. 00161 */ 00162 function createTemporaryVersion() 00163 { 00164 $db = eZDB::instance(); 00165 $db->begin(); 00166 00167 $newRole = eZRole::createNew(); 00168 $this->copyPolicies( $newRole->attribute( 'id' ) ); 00169 $newRole->setAttribute( 'name', $this->attribute( 'name' ) ); 00170 $newRole->setAttribute( 'version', $this->attribute( 'id' ) ); 00171 $newRole->store(); 00172 00173 $db->commit(); 00174 return $newRole; 00175 } 00176 00177 /*! 00178 \static 00179 Creates a new role with the name 'New role', stores it and returns it. 00180 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 00181 the calls within a db transaction; thus within db->begin and db->commit. 00182 */ 00183 static function createNew() 00184 { 00185 $role = new eZRole( array( 'name' => ezi18n( 'kernel/role/edit', 'New role' ), 00186 'is_new' => 1 ) ); 00187 $role->store(); 00188 return $role; 00189 } 00190 00191 /*! 00192 \static 00193 Creates a new role with the name \a $roleName and version \a $version and returns it. 00194 \note The role is not stored. 00195 */ 00196 static function create( $roleName, $version = 0 ) 00197 { 00198 $row = array( 'id' => null, 00199 'name' => $roleName, 00200 'version' => 0 ); 00201 $role = new eZRole( $row ); 00202 return $role; 00203 } 00204 00205 /*! 00206 Appends a new policy to the current role and returns it. 00207 \note The policy and it's limitation values will be stored to the database before returning. 00208 \param $module Which module to give access to or \c true to give access to all modules. 00209 \param $function Which function to give access to or \c true to give access to all functions. 00210 \param $limitations An associative array with limitations and their values, use an empty array for no limitations. 00211 00212 \code 00213 // Access to content/read 00214 $policy1 = $role->appendPolicy( 'content', 'read' ); 00215 // Access to content/read in section 1 00216 $policy2 = $role->appendPolicy( 'content', 'read', array( 'Section' => 1 ) ); 00217 // Access to content/read for class 2 and 5 00218 $policy3 = $role->appendPolicy( 'content', 'read', array( 'Class' => array( 2, 5 ) ) ); 00219 \endcode 00220 00221 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 00222 the calls within a db transaction; thus within db->begin and db->commit. 00223 */ 00224 function appendPolicy( $module, $function, $limitations = array() ) 00225 { 00226 //include_once( 'kernel/classes/ezpolicy.php' ); 00227 $policy = eZPolicy::create( $this->ID, $module, $function ); 00228 00229 $db = eZDB::instance(); 00230 $db->begin(); 00231 $policy->store(); 00232 if ( count( $limitations ) > 0 ) 00233 { 00234 foreach ( $limitations as $limitationIdentifier => $limitationValues ) 00235 { 00236 if ( !is_array( $limitationValues ) ) 00237 $limitationValues = array( $limitationValues ); 00238 $policy->appendLimitation( $limitationIdentifier, $limitationValues ); 00239 } 00240 } 00241 $db->commit(); 00242 00243 if ( isset( $this->Policies ) ) 00244 { 00245 $this->Policies[] = $policy; 00246 } 00247 return $policy; 00248 } 00249 00250 /*! 00251 Copies all policies for this role and assigns them to the role identified by ID \a $roleID. 00252 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 00253 the calls within a db transaction; thus within db->begin and db->commit. 00254 */ 00255 function copyPolicies( $roleID ) 00256 { 00257 $db = eZDB::instance(); 00258 $db->begin(); 00259 foreach ( $this->attribute( 'policies' ) as $policy ) 00260 { 00261 $policy->copy( $roleID ); 00262 } 00263 $db->commit(); 00264 } 00265 00266 /*! 00267 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 00268 the calls within a db transaction; thus within db->begin and db->commit. 00269 */ 00270 function revertFromTemporaryVersion() 00271 { 00272 $temporaryVersion = eZRole::fetch( 0, $this->attribute( 'id' ) ); 00273 if ( is_null( $temporaryVersion ) ) 00274 return 0; 00275 $this->removePolicies(); 00276 $this->setAttribute( 'name', $temporaryVersion->attribute( 'name') ); 00277 $this->setAttribute( 'is_new', 0 ); 00278 00279 $db = eZDB::instance(); 00280 $db->begin(); 00281 $this->store(); 00282 00283 $query = "UPDATE ezpolicy 00284 SET role_id = " . $this->attribute( 'id' ) . " 00285 WHERE role_id = " . $temporaryVersion->attribute( 'id' ); 00286 $db->query( $query ); 00287 $temporaryVersion->removePolicies( false ); 00288 $temporaryVersion->remove(); 00289 $db->commit(); 00290 00291 // Expire role cache 00292 eZExpiryHandler::registerShutdownFunction(); 00293 $handler = eZExpiryHandler::instance(); 00294 $handler->setTimestamp( 'user-access-cache', time() ); 00295 $handler->setTimestamp( 'user-info-cache', time() ); 00296 $handler->setTimestamp( 'user-class-cache', time() ); 00297 $handler->store(); 00298 } 00299 00300 /*! 00301 \static 00302 Removes all temporary roles and roles without policies from the database. 00303 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 00304 the calls within a db transaction; thus within db->begin and db->commit. 00305 */ 00306 static function removeTemporary() 00307 { 00308 $temporaryRoles = eZRole::fetchList( true ); 00309 00310 $db = eZDB::instance(); 00311 $db->begin(); 00312 foreach ( $temporaryRoles as $role ) 00313 { 00314 $role->removeThis(); 00315 } 00316 $db->commit(); 00317 } 00318 00319 /*! 00320 \static 00321 \sa removeThis 00322 */ 00323 static function removeRole( $roleID ) 00324 { 00325 if ( !isset( $roleID ) ) 00326 { 00327 return 0; 00328 } 00329 return eZRole::fetch( $roleID )->removeThis(); 00330 } 00331 00332 /*! 00333 Removes the role, it's policies and any assignments to users/groups. 00334 \param $roleID If this is \c false then the function is not static and the ID is fetched from \c $this. 00335 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 00336 the calls within a db transaction; thus within db->begin and db->commit. 00337 */ 00338 function removeThis() 00339 { 00340 $db = eZDB::instance(); 00341 $db->begin(); 00342 foreach ( $this->attribute( 'policies' ) as $policy ) 00343 { 00344 $policy->removeThis(); 00345 } 00346 $db->query( "DELETE FROM ezrole WHERE id='" . $db->escapeString( $this->attribute( 'id' ) ) . "'" ); 00347 $db->query( "DELETE FROM ezuser_role WHERE role_id = '" . $db->escapeString( $this->attribute( 'id' ) ) . "'" ); 00348 $db->commit(); 00349 } 00350 00351 /*! 00352 Removes the policy object list from this role. 00353 \param $fromDB If \c true then the policies are removed from database. 00354 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 00355 the calls within a db transaction; thus within db->begin and db->commit. 00356 */ 00357 function removePolicies( $fromDB = true ) 00358 { 00359 $db = eZDB::instance(); 00360 $db->begin(); 00361 if ( $fromDB ) 00362 { 00363 foreach ( $this->attribute( 'policies' ) as $policy ) 00364 { 00365 $policy->removeThis(); 00366 } 00367 } 00368 $db->commit(); 00369 unset( $this->Policies ); 00370 } 00371 00372 /*! 00373 Removes the policy object(s) by specified \a $moduleName and/or \a $functionName. 00374 Removes all policies for module \a $moduleName if \a $functionName is \c false. 00375 \param $moduleName Module name 00376 \param $functionName function name. Default is \c false. 00377 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 00378 the calls within a db transaction; thus within db->begin and db->commit. 00379 */ 00380 function removePolicy( $moduleName, $functionName = false ) 00381 { 00382 $policyList = $this->policyList(); 00383 if ( is_array( $policyList ) && count( $policyList ) > 0 ) 00384 { 00385 $db = eZDB::instance(); 00386 $db->begin(); 00387 00388 foreach( $policyList as $key => $policy ) 00389 { 00390 if ( is_object( $policy ) ) 00391 { 00392 if ( $policy->attribute( 'module_name' ) == $moduleName ) 00393 { 00394 if ( ( $functionName === false ) || ( $policy->attribute( 'function_name' ) == $functionName ) ) 00395 { 00396 $policy->removeThis(); 00397 unset( $this->Policies[$key] ); 00398 } 00399 } 00400 } 00401 } 00402 00403 $db->commit(); 00404 } 00405 } 00406 00407 /*! 00408 \static 00409 Cleans up policies and role assignments related to node when this node is removed 00410 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 00411 the calls within a db transaction; thus within db->begin and db->commit. 00412 */ 00413 static function cleanupByNode( $node ) 00414 { 00415 // Clean up role assignments with limitations related to this object 00416 $db = eZDB::instance(); 00417 $db->begin(); 00418 $pathString = $node->attribute( 'path_string' ); 00419 $nodeID = $node->attribute( 'node_id' ); 00420 $db->query( "DELETE FROM ezuser_role 00421 WHERE limit_value LIKE '$pathString%' AND limit_identifier='Subtree'" ); 00422 // Clean up subtree limitations related to this object 00423 00424 00425 $limitationsToFix = eZPolicyLimitation::findByType( 'SubTree', $node->attribute( 'path_string' ), true, true ); 00426 00427 foreach( $limitationsToFix as $limitation ) 00428 { 00429 $values = $limitation->attribute( 'values' ); 00430 $valueCount = count( $values ); 00431 if ( $valueCount > 0 ) 00432 { 00433 foreach ( $values as $value ) 00434 { 00435 if ( strpos( $value->attribute( 'value' ), $node->attribute( 'path_string' ) ) === 0 ) 00436 { 00437 $value->remove(); 00438 $valueCount--; 00439 } 00440 } 00441 } 00442 if( $valueCount == 0 ) 00443 { 00444 $policy = eZPolicy::fetch( $limitation->attribute( 'policy_id' ) ); 00445 if ( is_object ( $policy ) ) 00446 { 00447 $policy->removeThis(); 00448 } 00449 } 00450 } 00451 00452 $limitationsToFixNode = eZPolicyLimitation::findByType( 'Node', $node->attribute( 'node_id' ) ); 00453 00454 foreach( $limitationsToFixNode as $limitation ) 00455 { 00456 $values = $limitation->attribute( 'values' ); 00457 $valueCount = count( $values ); 00458 if ( $valueCount > 0 ) 00459 { 00460 foreach ( $values as $value ) 00461 { 00462 if ( $value->attribute( 'value' ) == $node->attribute( 'node_id' ) ) 00463 { 00464 $value->remove(); 00465 $valueCount--; 00466 } 00467 } 00468 } 00469 if( $valueCount == 0 ) 00470 { 00471 $policy = eZPolicy::fetch( $limitation->attribute( 'policy_id' ) ); 00472 if ( is_object ( $policy ) ) 00473 { 00474 $policy->removeThis(); 00475 } 00476 } 00477 } 00478 00479 eZRole::expireCache(); 00480 00481 $db->commit(); 00482 00483 } 00484 00485 /** 00486 * Returns the roles matching the given users' eZContentObject ID array 00487 * 00488 * @param array $idArray Array of eZContentObject IDs, either groups or users 00489 * @param bool $recursive 00490 * If true, roles will be looked up for each given object's main node 00491 * path_array 00492 * 00493 * @return array(eZRole) 00494 **/ 00495 static function fetchByUser( $idArray, $recursive = false ) 00496 { 00497 if ( count( $idArray ) < 1 ) 00498 { 00499 return array(); 00500 } 00501 00502 $db = eZDB::instance(); 00503 00504 if ( !$recursive ) 00505 { 00506 $groupINSQL = $db->generateSQLINStatement( $idArray, 'ezuser_role.contentobject_id', false, false, 'int' ); 00507 $query = "SELECT DISTINCT ezrole.id, 00508 ezrole.name, 00509 ezuser_role.limit_identifier, 00510 ezuser_role.limit_value, 00511 ezuser_role.id as user_role_id 00512 FROM ezrole, 00513 ezuser_role 00514 WHERE $groupINSQL AND 00515 ezuser_role.role_id = ezrole.id"; 00516 } 00517 else 00518 { 00519 $userNodeIDArray = array(); 00520 foreach( $idArray as $id ) 00521 { 00522 $nodeDefinition = eZContentObjectTreeNode::fetchByContentObjectID( $id ); 00523 foreach ( $nodeDefinition as $nodeDefinitionElement ) 00524 { 00525 $userNodeIDArray = array_merge( $nodeDefinitionElement->attribute( 'path_array' ), $userNodeIDArray ); 00526 } 00527 } 00528 00529 if ( count( $userNodeIDArray ) < 1 ) 00530 { 00531 return array(); 00532 } 00533 00534 $roleTreeINSQL = $db->generateSQLINStatement( $userNodeIDArray, 'role_tree.node_id', false, false, 'int' ); 00535 $query = "SELECT DISTINCT ezrole.id, 00536 ezrole.name, 00537 ezuser_role.limit_identifier, 00538 ezuser_role.limit_value, 00539 ezuser_role.id as user_role_id 00540 FROM ezrole, 00541 ezuser_role, 00542 ezcontentobject_tree role_tree 00543 WHERE ezuser_role.contentobject_id = role_tree.contentobject_id AND 00544 ezuser_role.role_id = ezrole.id AND 00545 $roleTreeINSQL"; 00546 } 00547 00548 $roleArray = $db->arrayQuery( $query ); 00549 00550 $roles = array(); 00551 foreach ( $roleArray as $roleRow ) 00552 { 00553 $role = new eZRole( $roleRow ); 00554 $roles[] = $role; 00555 } 00556 00557 return $roles; 00558 } 00559 00560 /*! 00561 Expires all roles, policies and limitations cache. 00562 */ 00563 static function expireCache() 00564 { 00565 $http = eZHTTPTool::instance(); 00566 00567 $http->removeSessionVariable( 'UserPolicies' ); 00568 $http->removeSessionVariable( 'UserLimitations' ); 00569 $http->removeSessionVariable( 'UserLimitationValues' ); 00570 $http->removeSessionVariable( 'CanInstantiateClassesCachedForUser' ); 00571 $http->removeSessionVariable( 'CanInstantiateClassList' ); 00572 $http->removeSessionVariable( 'ClassesCachedForUser' ); 00573 00574 // Expire role cache 00575 eZExpiryHandler::registerShutdownFunction(); 00576 $handler = eZExpiryHandler::instance(); 00577 $handler->setTimestamp( 'user-access-cache', time() ); 00578 $handler->store(); 00579 } 00580 00581 /*! 00582 \static 00583 \param user id 00584 \return array containing complete access limitation description 00585 Returns newly generated access array which corresponds to the array of user/group ids list. 00586 */ 00587 static function accessArrayByUserID( $userIDArray ) 00588 { 00589 $roles = eZRole::fetchByUser( $userIDArray ); 00590 $userLimitation = false; 00591 00592 $accessArray = array(); 00593 foreach ( array_keys ( $roles ) as $roleKey ) 00594 { 00595 $accessArray = array_merge_recursive( $accessArray, $roles[$roleKey]->accessArray() ); 00596 if ( $roles[$roleKey]->attribute( 'limit_identifier' ) ) 00597 { 00598 $userLimitation = true; 00599 } 00600 } 00601 00602 if ( $userLimitation ) 00603 { 00604 foreach( $accessArray as $moduleKey => $functionList ) 00605 { 00606 foreach( $functionList as $functionKey => $policyList ) 00607 { 00608 foreach( $policyList as $policyKey => $limitationList ) 00609 { 00610 if ( is_array( $limitationList ) ) 00611 { 00612 foreach( $limitationList as $limitationKey => $limitKeyArray ) 00613 { 00614 if ( is_array( $limitKeyArray ) ) 00615 { 00616 $accessArray[$moduleKey][$functionKey][$policyKey][$limitationKey] = array_unique( $limitKeyArray ); 00617 } 00618 } 00619 } 00620 } 00621 } 00622 } 00623 } 00624 return $accessArray; 00625 } 00626 00627 /*! 00628 Fetch access array of current role 00629 */ 00630 function accessArray( $ignoreLimitIdentifier = false ) 00631 { 00632 $accessArray = array(); 00633 00634 $policies = $this->attribute( 'policies' ); 00635 foreach ( array_keys( $policies ) as $policyKey ) 00636 { 00637 $accessArray = array_merge_recursive( $accessArray, $policies[$policyKey]->accessArray( $ignoreLimitIdentifier ) ); 00638 } 00639 00640 return $accessArray; 00641 } 00642 00643 function policyList() 00644 { 00645 if ( !isset( $this->Policies ) ) 00646 { 00647 //include_once( "kernel/classes/ezpolicy.php" ); 00648 $policies = eZPersistentObject::fetchObjectList( eZPolicy::definition(), 00649 null, array( 'role_id' => $this->attribute( 'id') ), null, null, 00650 true ); 00651 00652 if ( $this->LimitIdentifier ) 00653 { 00654 foreach ( array_keys( $policies ) as $policyKey ) 00655 { 00656 $policies[$policyKey]->setAttribute( 'limit_identifier', 'User_' . $this->attribute( 'limit_identifier' ) ); 00657 $policies[$policyKey]->setAttribute( 'limit_value', $this->attribute( 'limit_value' ) ); 00658 $policies[$policyKey]->setAttribute( 'user_role_id', $this->attribute( 'user_role_id' ) ); 00659 } 00660 } 00661 $this->Policies = $policies; 00662 } 00663 00664 return $this->Policies; 00665 } 00666 00667 /** 00668 * Fetches the list of roles ID matching an array of eZContentObject IDs 00669 * (either users and/or groups IDs) 00670 * 00671 * @param array(eZContentObjectID) $idArray 00672 * 00673 * @return array(eZRoleID) 00674 **/ 00675 static function fetchIDListByUser( $idArray ) 00676 { 00677 $db = eZDB::instance(); 00678 00679 $groupINSQL = $db->generateSQLINStatement( $idArray, 'ezuser_role.contentobject_id', false, false, 'int' ); 00680 $query = "SELECT DISTINCT ezrole.id AS id 00681 FROM ezrole, 00682 ezuser_role 00683 WHERE $groupINSQL AND 00684 ezuser_role.role_id = ezrole.id ORDER BY ezrole.id"; 00685 00686 $retArray = array(); 00687 foreach( $db->arrayQuery( $query ) as $resultSet ) 00688 { 00689 $retArray[] = $resultSet['id']; 00690 } 00691 return $retArray; 00692 } 00693 00694 /*! 00695 Assigns the current role to the given user or user group identified by the id. 00696 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 00697 the calls within a db transaction; thus within db->begin and db->commit. 00698 \note WARNING: Roles and content caches need to be cleared after calling this function. 00699 */ 00700 function assignToUser( $userID, $limitIdent = '', $limitValue = '' ) 00701 { 00702 $db = eZDB::instance(); 00703 $limitIdent = $db->escapeString( $limitIdent ); 00704 $limitValue = $db->escapeString( $limitValue ); 00705 $userID =(int) $userID; 00706 00707 // Who assign which role to whom should be logged. 00708 $object = eZContentObject::fetch( $userID ); 00709 $objectName = $object ? $object->attribute( 'name' ) : 'null'; 00710 00711 //include_once( "kernel/classes/ezaudit.php" ); 00712 eZAudit::writeAudit( 'role-assign', array( 'Role ID' => $this->ID, 'Role name' => $this->attribute( 'name' ), 00713 'Assign to content object ID' => $userID, 00714 'Content object name' => $objectName, 00715 'Comment' => 'Assigned the current role to user or user group identified by the id: eZRole::assignToUser()' ) ); 00716 00717 switch( $limitIdent ) 00718 { 00719 case 'subtree': 00720 { 00721 //include_once( 'kernel/classes/ezcontentobjecttreenode.php' ); 00722 00723 $node = eZContentObjectTreeNode::fetch( $limitValue, false, false ); 00724 if ( $node ) 00725 { 00726 $limitIdent = 'Subtree'; 00727 $limitValue = $node['path_string']; 00728 } 00729 else 00730 { 00731 $limitValue = ''; 00732 $limitIdent = ''; 00733 } 00734 } break; 00735 case 'section': 00736 { 00737 $limitIdent = 'Section'; 00738 } break; 00739 } 00740 00741 $query = "SELECT * FROM ezuser_role WHERE role_id='$this->ID' AND contentobject_id='$userID' AND limit_identifier='$limitIdent' AND limit_value='$limitValue'"; 00742 00743 $rows = $db->arrayQuery( $query ); 00744 if ( count( $rows ) > 0 ) 00745 return false; 00746 00747 $db->begin(); 00748 00749 $query = "INSERT INTO ezuser_role ( role_id, contentobject_id, limit_identifier, limit_value ) VALUES ( '$this->ID', '$userID', '$limitIdent', '$limitValue' )"; 00750 $db->query( $query ); 00751 00752 $db->commit(); 00753 return true; 00754 } 00755 00756 /*! 00757 Fetch user id array which have been assigned to this role. 00758 */ 00759 function fetchUserID() 00760 { 00761 $db = eZDB::instance(); 00762 00763 $query = "SELECT contentobject_id FROM ezuser_role WHERE role_id='$this->ID'"; 00764 00765 return $db->arrayQuery( $query ); 00766 } 00767 00768 /*! 00769 Removes the role assignment 00770 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 00771 the calls within a db transaction; thus within db->begin and db->commit. 00772 \note WARNING: Roles and content caches need to be cleared after calling this function. 00773 */ 00774 function removeUserAssignment( $userID ) 00775 { 00776 $db = eZDB::instance(); 00777 $userID =(int) $userID; 00778 $query = "DELETE FROM ezuser_role WHERE role_id='$this->ID' AND contentobject_id='$userID'"; 00779 00780 $db->query( $query ); 00781 } 00782 00783 /*! 00784 Remove ezuser_role by id 00785 00786 \param ezuser_role id 00787 \note Transaction unsafe. If you call several transaction unsafe methods you must enclose 00788 the calls within a db transaction; thus within db->begin and db->commit. 00789 \note WARNING: Roles and content caches need to be cleared after calling this function. 00790 */ 00791 function removeUserAssignmentByID( $id ) 00792 { 00793 // Remove the assignment. 00794 $db = eZDB::instance(); 00795 $id =(int) $id; 00796 $query = "DELETE FROM ezuser_role WHERE id='$id'"; 00797 $db->query( $query ); 00798 } 00799 00800 /*! 00801 \return the users and user groups assigned to the current role. 00802 */ 00803 function fetchUserByRole( ) 00804 { 00805 $db = eZDB::instance(); 00806 00807 $query = "SELECT 00808 ezuser_role.contentobject_id as user_id, 00809 ezuser_role.limit_value, 00810 ezuser_role.limit_identifier, 00811 ezuser_role.id 00812 FROM 00813 ezuser_role 00814 WHERE 00815 ezuser_role.role_id = '$this->ID'"; 00816 00817 $userRoleArray = $db->arrayQuery( $query ); 00818 $userRoles = array(); 00819 foreach ( $userRoleArray as $userRole ) 00820 { 00821 $role = array(); 00822 $role['user_object'] = eZContentObject::fetch( $userRole['user_id'] ); 00823 $role['user_role_id'] = $userRole['id']; 00824 $role['limit_ident'] = $userRole['limit_identifier']; 00825 $role['limit_value'] = $userRole['limit_value']; 00826 00827 $userRoles[] = $role; 00828 } 00829 return $userRoles; 00830 } 00831 00832 static function fetchRolesByLimitation( $limit_identifier, $limit_value ) 00833 { 00834 $db = eZDB::instance(); 00835 $limit_identifier = $db->escapeString( $limit_identifier ); 00836 $limit_value = $db->escapeString( $limit_value ); 00837 $query = "SELECT DISTINCT 00838 ezuser_role.role_id as role_id, 00839 ezuser_role.contentobject_id as user_id 00840 FROM 00841 ezuser_role 00842 WHERE 00843 ezuser_role.limit_value = '$limit_value' AND 00844 ezuser_role.limit_identifier = '$limit_identifier'"; 00845 00846 $userRoleArray = $db->arrayQuery( $query ); 00847 $userRoles = array(); 00848 foreach ( $userRoleArray as $userRole ) 00849 { 00850 $role = array(); 00851 $role['user'] = eZContentObject::fetch( $userRole['user_id'] ); 00852 $role['role'] = eZRole::fetch( $userRole['role_id'] ); 00853 $userRoles[] = $role; 00854 } 00855 return $userRoles; 00856 } 00857 00858 /*! 00859 Fetches the role identified by the role ID \a $roleID and returns it. 00860 \param $version Which version to fetch, 0 is the published one. Temporary versions get 00861 the id of the role. 00862 */ 00863 static function fetch( $roleID, $version = 0 ) 00864 { 00865 if ( $version != 0 ) 00866 { 00867 return eZPersistentObject::fetchObject( eZRole::definition(), 00868 null, array( 'version' => $version ), true ); 00869 } 00870 return eZPersistentObject::fetchObject( eZRole::definition(), 00871 null, array('id' => $roleID ), true ); 00872 } 00873 00874 /*! 00875 Fetches the role identified by the role name \a $roleName and returns it. 00876 \param $version Which version to fetch, 0 is the published one and 1 is the temporary. 00877 */ 00878 static function fetchByName( $roleName, $version = 0 ) 00879 { 00880 return eZPersistentObject::fetchObject( eZRole::definition(), 00881 null, array( 'name' => $roleName, 00882 'version' => $version ), true ); 00883 } 00884 00885 static function fetchList( $tempVersions = false ) 00886 { 00887 if ( !$tempVersions ) 00888 { 00889 return eZPersistentObject::fetchObjectList( eZRole::definition(), 00890 null, array( 'version' => '0'), null,null, 00891 true ); 00892 } 00893 else 00894 { 00895 return eZPersistentObject::fetchObjectList( eZRole::definition(), 00896 null, array( 'version' => array( '>', '0') ), null,null, 00897 true); 00898 } 00899 } 00900 00901 static function fetchByOffset( $offset, $limit, $asObject = true, $ignoreTemp = false, $ignoreNew = true ) 00902 { 00903 00904 if ( $ignoreTemp && $ignoreNew ) 00905 $igTemp = array( 'version' => '0', 00906 'is_new' => '0' ); 00907 elseif ( $ignoreTemp ) 00908 $igTemp = array( 'version' => '0' ); 00909 elseif ( $ignoreNew ) 00910 $igTemp = array( 'is_new' => '0' ); 00911 else 00912 $igTemp = null; 00913 00914 return eZPersistentObject::fetchObjectList( eZRole::definition(), 00915 null, 00916 $igTemp, 00917 array( 'name' => 'ASC' ), 00918 array( 'offset' => $offset, 'length' => $limit ), 00919 $asObject ); 00920 } 00921 00922 /*! 00923 \static 00924 \return the number of roles in the database. 00925 */ 00926 static function roleCount() 00927 { 00928 $db = eZDB::instance(); 00929 00930 $countArray = $db->arrayQuery( "SELECT count( * ) AS count FROM ezrole WHERE version=0" ); 00931 return $countArray[0]['count']; 00932 } 00933 00934 /*! 00935 Sets caching of policies to off for this role. 00936 */ 00937 function turnOffCaching() 00938 { 00939 $this->CachePolicies = false; 00940 } 00941 00942 /*! 00943 Sets caching of policies to on for this role. 00944 */ 00945 function turnOnCaching() 00946 { 00947 $this->CachePolicies = true; 00948 } 00949 00950 00951 /// \privatesection 00952 public $ID; 00953 public $Name; 00954 public $Modules; 00955 public $Functions; 00956 public $LimitValue; 00957 public $LimitIdentifier; 00958 public $UserRoleID; 00959 public $PolicyArray; 00960 public $Sets; 00961 public $Policies; 00962 public $AccessArray; 00963 public $CachePolicies = true; 00964 } 00965 00966 ?>
1.7.5.1