/gacl/gacl_api.class.php

Large files files are truncated, but you can click here to view the full file

<?php
/**
 * phpGACL - Generic Access Control List
 * Copyright (C) 2002,2003 Mike Benoit
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 *
 * For questions, help, comments, discussion, etc., please join the
 * phpGACL mailing list. http://sourceforge.net/mail/?group_id=57103
 *
 * You may contact the author of phpGACL by e-mail at:
 * ipso@snappymail.ca
 *
 * The latest version of phpGACL can be obtained from:
 * http://phpgacl.sourceforge.net/
 *
 * @package phpGACL
 *
 */

/*
 *
 * For examples, see example.php or the Administration interface,
 * as it makes use of nearly every API Call.
 *
 */
/**
 * gacl_api Extended API Class
 *
 * Class gacl_api should be used for applications that must interface directly with
 * phpGACL's data structures, objects, and rules.
 *
 * @package phpGACL
 * @author Mike Benoit <ipso@snappymail.ca>
 *
 */

class gacl_api extends gacl {

	/*
	 *
	 * Misc helper functions.
	 *
	 */

	/**
	 * showarray()
	 *
	 * Dump all contents of an array in HTML (kinda)
	 *
	 * @param array
	 *
	 */
	function showarray($array) {
		echo "<br><pre>\n";
		var_dump($array);
		echo "</pre><br>\n";
	}

	/**
	 * count_all()
	 *
	 * Recursively counts elements in an array and sub-arrays.
	 *
	 * This is different from count($arg, COUNT_RECURSIVE)
	 * in PHP >= 4.2.0, which includes sub-arrays in the count.
	 *
	 * @return int The returned count is a count of all scalar elements found.
	 *
	 * @param array Array to count
	 */
	function count_all($arg = NULL) {
		switch (TRUE) {
			case is_scalar($arg):
			case is_object($arg):
				// single object
				return 1;
			case is_array($arg):
				// call recursively for all elements of $arg
				$count = 0;
				foreach ($arg as $val) {
					$count += $this->count_all($val);
				}
				return $count;
		}
		return FALSE;
	}

	/**
	 * get_version()
	 *
	 * Grabs phpGACL version from the database.
	 *
	 * @return string Version of phpGACL
	 */
	function get_version() {
		$query = "select value from ".$this->_db_table_prefix."phpgacl where name = 'version'";
		$version = $this->db->GetOne($query);

		return $version;
	}

	/**
	 * get_schema_version()
	 *
	 * Grabs phpGACL schema version from the database.
	 *
	 * @return string Schema Version
	 */
	function get_schema_version() {
		$query = "select value from ".$this->_db_table_prefix."phpgacl where name = 'schema_version'";
		$version = $this->db->GetOne($query);

		return $version;
	}

	/*
	 *
	 * ACL
	 *
	 */

	/**
	 * consolidated_edit_acl()
	 *
	 * Add's an ACL but checks to see if it can consolidate it with another one first.
	 *
	 * This ONLY works with ACO's and ARO's. Groups, and AXO are excluded.
	 * As well this function is designed for handling ACLs with return values,
	 * and consolidating on the return_value, in hopes of keeping the ACL count to a minimum.
	 *
	 * A return value of false must _always_ be handled outside this function.
	 * As this function will remove AROs from ACLs and return false, in most cases
	 * you will need to a create a completely new ACL on a false return.
	 *
	 * @return bool Special boolean return value. See note.
	 *
	 * @param string ACO Section Value
	 * @param string ACO Value
	 * @param string ARO Section Value
	 * @param string ARO Value
	 * @param string Return Value of ACL
	 */
	function consolidated_edit_acl($aco_section_value, $aco_value, $aro_section_value, $aro_value, $return_value) {

		$this->debug_text("consolidated_edit_acl(): ACO Section Value: $aco_section_value ACO Value: $aco_value ARO Section Value: $aro_section_value ARO Value: $aro_value Return Value: $return_value");

		$acl_ids = array();

		if (empty($aco_section_value) ) {
			$this->debug_text("consolidated_edit_acl(): ACO Section Value ($aco_section_value) is empty, this is required!");
			return false;
		}

		if (empty($aco_value) ) {
			$this->debug_text("consolidated_edit_acl(): ACO Value ($aco_value) is empty, this is required!");
			return false;
		}

		if (empty($aro_section_value) ) {
			$this->debug_text("consolidated_edit_acl(): ARO Section Value ($aro_section_value) is empty, this is required!");
			return false;
		}

		if (empty($aro_value) ) {
			$this->debug_text("consolidated_edit_acl(): ARO Value ($aro_value) is empty, this is required!");
			return false;
		}

		if (empty($return_value) ) {
			$this->debug_text("consolidated_edit_acl(): Return Value ($return_value) is empty, this is required!");
			return false;
		}

		//See if a current ACL exists with the current objects, excluding return value
		$current_acl_ids = $this->search_acl($aco_section_value, $aco_value, $aro_section_value, $aro_value, FALSE, FALSE, FALSE, FALSE, FALSE);
		//showarray($current_acl_ids);

		if (is_array($current_acl_ids)) {
			$this->debug_text("add_consolidated_acl(): Found current ACL_IDs, counting ACOs");

			foreach ($current_acl_ids as $current_acl_id) {
				//Check to make sure these ACLs only have a single ACO mapped to them.
				$current_acl_array = &$this->get_acl($current_acl_id);

				//showarray($current_acl_array);
				$this->debug_text("add_consolidated_acl(): Current Count: ".$this->count_all($current_acl_array['aco'])."");

				if ( $this->count_all($current_acl_array['aco']) == 1) {
					$this->debug_text("add_consolidated_acl(): ACL ID: $current_acl_id has 1 ACO.");

					//Test to see if the return values match, if they do, no need removing or appending ARO. Just return true.
					if ($current_acl_array['return_value'] == $return_value) {
						$this->debug_text("add_consolidated_acl(): ACL ID: $current_acl_id has 1 ACO, and the same return value. No need to modify.");
						return true;
					}

					$acl_ids[] = $current_acl_id;
				}

			}
		}

		//showarray($acl_ids);
		$acl_ids_count = count($acl_ids);

		//If acl_id's turns up more then one ACL, lets remove the ARO from all of them in hopes to
		//eliminate any conflicts.
		if (is_array($acl_ids) AND $acl_ids_count > 0) {
			$this->debug_text("add_consolidated_acl(): Removing specified ARO from existing ACL.");

			foreach ($acl_ids as $acl_id) {
				//Remove ARO from current ACLs, so we don't create conflicting ACLs later on.
				if (!$this->shift_acl($acl_id, array($aro_section_value => array($aro_value)) ) ) {
					$this->debug_text("add_consolidated_acl(): Error removing specified ARO from ACL ID: $acl_id");
					return false;
				}
			}
		} else {
			$this->debug_text("add_consolidated_acl(): Didn't find any current ACLs with a single ACO. ");
		}
		//unset($acl_ids);
    $acl_ids = array();
		unset($acl_ids_count);

		//At this point there should be no conflicting ACLs, searching for an existing ACL with the new values.
		$new_acl_ids = $this->search_acl($aco_section_value, $aco_value, FALSE, FALSE, NULL, NULL, NULL, NULL, $return_value);
		$new_acl_count = count($new_acl_ids);
		//showarray($new_acl_ids);

		if (is_array($new_acl_ids)) {
			$this->debug_text("add_consolidated_acl(): Found new ACL_IDs, counting ACOs");

			foreach ($new_acl_ids as $new_acl_id) {
				//Check to make sure these ACLs only have a single ACO mapped to them.
				$new_acl_array = &$this->get_acl($new_acl_id);
				//showarray($new_acl_array);
				$this->debug_text("add_consolidated_acl(): New Count: ".$this->count_all($new_acl_array['aco'])."");
				if ( $this->count_all($new_acl_array['aco']) == 1) {

					$this->debug_text("add_consolidated_acl(): ACL ID: $new_acl_id has 1 ACO, append should be able to take place.");
					$acl_ids[] = $new_acl_id;
				}

			}
		}

		//showarray($acl_ids);
		$acl_ids_count = count($acl_ids);

		if (is_array($acl_ids) AND $acl_ids_count == 1) {
			$this->debug_text("add_consolidated_acl(): Appending specified ARO to existing ACL.");

			$acl_id=$acl_ids[0];

			if (!$this->append_acl($acl_id, array($aro_section_value => array($aro_value)) ) ) {
				$this->debug_text("add_consolidated_acl(): Error appending specified ARO to ACL ID: $acl_id");
				return false;
			}

			$this->debug_text("add_consolidated_acl(): Hot damn, ACL consolidated!");
			return true;
		} elseif($acl_ids_count > 1) {
			$this->debug_text("add_consolidated_acl(): Found more then one ACL with a single ACO. Possible conflicting ACLs.");
			return false;
		} elseif ($acl_ids_count == 0) {
			$this->debug_text("add_consolidated_acl(): No existing ACLs found, create a new one.");

			if (!$this->add_acl(	array( $aco_section_value => array($aco_value) ),
									array( $aro_section_value => array($aro_value) ),
									NULL,
									NULL,
									NULL,
									TRUE,
									TRUE,
									$return_value,
									NULL)
								) {
				$this->debug_text("add_consolidated_acl(): Error adding new ACL for ACO Section: $aco_section_value ACO Value: $aco_value Return Value: $return_value");
				return false;
			}

			$this->debug_text("add_consolidated_acl(): ADD_ACL() successfull, returning True.");
			return true;
		}

		$this->debug_text("add_consolidated_acl(): Returning false.");
		return false;
	}

	/**
	 * search_acl()
	 *
	 * Searches for ACL's with specified objects mapped to them.
	 *
	 * NULL values are included in the search, if you want to ignore
	 * for instance aro_groups use FALSE instead of NULL.
	 *
	 * @return array containing ACL IDs if search is successful
	 *
	 * @param string ACO Section Value
	 * @param string ACO Value
	 * @param string ARO Section Value
	 * @param string ARO Value
	 * @param string ARO Group Name
	 * @param string AXO Section Value
	 * @param string AXO Value
	 * @param string AXO Group Name
	 * @param string Return Value
	 */
	function search_acl($aco_section_value=NULL, $aco_value=NULL, $aro_section_value=NULL, $aro_value=NULL, $aro_group_name=NULL, $axo_section_value=NULL, $axo_value=NULL, $axo_group_name=NULL, $return_value=NULL) {
		$this->debug_text("search_acl(): aco_section_value: $aco_section_value aco_value: $aco_value, aro_section_value: $aro_section_value, aro_value: $aro_value, aro_group_name: $aro_group_name, axo_section_value: $axo_section_value, axo_value: $axo_value, axo_group_name: $axo_group_name, return_value: $return_value");

		$query = '
				SELECT		a.id
				FROM		'. $this->_db_table_prefix .'acl a';

		$where_query = array();

		// ACO
		if ($aco_section_value !== FALSE AND $aco_value !== FALSE) {
			$query .= '
				LEFT JOIN	'. $this->_db_table_prefix .'aco_map ac ON a.id=ac.acl_id';

			if ($aco_section_value == NULL AND $aco_value == NULL) {
				$where_query[] = '(ac.section_value IS NULL AND ac.value IS NULL)';
			} else {
				$where_query[] = '(ac.section_value='. $this->db->quote($aco_section_value) .' AND ac.value='. $this->db->quote($aco_value) .')';
			}
		}

		// ARO
		if ($aro_section_value !== FALSE AND $aro_value !== FALSE) {
			$query .= '
				LEFT JOIN	'. $this->_db_table_prefix .'aro_map ar ON a.id=ar.acl_id';

			if ($aro_section_value == NULL AND $aro_value == NULL) {
				$where_query[] = '(ar.section_value IS NULL AND ar.value IS NULL)';
			} else {
				$where_query[] = '(ar.section_value='. $this->db->quote($aro_section_value) .' AND ar.value='. $this->db->quote($aro_value) .')';
			}
		}

		// AXO
		if ($axo_section_value !== FALSE AND $axo_value !== FALSE) {
			$query .= '
				LEFT JOIN	'. $this->_db_table_prefix .'axo_map ax ON a.id=ax.acl_id';

			if ($axo_section_value == NULL AND $axo_value == NULL) {
				$where_query[] = '(ax.section_value IS NULL AND ax.value IS NULL)';
			} else {
				$where_query[] = '(ax.section_value='. $this->db->quote($axo_section_value) .' AND ax.value='. $this->db->quote($axo_value) .')';
			}
		}

		// ARO Group
		if ($aro_group_name !== FALSE) {
			$query .= '
				LEFT JOIN	'. $this->_db_table_prefix .'aro_groups_map arg ON a.id=arg.acl_id
				LEFT JOIN	'. $this->_db_table_prefix .'aro_groups rg ON arg.group_id=rg.id';

			if ($aro_group_name == NULL) {
				$where_query[] = '(rg.name IS NULL)';
			} else {
				$where_query[] = '(rg.name='. $this->db->quote($aro_group_name) .')';
			}
		}

		// AXO Group
		if ($axo_group_name !== FALSE) {
			$query .= '
				LEFT JOIN	'. $this->_db_table_prefix .'axo_groups_map axg ON a.id=axg.acl_id
				LEFT JOIN	'. $this->_db_table_prefix .'axo_groups xg ON axg.group_id=xg.id';

			if ($axo_group_name == NULL) {
				$where_query[] = '(xg.name IS NULL)';
			} else {
				$where_query[] = '(xg.name='. $this->db->quote($axo_group_name) .')';
			}
		}
		if ($return_value != FALSE) {
			if ($return_value == NULL) {
				$where_query[] = '(a.return_value IS NULL)';
			} else {
				$where_query[] = '(a.return_value='. $this->db->quote($return_value) .')';
			}
		}

		if (count($where_query) > 0) {
			$query .= '
				WHERE		'. implode (' AND ', $where_query);
		}

		return $this->db->GetCol($query);
	}

	/**
	 * append_acl()
	 *
	 * Appends objects on to a specific ACL.
	 *
	 * @return bool TRUE if successful, FALSE otherwise.
	 *
	 * @param int ACL ID #
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Array of Group IDs
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Array of Group IDs
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 */
	function append_acl($acl_id, $aro_array=NULL, $aro_group_ids=NULL, $axo_array=NULL, $axo_group_ids=NULL, $aco_array=NULL) {
		$this->debug_text("append_acl(): ACL_ID: $acl_id");

		$update = 0;

		if (empty($acl_id)) {
			$this->debug_text("append_acl(): No ACL_ID specified! ACL_ID: $acl_id");
			return false;
		}

		//Grab ACL data.
		$acl_array = &$this->get_acl($acl_id);

		//Append each object type seperately.
		if (is_array($aro_array) AND count($aro_array) > 0) {
			$this->debug_text("append_acl(): Appending ARO's");

			while (list($aro_section_value,$aro_value_array) = @each($aro_array)) {
				foreach ($aro_value_array as $aro_value) {
					if ( count($acl_array['aro'][$aro_section_value]) != 0 ) {
						if (!in_array($aro_value, $acl_array['aro'][$aro_section_value])) {
							$this->debug_text("append_acl(): ARO Section Value: $aro_section_value ARO VALUE: $aro_value");
							$acl_array['aro'][$aro_section_value][] = $aro_value;
							$update=1;
						} else {
							$this->debug_text("append_acl(): Duplicate ARO, ignoring... ");
						}
					} else { //Array is empty so add this aro value.
						$acl_array['aro'][$aro_section_value][] = $aro_value;
						$update = 1;
					}
				}
			}
		}

		if (is_array($aro_group_ids) AND count($aro_group_ids) > 0) {
			$this->debug_text("append_acl(): Appending ARO_GROUP_ID's");

			while (list(,$aro_group_id) = @each($aro_group_ids)) {
				if (!is_array($acl_array['aro_groups']) OR !in_array($aro_group_id, $acl_array['aro_groups'])) {
					$this->debug_text("append_acl(): ARO Group ID: $aro_group_id");
					$acl_array['aro_groups'][] = $aro_group_id;
					$update = 1;
				} else {
					$this->debug_text("append_acl(): Duplicate ARO_Group_ID, ignoring... ");
				}
			}
		}

		if (is_array($axo_array) AND count($axo_array) > 0) {
			$this->debug_text("append_acl(): Appending AXO's");

			while (list($axo_section_value,$axo_value_array) = @each($axo_array)) {
				foreach ($axo_value_array as $axo_value) {
					if (!in_array($axo_value, $acl_array['axo'][$axo_section_value])) {
						$this->debug_text("append_acl(): AXO Section Value: $axo_section_value AXO VALUE: $axo_value");
						$acl_array['axo'][$axo_section_value][] = $axo_value;
						$update = 1;
					} else {
						$this->debug_text("append_acl(): Duplicate AXO, ignoring... ");
					}

				}
			}
		}

		if (is_array($axo_group_ids) AND count($axo_group_ids) > 0) {
			$this->debug_text("append_acl(): Appending AXO_GROUP_ID's");
			while (list(,$axo_group_id) = @each($axo_group_ids)) {
				if (!is_array($acl_array['axo_groups']) OR !in_array($axo_group_id, $acl_array['axo_groups'])) {
					$this->debug_text("append_acl(): AXO Group ID: $axo_group_id");
					$acl_array['axo_groups'][] = $axo_group_id;
					$update = 1;
				} else {
					$this->debug_text("append_acl(): Duplicate ARO_Group_ID, ignoring... ");
				}
			}
		}

		if (is_array($aco_array) AND count($aco_array) > 0) {
			$this->debug_text("append_acl(): Appending ACO's");

			while (list($aco_section_value,$aco_value_array) = @each($aco_array)) {
				foreach ($aco_value_array as $aco_value) {
					if (!in_array($aco_value, $acl_array['aco'][$aco_section_value])) {
						$this->debug_text("append_acl(): ACO Section Value: $aco_section_value ACO VALUE: $aco_value");
						$acl_array['aco'][$aco_section_value][] = $aco_value;
						$update = 1;
					} else {
						$this->debug_text("append_acl(): Duplicate ACO, ignoring... ");
					}
				}
			}
		}

		if ($update == 1) {
			$this->debug_text("append_acl(): Update flag set, updating ACL.");
			//function edit_acl($acl_id, $aco_array, $aro_array, $aro_group_ids=NULL, $axo_array=NULL, $axo_group_ids=NULL, $allow=1, $enabled=1, $return_value=NULL, $note=NULL) {
			return $this->edit_acl($acl_id, $acl_array['aco'], $acl_array['aro'], $acl_array['aro_groups'], $acl_array['axo'], $acl_array['axo_groups'], $acl_array['allow'], $acl_array['enabled'], $acl_array['return_value'], $acl_array['note']);
		}

		//Return true if everything is duplicate and no ACL id updated.
		$this->debug_text("append_acl(): Update flag not set, NOT updating ACL.");
		return true;
	}

	/**
	 * shift_acl()
	 *
	 * Opposite of append_acl(). Removes objects from a specific ACL. (named after PHP's array_shift())
	 *
	 * @return bool TRUE if successful, FALSE otherwise.
	 *
	 * @param int ACL ID #
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Array of Group IDs
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Array of Group IDs
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 */
	function shift_acl($acl_id, $aro_array=NULL, $aro_group_ids=NULL, $axo_array=NULL, $axo_group_ids=NULL, $aco_array=NULL) {
		$this->debug_text("shift_acl(): ACL_ID: $acl_id");

		$update = 0;

		if (empty($acl_id)) {
			$this->debug_text("shift_acl(): No ACL_ID specified! ACL_ID: $acl_id");
			return false;
		}

		//Grab ACL data.
		$acl_array = &$this->get_acl($acl_id);

		//showarray($acl_array);
		//Remove each object type seperately.
		if (is_array($aro_array) AND count($aro_array) > 0) {
			$this->debug_text("shift_acl(): Removing ARO's");

			while (list($aro_section_value,$aro_value_array) = @each($aro_array)) {
				foreach ($aro_value_array as $aro_value) {
					$this->debug_text("shift_acl(): ARO Section Value: $aro_section_value ARO VALUE: $aro_value");

					//Only search if aro array contains data.
					if ( count($acl_array['aro'][$aro_section_value]) != 0 ) {
						$aro_key = array_search($aro_value, $acl_array['aro'][$aro_section_value]);

						if ($aro_key !== FALSE) {
							$this->debug_text("shift_acl(): Removing ARO. ($aro_key)");
							unset($acl_array['aro'][$aro_section_value][$aro_key]);
							$update = 1;
						} else {
							$this->debug_text("shift_acl(): ARO doesn't exist, can't remove it.");
						}
					}

				}
			}
		}

		if (is_array($aro_group_ids) AND count($aro_group_ids) > 0) {
			$this->debug_text("shift_acl(): Removing ARO_GROUP_ID's");

			while (list(,$aro_group_id) = @each($aro_group_ids)) {
				$this->debug_text("shift_acl(): ARO Group ID: $aro_group_id");
				$aro_group_key = array_search($aro_group_id, $acl_array['aro_groups']);

				if ($aro_group_key !== FALSE) {
					$this->debug_text("shift_acl(): Removing ARO Group. ($aro_group_key)");
					unset($acl_array['aro_groups'][$aro_group_key]);
					$update = 1;
				} else {
					$this->debug_text("shift_acl(): ARO Group doesn't exist, can't remove it.");
				}
			}
		}

		if (is_array($axo_array) AND count($axo_array) > 0) {
			$this->debug_text("shift_acl(): Removing AXO's");

			while (list($axo_section_value,$axo_value_array) = @each($axo_array)) {
				foreach ($axo_value_array as $axo_value) {
					$this->debug_text("shift_acl(): AXO Section Value: $axo_section_value AXO VALUE: $axo_value");
					$axo_key = array_search($axo_value, $acl_array['axo'][$axo_section_value]);

					if ($axo_key !== FALSE) {
						$this->debug_text("shift_acl(): Removing AXO. ($axo_key)");
						unset($acl_array['axo'][$axo_section_value][$axo_key]);
						$update = 1;
					} else {
						$this->debug_text("shift_acl(): AXO doesn't exist, can't remove it.");
					}
				}
			}
		}

		if (is_array($axo_group_ids) AND count($axo_group_ids) > 0) {
			$this->debug_text("shift_acl(): Removing AXO_GROUP_ID's");

			while (list(,$axo_group_id) = @each($axo_group_ids)) {
				$this->debug_text("shift_acl(): AXO Group ID: $axo_group_id");
				$axo_group_key = array_search($axo_group_id, $acl_array['axo_groups']);

				if ($axo_group_key !== FALSE) {
					$this->debug_text("shift_acl(): Removing AXO Group. ($axo_group_key)");
					unset($acl_array['axo_groups'][$axo_group_key]);
					$update = 1;
				} else {
					$this->debug_text("shift_acl(): AXO Group doesn't exist, can't remove it.");
				}
			}
		}

		if (is_array($aco_array) AND count($aco_array) > 0) {
			$this->debug_text("shift_acl(): Removing ACO's");

			while (list($aco_section_value,$aco_value_array) = @each($aco_array)) {
				foreach ($aco_value_array as $aco_value) {
					$this->debug_text("shift_acl(): ACO Section Value: $aco_section_value ACO VALUE: $aco_value");
					$aco_key = array_search($aco_value, $acl_array['aco'][$aco_section_value]);

					if ($aco_key !== FALSE) {
						$this->debug_text("shift_acl(): Removing ACO. ($aco_key)");
						unset($acl_array['aco'][$aco_section_value][$aco_key]);
						$update = 1;
					} else {
						$this->debug_text("shift_acl(): ACO doesn't exist, can't remove it.");
					}
				}
			}
		}

		if ($update == 1) {
			//We know something was changed, so lets see if no ACO's or no ARO's are left assigned to this ACL, if so, delete the ACL completely.
			//$this->showarray($acl_array);
			$this->debug_text("shift_acl(): ACOs: ". $this->count_all($acl_array['aco']) ." AROs: ".$this->count_all($acl_array['aro'])."");

			if ( $this->count_all($acl_array['aco']) == 0
					OR ( $this->count_all($acl_array['aro']) == 0
						AND ( $this->count_all($acl_array['axo']) == 0 OR $acl_array['axo'] == FALSE)
						AND (count($acl_array['aro_groups']) == 0 OR $acl_array['aro_groups'] == FALSE)
						AND (count($acl_array['axo_groups']) == 0 OR $acl_array['axo_groups'] == FALSE)
						) ) {
				$this->debug_text("shift_acl(): No ACOs or ( AROs AND AXOs AND ARO Groups AND AXO Groups) left assigned to this ACL (ID: $acl_id), deleting ACL.");

				return $this->del_acl($acl_id);
			}

			$this->debug_text("shift_acl(): Update flag set, updating ACL.");

			return $this->edit_acl($acl_id, $acl_array['aco'], $acl_array['aro'], $acl_array['aro_groups'], $acl_array['axo'], $acl_array['axo_groups'], $acl_array['allow'], $acl_array['enabled'], $acl_array['return_value'], $acl_array['note']);
		}

		//Return true if everything is duplicate and no ACL id updated.
		$this->debug_text("shift_acl(): Update flag not set, NOT updating ACL.");
		return true;
	}

	/**
	 * get_acl()
	 *
	 * Grabs ACL data.
	 *
	 * @return bool FALSE if not found, or Associative Array with the following items:
	 *
	 *	- 'aco' => Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 *	- 'aro' => Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 *	- 'axo' => Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 *	- 'aro_groups' => Array of Group IDs
	 *	- 'axo_groups' => Array of Group IDs
	 *	- 'acl_id' => int ACL ID #
	 *	- 'allow' => int Allow flag
	 *	- 'enabled' => int Enabled flag
	 *	- 'return_value' => string Return Value
	 *	- 'note' => string Note
	 *
	 * @param int ACL ID #
	 */
	function get_acl($acl_id) {

		$this->debug_text("get_acl(): ACL_ID: $acl_id");

		if (empty($acl_id)) {
			$this->debug_text("get_acl(): No ACL_ID specified! ACL_ID: $acl_id");
			return false;
		}

		//Grab ACL information
		$query = "select id, allow, enabled, return_value, note from ".$this->_db_table_prefix."acl where id = ".$acl_id."";
		$acl_row = $this->db->GetRow($query);

		// return false if not found
		if (!$acl_row) {
			$this->debug_text("get_acl(): No ACL found for that ID! ACL_ID: $acl_id");
			return false;
		}

		list($retarr['acl_id'], $retarr['allow'], $retarr['enabled'], $retarr['return_value'], $retarr['note']) = $acl_row;

		//Grab selected ACO's
		$query = "select distinct a.section_value, a.value, c.name, b.name from ".$this->_db_table_prefix."aco_map a, ".$this->_db_table_prefix."aco b, ".$this->_db_table_prefix."aco_sections c
							where ( a.section_value=b.section_value AND a.value = b.value) AND b.section_value=c.value AND a.acl_id = $acl_id";
		$rs = $this->db->Execute($query);
		$rows = $rs->GetRows();

		$retarr['aco'] = array();
		while (list(,$row) = @each($rows)) {
			list($section_value, $value, $section, $aco) = $row;
			$this->debug_text("Section Value: $section_value Value: $value Section: $section ACO: $aco");

			$retarr['aco'][$section_value][] = $value;

		}
		//showarray($aco);

		//Grab selected ARO's
		$query = "select distinct a.section_value, a.value, c.name, b.name from ".$this->_db_table_prefix."aro_map a, ".$this->_db_table_prefix."aro b, ".$this->_db_table_prefix."aro_sections c
							where ( a.section_value=b.section_value AND a.value = b.value) AND b.section_value=c.value AND a.acl_id = $acl_id";
		$rs = $this->db->Execute($query);
		$rows = $rs->GetRows();

		$retarr['aro'] = array();
		while (list(,$row) = @each($rows)) {
			list($section_value, $value, $section, $aro) = $row;
			$this->debug_text("Section Value: $section_value Value: $value Section: $section ARO: $aro");

			$retarr['aro'][$section_value][] = $value;

		}
		//showarray($options_aro);

		//Grab selected AXO's
		$query = "select distinct a.section_value, a.value, c.name, b.name from ".$this->_db_table_prefix."axo_map a, ".$this->_db_table_prefix."axo b, ".$this->_db_table_prefix."axo_sections c
							where ( a.section_value=b.section_value AND a.value = b.value) AND b.section_value=c.value AND a.acl_id = $acl_id";
		$rs = $this->db->Execute($query);
		$rows = $rs->GetRows();

		$retarr['axo'] = array();
		while (list(,$row) = @each($rows)) {
			list($section_value, $value, $section, $axo) = $row;
			$this->debug_text("Section Value: $section_value Value: $value Section: $section AXO: $axo");

			$retarr['axo'][$section_value][] = $value;

		}
		//showarray($options_aro);

		//Grab selected ARO groups.
		$retarr['aro_groups'] = array();
		$query = "select distinct group_id from ".$this->_db_table_prefix."aro_groups_map where  acl_id = $acl_id";
		$retarr['aro_groups'] = $this->db->GetCol($query);
		//showarray($selected_groups);

		//Grab selected AXO groups.
		$retarr['axo_groups'] = array();
		$query = "select distinct group_id from ".$this->_db_table_prefix."axo_groups_map where  acl_id = $acl_id";
		$retarr['axo_groups'] = $this->db->GetCol($query);
		//showarray($selected_groups);

		return $retarr;
	}

	/**
	 * is_conflicting_acl()
	 *
	 * Checks for conflicts when adding a specific ACL.
	 *
	 * @return bool Returns true if conflict is found.
	 *
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Array of Group IDs
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Array of Group IDs
	 * @param array Array of ACL IDs to ignore from the result set.
	 *
	 */
	function is_conflicting_acl($aco_array, $aro_array, $aro_group_ids=NULL, $axo_array=NULL, $axo_group_ids=NULL, $ignore_acl_ids=NULL) {
		//Check for potential conflicts. Ignore groups, as groups will almost always have "conflicting" ACLs.
		//Thats part of inheritance.

		if (!is_array($aco_array)) {
			$this->debug_text('is_conflicting_acl(): Invalid ACO Array.');
			return FALSE;
		}

		if (!is_array($aro_array)) {
			$this->debug_text('is_conflicting_acl(): Invalid ARO Array.');
			return FALSE;
		}

		$query  = '
			SELECT		a.id
			FROM		'. $this->_db_table_prefix .'acl a
			LEFT JOIN	'. $this->_db_table_prefix .'aco_map ac ON ac.acl_id=a.id
			LEFT JOIN	'. $this->_db_table_prefix .'aro_map ar ON ar.acl_id=a.id
			LEFT JOIN	'. $this->_db_table_prefix .'axo_map ax ON ax.acl_id=a.id
			LEFT JOIN	'. $this->_db_table_prefix .'axo_groups_map axg ON axg.acl_id=a.id
			LEFT JOIN	'. $this->_db_table_prefix .'axo_groups xg ON xg.id=axg.group_id
			';

		//ACO
		foreach ($aco_array as $aco_section_value => $aco_value_array) {
			$this->debug_text("is_conflicting_acl(): ACO Section Value: $aco_section_value ACO VALUE: $aco_value_array");
			//showarray($aco_array);

			if (!is_array($aco_value_array)) {
				$this->debug_text('is_conflicting_acl(): Invalid Format for ACO Array item. Skipping...');
				continue;
				// return TRUE;
			}
			//Move the below line in to the LEFT JOIN above for PostgreSQL sake.
			//'ac1' => 'ac.acl_id=a.id',
			$where_query = array(
				'ac2' => '(ac.section_value='. $this->db->quote($aco_section_value) .' AND ac.value IN (\''. implode ('\',\'', $aco_value_array) .'\'))'
			);

			//ARO
			foreach ($aro_array as $aro_section_value => $aro_value_array) {
				$this->debug_text("is_conflicting_acl(): ARO Section Value: $aro_section_value ARO VALUE: $aro_value_array");

				if (!is_array($aro_value_array))
				{
					$this->debug_text('is_conflicting_acl(): Invalid Format for ARO Array item. Skipping...');
					continue;
					// return TRUE;
				}

				$this->debug_text("is_conflicting_acl(): Search: ACO Section: $aco_section_value ACO Value: $aco_value_array ARO Section: $aro_section_value ARO Value: $aro_value_array");

				//Move the below line in to the LEFT JOIN above for PostgreSQL sake.
				//$where_query['ar1'] = 'ar.acl_id=a.id';
				$where_query['ar2'] = '(ar.section_value='. $this->db->quote($aro_section_value) .' AND ar.value IN (\''. implode ('\',\'', $aro_value_array) .'\'))';

				if (is_array($axo_array) AND count($axo_array) > 0) {
					foreach ($axo_array as $axo_section_value => $axo_value_array) {
						$this->debug_text("is_conflicting_acl(): AXO Section Value: $axo_section_value AXO VALUE: $axo_value_array");

						if (!is_array($axo_value_array)) {
							$this->debug_text('is_conflicting_acl(): Invalid Format for AXO Array item. Skipping...');
							continue;
							// return TRUE;
						}

						$this->debug_text("is_conflicting_acl(): Search: ACO Section: $aco_section_value ACO Value: $aco_value_array ARO Section: $aro_section_value ARO Value: $aro_value_array AXO Section: $axo_section_value AXO Value: $axo_value_array");

						//$where_query['ax1'] = 'ax.acl_id=x.id';
						$where_query['ax1'] = 'ax.acl_id=a.id';
						$where_query['ax2'] = '(ax.section_value='. $this->db->quote($axo_section_value) .' AND ax.value IN (\''. implode ('\',\'', $axo_value_array) .'\'))';

						$where  = 'WHERE ' . implode(' AND ', $where_query);

						$conflict_result = $this->db->GetCol($query . $where);

						if (is_array($conflict_result) AND !empty($conflict_result)) {
							// showarray($conflict_result);

							if (is_array($ignore_acl_ids)) {
								$conflict_result = array_diff($conflict_result, $ignore_acl_ids);
							}

							if (count($conflict_result) > 0) {
								$conflicting_acls_str = implode(',', $conflict_result);
								$this->debug_text("is_conflicting_acl(): Conflict FOUND!!! ACL_IDS: ($conflicting_acls_str)");
								return TRUE;
							}
						}
					}
				} else {
					$where_query['ax1'] = '(ax.section_value IS NULL AND ax.value IS NULL)';
					$where_query['ax2'] = 'xg.name IS NULL';

					$where  = 'WHERE ' . implode(' AND ', $where_query);

					$conflict_result = $this->db->GetCol($query . $where);

					if (is_array($conflict_result) AND !empty($conflict_result)) {
						// showarray($conflict_result);

						if (is_array($ignore_acl_ids)) {
							$conflict_result = array_diff($conflict_result, $ignore_acl_ids);
						}

						if (count($conflict_result) > 0) {
							$conflicting_acls_str = implode(',', $conflict_result);
							$this->debug_text("is_conflicting_acl(): Conflict FOUND!!! ACL_IDS: ($conflicting_acls_str)");
							return TRUE;
						}
					}
				}
			}
		}

		$this->debug_text('is_conflicting_acl(): No conflicting ACL found.');
		return FALSE;
	}

	/**
	 * add_acl()
	 *
	 * Add's an ACL. ACO_IDS, ARO_IDS, GROUP_IDS must all be arrays.
	 *
	 * @return bool Return ACL ID of new ACL if successful, FALSE otherewise.
	 *
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Array of Group IDs
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Array of Group IDs
	 * @param int Allow flag
	 * @param int Enabled flag
	 * @param string Return Value
	 * @param string Note
	 * @param string ACL Section Value
	 * @param int ACL ID # Specific Request

	 */
	function add_acl($aco_array, $aro_array, $aro_group_ids=NULL, $axo_array=NULL, $axo_group_ids=NULL, $allow=1, $enabled=1, $return_value=NULL, $note=NULL, $section_value=NULL, $acl_id=FALSE ) {

		$this->debug_text("add_acl():");

		if (count($aco_array) == 0) {
			$this->debug_text("Must select at least one Access Control Object");
			return false;
		}

		if (count($aro_array) == 0 AND count($aro_group_ids) == 0) {
			$this->debug_text("Must select at least one Access Request Object or Group");
			return false;
		}

		if (empty($allow)) {
			$allow=0;
		}

		if (empty($enabled)) {
			$enabled=0;
		}

		if (!empty($section_value)
			AND !$this->get_object_section_section_id(NULL, $section_value, 'ACL')) {
			$this->debug_text("add_acl(): Section Value: $section_value DOES NOT exist in the database.");
			return false;
		}

		//Unique the group arrays. Later one we unique ACO/ARO/AXO arrays.
		if (is_array($aro_group_ids)) {
			$aro_group_ids = array_unique($aro_group_ids);
		}
		if (is_array($axo_group_ids)) {
			$axo_group_ids = array_unique($axo_group_ids);
		}

		//Check for conflicting ACLs.
		if ($this->is_conflicting_acl($aco_array,$aro_array,$aro_group_ids,$axo_array,$axo_group_ids,array($acl_id))) {
			$this->debug_text("add_acl(): Detected possible ACL conflict, not adding ACL!");
			return false;
		}

		//Edit ACL if acl_id is set. This is simply if we're being called by edit_acl().
		if ($this->get_acl($acl_id) == FALSE) {
			if ( empty($section_value) ) {
				$section_value='system';
				if( !$this->get_object_section_section_id(NULL, $section_value, 'ACL') ) {
					// Use the acl section with the lowest order value.
					$acl_sections_table = $this->_db_table_prefix .'acl_sections';
					$acl_section_order_value = $this->db->GetOne("SELECT min(order_value) from $acl_sections_table");

					$query = "
						SELECT value
						FROM $acl_sections_table
						WHERE order_value = $acl_section_order_value
					";
					$section_value = $this->db->GetOne($query);

					if ( empty($section_value) ) {
						$this->debug_text("add_acl(): No valid acl section found.");
						return false;
					} else {
						$this->debug_text("add_acl(): Using default section value: $section_value.");
					}
				}
			}

			//ACL not specified, so create acl_id
			if (empty($acl_id)) {
				//Create ACL row first, so we have the acl_id
				$acl_id = $this->db->GenID($this->_db_table_prefix.'acl_seq',10);

				//Double check the ACL ID was generated.
				if (empty($acl_id)) {
					$this->debug_text("add_acl(): ACL_ID generation failed!");
					return false;
				}
			}

			//Begin transaction _after_ GenID. Because on the first run, if GenID has to create the sequence,
			//the transaction will fail.
			$this->db->BeginTrans();

			$query = 'INSERT INTO '.$this->_db_table_prefix.'acl (id,section_value,allow,enabled,return_value,note,updated_date) VALUES('. $acl_id .','. $this->db->quote($section_value) .','. $allow .','. $enabled .','. $this->db->quote($return_value) .', '. $this->db->quote($note) .','. time() .')';
			$result = $this->db->Execute($query);
		} else {
			$section_sql = '';
			if ( !empty($section_value) ) {
				$section_sql = 'section_value='. $this->db->quote ($section_value) .',';
			}

			$this->db->BeginTrans();

			//Update ACL row, and remove all mappings so they can be re-inserted.
			$query  = '
				UPDATE	'. $this->_db_table_prefix .'acl
				SET             ' . $section_sql . '
						allow='. $allow .',
						enabled='. $enabled .',
						return_value='. $this->db->quote($return_value) .',
						note='. $this->db->quote($note) .',
						updated_date='. time() .'
				WHERE	id='. $acl_id;
			$result = $this->db->Execute($query);

			if ($result) {
				$this->debug_text("Update completed without error, delete mappings...");
				//Delete all mappings so they can be re-inserted.
				foreach (array('aco_map', 'aro_map', 'axo_map', 'aro_groups_map', 'axo_groups_map') as $map) {
					$query = 'DELETE FROM '. $this->_db_table_prefix . $map .' WHERE acl_id='. $acl_id;
					$rs = $this->db->Execute($query);

					if (!is_object($rs))
					{
						$this->debug_db('add_acl');
						$this->db->RollBackTrans();
						return FALSE;
					}
				}
			}
		}

		if (!is_object($result)) {
			$this->debug_db('add_acl');
			$this->db->RollBackTrans();
			return false;
		}

		$this->debug_text("Insert or Update completed without error, insert new mappings.");
		// Insert ACO/ARO/AXO mappings
		foreach (array('aco', 'aro', 'axo') as $map) {
			$map_array = ${$map .'_array'};

			if (!is_array ($map_array)) {
				continue;
			}

			foreach ($map_array as $section_value => $value_array) {
				$this->debug_text ('Insert: '. strtoupper($map) .' Section Value: '. $section_value .' '. strtoupper($map) .' VALUE: '. $value_array);
				// $this->showarray ($aco_value_array);

				if (!is_array($value_array)) {
					$this->debug_text ('add_acl (): Invalid Format for '. strtoupper ($map) .' Array item. Skipping...');
					continue;
					// return true;
				}

				$value_array = array_unique($value_array);

				foreach ($value_array as $value) {
					$object_id = &$this->get_object_id($section_value, $value, $map);

					if (empty($object_id))
					{
						$this->debug_text('add_acl(): '. strtoupper($map) . " Object Section Value: $section_value Value: $value DOES NOT exist in the database. Skipping...");
						$this->db->RollBackTrans();
						return false;
					}

					$query  = 'INSERT INTO '. $this->_db_table_prefix . $map .'_map (acl_id,section_value,value) VALUES ('. $acl_id .', '. $this->db->quote($section_value) .', '. $this->db->quote($value) .')';
					$rs = $this->db->Execute($query);

					if (!is_object($rs))
					{
						$this->debug_db('add_acl');
						$this->db->RollBackTrans();
						return false;
					}
				}
			}
		}

		// Insert ARO/AXO GROUP mappings
		foreach (array('aro', 'axo') as $map) {
			$map_group_ids = ${$map .'_group_ids'};

			if (!is_array($map_group_ids)) {
				continue;
			}

			foreach ($map_group_ids as $group_id) {
				$this->debug_text ('Insert: '. strtoupper($map) .' GROUP ID: '. $group_id);

				$group_data = &$this->get_group_data($group_id, $map);

				if (empty($group_data)) {
					$this->debug_text('add_acl(): '. strtoupper($map) . " Group: $group_id DOES NOT exist in the database. Skipping...");
					$this->db->RollBackTrans();
					return false;
				}

				$query  = 'INSERT INTO '. $this->_db_table_prefix . $map .'_groups_map (acl_id,group_id) VALUES ('. $acl_id .', '. $group_id .')';
				$rs = $this->db->Execute($query);

				if (!is_object($rs)) {
					$this->debug_db('add_acl');
					$this->db->RollBackTrans();
					return false;
				}
			}
		}

		$this->db->CommitTrans();

		if ($this->_caching == TRUE AND $this->_force_cache_expire == TRUE) {
			//Expire all cache.
			$this->Cache_Lite->clean('default');
		}

		//Return only the ID in the first row.
		return $acl_id;
	}

	/**
	 * edit_acl()
	 *
	 * Edit's an ACL, ACO_IDS, ARO_IDS, GROUP_IDS must all be arrays.
	 *
	 * @return bool Return TRUE if successful, FALSE otherewise.
	 *
	 * @param int ACL ID # to edit
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Array of Group IDs
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Array of Group IDs
	 * @param int Allow flag
	 * @param int Enabled flag
	 * @param string Return Value
	 * @param string Note
	 * @param string ACL Section Value
	 */
	function edit_acl($acl_id, $aco_array, $aro_array, $aro_group_ids=NULL, $axo_array=NULL, $axo_group_ids=NULL, $allow=1, $enabled=1, $return_value=NULL, $note=NULL, $section_value=NULL) {

		$this->debug_text("edit_acl():");

		if (empty($acl_id) ) {
			$this->debug_text("edit_acl(): Must specify a single ACL_ID to edit");
			return false;
		}
		if (count($aco_array) == 0) {
			$this->debug_text("edit_acl(): Must select at least one Access Control Object");
			return false;
		}

		if (count($aro_array) == 0 AND count($aro_group_ids) == 0) {
			$this->debug_text("edit_acl(): Must select at least one Access Request Object or Group");
			return false;
		}

		if (empty($allow)) {
			$allow=0;
		}

		if (empty($enabled)) {
			$enabled=0;
		}

		//if ($this->add_acl($aco_array, $aro_array, $group_ids, $allow, $enabled, $acl_id)) {
		if ($this->add_acl($aco_array, $aro_array, $aro_group_ids, $axo_array, $axo_group_ids, $allow, $enabled, $return_value, $note, $section_value, $acl_id)) {
			return true;
		} else {
			$this->debug_text("edit_acl(): error in add_acl()");
			return false;
		}
	}

	/**
	 * del_acl()
	 *
	 * Deletes a given ACL
	 *
	 * @return bool Returns TRUE if successful, FALSE otherwise.
	 *
	 * @param int ACL ID # to delete
	 */
	function del_acl($acl_id) {

		$this->debug_text("del_acl(): ID: $acl_id");

		if (empty($acl_id) ) {
			$this->debug_text("del_acl(): ACL_ID ($acl_id) is empty, this is required");
			return false;
		}

		$this->db->BeginTrans();

		// Delete all mappings to the ACL first
		foreach (array('aco_map', 'aro_map', 'axo_map', 'aro_groups_map', 'axo_groups_map') as $map) {
			$query  = 'DELETE FROM '. $this->_db_table_prefix . $map .' WHERE acl_id='. $acl_id;
			$rs = $this->db->Execute($query);

			if (!is_object($rs)) {
				$this->debug_db('del_acl');
				$this->db->RollBackTrans();
				return false;
			}
		}

		// Delete the ACL
		$query  = 'DELETE FROM '. $this->_db_table_prefix .'acl WHERE id='. $acl_id;
		$this->debug_text('delete query: '. $query);
		$rs = $this->db->Execute($query);

		if (!is_object($rs)) {
			$this->debug_db('del_acl');
			$this->db->RollBackTrans();
			return false;
		}

		$this->debug_text("del_acl(): deleted ACL ID: $acl_id");
		$this->db->CommitTrans();

		if ($this->_caching == TRUE AND $this->_force_cache_expire == TRUE) {
			//Expire all cache.
			$this->Cache_Lite->clean('default');
		}

		return TRUE;
	}


	/*
	 *
	 * Groups
	 *
	 */

	/**
	 * sort_groups()
	 *
	 * Grabs all the groups from the database doing preliminary grouping by parent
	 *
	 * @return array Returns 2-Dimensional array: $array[<parent_id>][<group_id>] = <group_name>
	 *
	 * @param string Group Type, either 'ARO' or 'AXO'
	 */
	function sort_groups($group_type='ARO') {

		switch(strtolower(trim($group_type))) {
			case 'axo':
				$table = $this->_db_table_prefix .'axo_groups';
				break;
			default:
				$table = $this->_db_table_prefix .'aro_groups';
				break;
		}

		//Grab all groups from the database.
		$query  = 'SELECT id, parent_id, name FROM '. $table .' ORDER BY parent_id, name';
		$rs = $this->db->Execute($query);

		if (!is_object($rs)) {
			$this->debug_db('sort_groups');
			return false;
		}

		/*
		 * Save groups in an array sorted by parent. Should be make it easier for later on.
		 */
		$sorted_groups = array();

		while ($row = $rs->FetchRow()) {
			$id = &$row[0];
			$parent_id = &$row[1];
			$name = &$row[2];

			$sorted_groups[$parent_id][$id] = $name;
		}

		return $sorted_groups;
	}

	/**
	 * format_groups()
	 *
	 * Takes the array returned by sort_groups() and formats for human
	 * consumption. Recursively calls itself to produce the desired output.
	 *
	 * @return array Array of formatted text, ordered by group id, formatted according to $type
	 *
	 * @param array Output from gacl_api->sorted_groups($group_type)
	 * @param array Output type desired, either 'TEXT', 'HTML', or 'ARRAY'
	 * @param int Root of tree to produce
	 * @param int Current level of depth
	 * @param array Pass the current formatted groups object for appending via recursion.
	 */
	function format_groups($sorted_groups, $type='TEXT', $root_id=0, $level=0, $formatted_groups=NULL) {
		if ( !is_array ($sorted_groups) ) {
			return FALSE;
		}

		if ( !is_array ($formatted_groups) ) {
			$formatted_groups = array ();
		}

		//$this->showarray($formatted_groups);

		//while (list($id,$name) = @each($sorted_groups[$root_id])) {
		if (isset($sorted_groups[$root_id])) {
			//$last_id = end( array_keys($sorted_groups[$root_id]));
			//PHP5 compatibility
			$keys = array_keys($sorted_groups[$root_id]);
			$last_id = end($keys);
			unset($keys);

			foreach ($sorted_groups[$root_id] as $id => $name) {
				switch (strtoupper($type)) {
					case 'TEXT':
						/*
						 * Formatting optimized for TEXT (combo box) output.
						 */

						if ( is_numeric($level) ) {
							$level = str_repeat('&nbsp;&nbsp; ', $level);
						}

						if ( strlen($level) >= 8 ) {
							if ( $id == $last_id ) {
								$spacing = substr($level, 0, -8) .'\'- ';
								$level = substr($level, 0, -8) .'&nbsp;&nbsp; ';
							} else {
								$spacing = substr($level, 0, -8) .'|- ';
							}
						} else {
							$spacing = $level;
						}

						$next = $level .'|&nbsp; ';
						$text = $spacing.$name;
						break;
					case 'HTML':
						/*
						 * Formatting optimized for HTML (tables) output.
						 */
						$width= $level * 20;
						$spacing = "<img src=\"s.gif\" width=\"$width\">";
						$next = $level + 1;
						$text = $spacing." ".$name;
						break;
					case 'ARRAY':
						$next = $level;
						$text = $name;
						break;
					default:
						return FALSE;
				}

				$formatted_groups[$id] = $text;
				/*
				 * Recurse if we can.
				 */

				//if (isset($sorted_groups[$id]) AND count($sorted_groups[$id]) > 0) {
				if (isset($sorted_groups[$id]) ) {
					//$this->debug_text("format_groups(): Recursing! Level: $level");
					$formatted_groups = $this->format_groups($sorted_groups, $type, $id, $next, $formatted_groups);
				} else {
					//$this->debug_text("format_groups(): Found last branch!");
				}
			}
		}

		//$this->debug_text("format_groups(): Returning final array.");

		return $formatted_groups;
	}

	/**
	 * get_group_id()
	 *
	 * Gets the group_id given the name or value.
	 *
	 * Will only return one group id, so if there are duplicate names, it will return false.
	 *
	 * @return int Returns Group ID if found and Group ID is unique in database, otherwise, returns FALSE
	 *
	 * @param string Group Value
	 * @param string Group Name
	 * @param string Group Type, either 'ARO' or 'AXO'
	 */
	function get_group_id($value = NULL, $name = NULL, $group_type = 'ARO') {

		$this->debug_text("get_group_id(): Value: $value, Name: $name, Type: $group_type" );

		switch(strtolower(trim($group_type))) {
			case 'axo':
				$table = $this->_db_table_prefix .'axo_groups';
				break;
			default:
				$table = $this->_db_table_prefix .'aro_groups';
				break;
		}

		$name = trim($name);
		$value = trim($value);

		if (empty($name) AND empty($value) ) {
			$this->debug_text("get_group_id(): name and value, at least one is required");
			return false;
		}

		$query = 'SELECT id FROM '. $table .' WHE…