PageRenderTime 1443ms CodeModel.GetById 32ms RepoModel.GetById 0ms app.codeStats 1ms

/app/protected/modules/zurmo/utils/ReadPermissionsOptimizationUtil.php

https://bitbucket.org/ddonthula/zurmounl
PHP | 1030 lines | 864 code | 73 blank | 93 comment | 80 complexity | 90553b70fbe353d6de86470f960b03de MD5 | raw file
Possible License(s): GPL-3.0, BSD-3-Clause, LGPL-3.0, LGPL-2.1, BSD-2-Clause, GPL-2.0 
    

  1. <?php
    2. 

  2.     /*********************************************************************************
    3. 

  3.      * Zurmo is a customer relationship management program developed by
    4. 

  4.      * Zurmo, Inc. Copyright (C) 2012 Zurmo Inc.
    5. 

  5.      *
    6. 

  6.      * Zurmo is free software; you can redistribute it and/or modify it under
    7. 

  7.      * the terms of the GNU General Public License version 3 as published by the
    8. 

  8.      * Free Software Foundation with the addition of the following permission added
    9. 

  9.      * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
    10. 

  10.      * IN WHICH THE COPYRIGHT IS OWNED BY ZURMO, ZURMO DISCLAIMS THE WARRANTY
    11. 

  11.      * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
    12. 

  12.      *
    13. 

  13.      * Zurmo is distributed in the hope that it will be useful, but WITHOUT
    14. 

  14.      * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
    15. 

  15.      * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
    16. 

  16.      * details.
    17. 

  17.      *
    18. 

  18.      * You should have received a copy of the GNU General Public License along with
    19. 

  19.      * this program; if not, see http://www.gnu.org/licenses or write to the Free
    20. 

  20.      * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
    21. 

  21.      * 02110-1301 USA.
    22. 

  22.      *
    23. 

  23.      * You can contact Zurmo, Inc. with a mailing address at 113 McHenry Road Suite 207,
    24. 

  24.      * Buffalo Grove, IL 60089, USA. or at email address contact@zurmo.com.
    25. 

  25.      ********************************************************************************/
    26. 

  26. 

  27.     abstract class ReadPermissionsOptimizationUtil
    28. 

  28.     {
    29. 

  29.         /**
    30. 

  30.          * At some point if performance is a problem with rebuilding activity models, then the stored procedure
    31. 

  31.          * needs to be refactored to somehow support more joins dynamically.
    32. 

  32.          * @see https://www.pivotaltracker.com/story/show/38804909
    33. 

  33.          * @param boolean $forcePhp
    34. 

  34.          */
    35. 

  35.         public static function rebuild($forcePhp = false)
    36. 

  36.         {
    37. 

  37.             //Forcing php way until we can fix failing tests here: AccountReadPermissionsOptimizationScenariosTest
    38. 

  38.             $forcePhp = true;
    39. 

  39.             assert('is_bool($forcePhp)');
    40. 

  40.             foreach (self::getMungableModelClassNames() as $modelClassName)
    41. 

  41.             {
    42. 

  42.                 if (!SECURITY_OPTIMIZED || $forcePhp)
    43. 

  43.                 {
    44. 

  44.                     self::rebuildViaSlowWay($modelClassName);
    45. 

  45.                 }
    46. 

  46.                 else
    47. 

  47.                 {
    48. 

  48.                     //models that extend activity are special and can only be done with the PHP process.  They cannot
    49. 

  49.                     //be done using the stored procedure because it does not support the extra joins needed to determine
    50. 

  50.                     //which securable items to look at.
    51. 

  51.                     if (is_subclass_of($modelClassName, 'Activity'))
    52. 

  52.                     {
    53. 

  53.                         self::rebuildViaSlowWay($modelClassName);
    54. 

  54.                     }
    55. 

  55.                     else
    56. 

  56.                     {
    57. 

  57.                         $modelTableName = RedBeanModel::getTableName($modelClassName);
    58. 

  58.                         $mungeTableName = self::getMungeTableName($modelClassName);
    59. 

  59.                         if (!is_subclass_of($modelClassName, 'OwnedSecurableItem'))
    60. 

  60.                         {
    61. 

  61.                             throw new NotImplementedException($message, $code, $previous);
    62. 

  62.                         }
    63. 

  63.                         if (is_subclass_of($modelClassName, 'Person'))
    64. 

  64.                         {
    65. 

  65.                             if ($modelClassName != 'Contact')
    66. 

  66.                             {
    67. 

  67.                                 throw new NotSupportedException();
    68. 

  68.                             }
    69. 

  69.                             else
    70. 

  70.                             {
    71. 

  71.                                 $modelTableName = Person::getTableName('Person');
    72. 

  72.                             }
    73. 

  73.                         }
    74. 

  74.                         ZurmoDatabaseCompatibilityUtil::
    75. 

  75.                             callProcedureWithoutOuts("rebuild('$modelTableName', '$mungeTableName')");
    76. 

  76.                     }
    77. 

  77.                 }
    78. 

  78.             }
    79. 

  79.         }
    80. 

  80. 

  81.         protected static function rebuildViaSlowWay($modelClassName)
    82. 

  82.         {
    83. 

  83.             // The slow way will remain here as documentation
    84. 

  84.             // for what the optimized way is doing.
    85. 

  85.             $mungeTableName  = self::getMungeTableName($modelClassName);
    86. 

  86.             self::recreateTable($mungeTableName);
    87. 

  87.             //Specifically call RedBeanModel to avoid the use of the security in OwnedSecurableItem since for
    88. 

  88.             //rebuild it needs to look at all models regardless of permissions of the current user.
    89. 

  89.             $modelCount = RedBeanModel::getCount(null, null, $modelClassName);
    90. 

  90.             $subset = intval($modelCount / 20);
    91. 

  91.             if ($subset < 100)
    92. 

  92.             {
    93. 

  93.                 $subset = 100;
    94. 

  94.             }
    95. 

  95.             elseif ($subset > 1000)
    96. 

  96.             {
    97. 

  97.                 $subset = 1000;
    98. 

  98.             }
    99. 

  99.             for ($i = 0; $i < $modelCount; $i += $subset)
    100. 

  100.             {
    101. 

  101.                 //Specifically call RedBeanModel to avoid the use of the security in OwnedSecurableItem since for
    102. 

  102.                 //rebuild it needs to look at all models regardless of permissions of the current user.
    103. 

  103.                 $models = RedBeanModel::getSubset(null, $i, $subset, null, null, $modelClassName);
    104. 

  104.                 foreach ($models as $model)
    105. 

  105.                 {
    106. 

  106.                     assert('$model instanceof SecurableItem');
    107. 

  107.                     $securableItemId = $model->getClassId('SecurableItem');
    108. 

  108.                     $users = User::getAll();
    109. 

  109.                     foreach ($users as $user)
    110. 

  110.                     {
    111. 

  111.                         list($allowPermissions, $denyPermissions) = $model->getExplicitActualPermissions($user);
    112. 

  112.                         $effectiveExplicitPermissions = $allowPermissions & ~$denyPermissions;
    113. 

  113.                         if (($effectiveExplicitPermissions & Permission::READ) == Permission::READ)
    114. 

  114.                         {
    115. 

  115.                             self::incrementCount($mungeTableName, $securableItemId, $user);
    116. 

  116.                         }
    117. 

  117.                     }
    118. 

  118.                     $groups = Group::getAll();
    119. 

  119.                     foreach ($groups as $group)
    120. 

  120.                     {
    121. 

  121.                         list($allowPermissions, $denyPermissions) = $model->getExplicitActualPermissions($group);
    122. 

  122.                         $effectiveExplicitPermissions = $allowPermissions & ~$denyPermissions;
    123. 

  123.                         if (($effectiveExplicitPermissions & Permission::READ) == Permission::READ)
    124. 

  124.                         {
    125. 

  125.                             self::incrementCount($mungeTableName, $securableItemId, $group);
    126. 

  126.                             foreach ($group->users as $user)
    127. 

  127.                             {
    128. 

  128.                                 if ($user->role->id > 0)
    129. 

  129.                                 {
    130. 

  130.                                     self::incrementParentRolesCounts($mungeTableName, $securableItemId, $user->role);
    131. 

  131.                                 }
    132. 

  132.                             }
    133. 

  133.                             foreach ($group->groups as $subGroup)
    134. 

  134.                             {
    135. 

  135.                                 self::processNestedGroupWhereParentHasReadPermissionOnSecurableItem(
    136. 

  136.                                       $mungeTableName, $securableItemId, $subGroup);
    137. 

  137.                             }
    138. 

  138.                         }
    139. 

  139.                     }
    140. 

  140.                     $roles = Role::getAll();
    141. 

  141.                     foreach ($roles as $role)
    142. 

  142.                     {
    143. 

  143.                         $count = self::getRoleMungeCount($model, $role);
    144. 

  144.                         assert('$count >= 0');
    145. 

  145.                         if ($count > 0)
    146. 

  146.                         {
    147. 

  147.                             self::setCount($mungeTableName, $securableItemId, $role, $count);
    148. 

  148.                         }
    149. 

  149.                     }
    150. 

  150.                 }
    151. 

  151.             }
    152. 

  152.         }
    153. 

  153. 

  154.         protected static function processNestedGroupWhereParentHasReadPermissionOnSecurableItem(
    155. 

  155.                                   $mungeTableName, $securableItemId, Group $group)
    156. 

  156.         {
    157. 

  157.             assert('is_string($mungeTableName) && $mungeTableName != ""');
    158. 

  158.             assert('is_int($securableItemId) && $securableItemId > 0');
    159. 

  159.             self::incrementCount($mungeTableName, $securableItemId, $group);
    160. 

  160.             foreach ($group->users as $user)
    161. 

  161.             {
    162. 

  162.                 if ($user->role->id > 0)
    163. 

  163.                 {
    164. 

  164.                     self::incrementParentRolesCounts($mungeTableName, $securableItemId, $user->role);
    165. 

  165.                 }
    166. 

  166.             }
    167. 

  167.             foreach ($group->groups as $subGroup)
    168. 

  168.             {
    169. 

  169.                 self::processNestedGroupWhereParentHasReadPermissionOnSecurableItem(
    170. 

  170.                       $mungeTableName, $securableItemId, $subGroup);
    171. 

  171.             }
    172. 

  172.         }
    173. 

  173. 

  174.         protected static function getRoleMungeCount(SecurableItem $securableItem, Role $role)
    175. 

  175.         {
    176. 

  176.             $count = 0;
    177. 

  177.             foreach ($role->roles as $subRole)
    178. 

  178.             {
    179. 

  179.                 $count += self::getSubRoleMungeCount($securableItem, $subRole);
    180. 

  180.             }
    181. 

  181.             return $count;
    182. 

  182.         }
    183. 

  183. 

  184.         protected static function getSubRoleMungeCount(SecurableItem $securableItem, Role $role)
    185. 

  185.         {
    186. 

  186.             $count = self::getImmediateRoleMungeCount($securableItem, $role);
    187. 

  187.             foreach ($role->roles as $subRole)
    188. 

  188.             {
    189. 

  189.                 $count += self::getSubRoleMungeCount($securableItem, $subRole);
    190. 

  190.             }
    191. 

  191.             return $count;
    192. 

  192.         }
    193. 

  193. 

  194.         protected static function getImmediateRoleMungeCount(SecurableItem $securableItem, Role $role)
    195. 

  195.         {
    196. 

  196.             $count = 0;
    197. 

  197.             foreach ($role->users as $user)
    198. 

  198.             {
    199. 

  199.                 if ($securableItem->owner->isSame($user))
    200. 

  200.                 {
    201. 

  201.                     $count++;
    202. 

  202.                 }
    203. 

  203.                 list($allowPermissions, $denyPermissions) = $securableItem->getExplicitActualPermissions($user);
    204. 

  204.                 $effectiveExplicitPermissions = $allowPermissions & ~$denyPermissions;
    205. 

  205.                 if (($effectiveExplicitPermissions & Permission::READ) == Permission::READ)
    206. 

  206.                 {
    207. 

  207.                     $count++;
    208. 

  208.                 }
    209. 

  209.                 foreach ($user->groups as $group)
    210. 

  210.                 {
    211. 

  211.                     $count += self::getGroupMungeCount($securableItem, $group);
    212. 

  212.                 }
    213. 

  213.             }
    214. 

  214.             return $count;
    215. 

  215.         }
    216. 

  216. 

  217.         protected static function getGroupMungeCount(SecurableItem $securableItem, Group $group)
    218. 

  218.         {
    219. 

  219.             $count = 0;
    220. 

  220.             list($allowPermissions, $denyPermissions) = $securableItem->getExplicitActualPermissions($group);
    221. 

  221.             $effectiveExplicitPermissions = $allowPermissions & ~$denyPermissions;
    222. 

  222.             if (($effectiveExplicitPermissions & Permission::READ) == Permission::READ)
    223. 

  223.             {
    224. 

  224.                 $count++;
    225. 

  225.             }
    226. 

  226.             if ($group->group->id > 0 && !(!RedBeanDatabase::isFrozen() && $group->group->isSame($group))) // Prevent cycles in database auto build.
    227. 

  227.             {
    228. 

  228.                 $count += self::getGroupMungeCount($securableItem, $group->group);
    229. 

  229.             }
    230. 

  230.             return $count;
    231. 

  231.         }
    232. 

  232. 

  233.         // SecurableItem create, assigned, or deleted.
    234. 

  234. 

  235.         // Past tense implies the method must be called immediately after the associated operation.
    236. 

  236.         public static function ownedSecurableItemCreated(OwnedSecurableItem $ownedSecurableItem)
    237. 

  237.         {
    238. 

  238.             self::ownedSecurableItemOwnerChanged($ownedSecurableItem);
    239. 

  239.         }
    240. 

  240. 

  241.         public static function ownedSecurableItemOwnerChanged(OwnedSecurableItem $ownedSecurableItem, User $oldUser = null)
    242. 

  242.         {
    243. 

  243.             $modelClassName = get_class($ownedSecurableItem);
    244. 

  244.             assert('$modelClassName != "OwnedSecurableItem"');
    245. 

  245.             $mungeTableName = self::getMungeTableName($modelClassName);
    246. 

  246.             if ($oldUser !== null && $oldUser->role->id > 0)
    247. 

  247.             {
    248. 

  248.                 self::decrementParentRolesCounts($mungeTableName, $ownedSecurableItem->getClassId('SecurableItem'), $oldUser->role);
    249. 

  249.                 self::garbageCollect($mungeTableName);
    250. 

  250.             }
    251. 

  251.             if ($ownedSecurableItem->owner->role->id > 0)
    252. 

  252.             {
    253. 

  253.                 self::incrementParentRolesCounts($mungeTableName, $ownedSecurableItem->getClassId('SecurableItem'), $ownedSecurableItem->owner->role);
    254. 

  254.             }
    255. 

  255.         }
    256. 

  256. 

  257.         // Being implies the the method must be called just before the associated operation.
    258. 

  258.         // The object is needed before the delete occurs and the delete cannot fail.
    259. 

  259.         public static function securableItemBeingDeleted(SecurableItem $securableItem) // Call being methods before the destructive operation.
    260. 

  260.         {
    261. 

  261.             $modelClassName = get_class($securableItem);
    262. 

  262.             assert('$modelClassName != "OwnedSecurableItem"');
    263. 

  263.             $mungeTableName = self::getMungeTableName($modelClassName);
    264. 

  264.             $securableItemId = $securableItem->getClassId('SecurableItem');
    265. 

  265.             R::exec("delete from $mungeTableName
    266. 

  266.                      where       securableitem_id = $securableItemId");
    267. 

  267.         }
    268. 

  268. 

  269.         // Permissions added or removed.
    270. 

  270. 

  271.         public static function securableItemGivenPermissionsForUser(SecurableItem $securableItem, User $user)
    272. 

  272.         {
    273. 

  273.             $modelClassName = get_class($securableItem);
    274. 

  274.             assert('$modelClassName != "OwnedSecurableItem"');
    275. 

  275.             $mungeTableName = self::getMungeTableName($modelClassName);
    276. 

  276.             $securableItemId = $securableItem->getClassId('SecurableItem');
    277. 

  277.             self::incrementCount($mungeTableName, $securableItemId, $user);
    278. 

  278.             if ($user->role->id > 0)
    279. 

  279.             {
    280. 

  280.                 self::incrementParentRolesCounts($mungeTableName, $securableItemId, $user->role);
    281. 

  281.             }
    282. 

  282.         }
    283. 

  283. 

  284.         public static function securableItemGivenPermissionsForGroup(SecurableItem $securableItem, Group $group)
    285. 

  285.         {
    286. 

  286.             $modelClassName = get_class($securableItem);
    287. 

  287.             assert('$modelClassName != "OwnedSecurableItem"');
    288. 

  288.             $mungeTableName = self::getMungeTableName($modelClassName);
    289. 

  289.             $securableItemId = $securableItem->getClassId('SecurableItem');
    290. 

  290.             self::incrementCount($mungeTableName, $securableItemId, $group);
    291. 

  291.             foreach ($group->users as $user)
    292. 

  292.             {
    293. 

  293.                 if ($user->role->id > 0)
    294. 

  294.                 {
    295. 

  295.                     self::incrementParentRolesCounts($mungeTableName, $securableItemId, $user->role);
    296. 

  296.                 }
    297. 

  297.             }
    298. 

  298.             foreach ($group->groups as $subGroup)
    299. 

  299.             {
    300. 

  300.                 self::securableItemGivenPermissionsForGroup($securableItem, $subGroup);
    301. 

  301.             }
    302. 

  302.         }
    303. 

  303. 

  304.         public static function securableItemLostPermissionsForUser(SecurableItem $securableItem, User $user)
    305. 

  305.         {
    306. 

  306.             $modelClassName = get_class($securableItem);
    307. 

  307.             assert('$modelClassName != "OwnedSecurableItem"');
    308. 

  308.             $mungeTableName = self::getMungeTableName($modelClassName);
    309. 

  309.             $securableItemId = $securableItem->getClassId('SecurableItem');
    310. 

  310.             self::decrementCount($mungeTableName, $securableItemId, $user);
    311. 

  311.             if ($user->role->id > 0)
    312. 

  312.             {
    313. 

  313.                 self::decrementParentRolesCounts($mungeTableName, $securableItemId, $user->role);
    314. 

  314.             }
    315. 

  315.             self::garbageCollect($mungeTableName);
    316. 

  316.         }
    317. 

  317. 

  318.         public static function securableItemLostPermissionsForGroup(SecurableItem $securableItem, Group $group)
    319. 

  319.         {
    320. 

  320.             $modelClassName = get_class($securableItem);
    321. 

  321.             assert('$modelClassName != "OwnedSecurableItem"');
    322. 

  322.             $mungeTableName = self::getMungeTableName($modelClassName);
    323. 

  323.             $securableItemId = $securableItem->getClassId('SecurableItem');
    324. 

  324.             self::decrementCount($mungeTableName, $securableItemId, $group);
    325. 

  325.             foreach ($group->users as $user)
    326. 

  326.             {
    327. 

  327.                 self::securableItemLostPermissionsForUser($securableItem, $user);
    328. 

  328.             }
    329. 

  329.             foreach ($group->groups as $subGroup)
    330. 

  330.             {
    331. 

  331.                 self::securableItemLostPermissionsForGroup($securableItem, $subGroup);
    332. 

  332.             }
    333. 

  333.             self::garbageCollect($mungeTableName);
    334. 

  334.         }
    335. 

  335. 

  336.         // User operations.
    337. 

  337. 

  338.         public static function userBeingDeleted($user) // Call being methods before the destructive operation.
    339. 

  339.         {
    340. 

  340.             foreach (self::getMungableModelClassNames() as $modelClassName)
    341. 

  341.             {
    342. 

  342.                 $mungeTableName = self::getMungeTableName($modelClassName);
    343. 

  343.                 if ($user->role->id > 0)
    344. 

  344.                 {
    345. 

  345.                     self::decrementParentRolesCountsForAllSecurableItems($mungeTableName, $user->role);
    346. 

  346.                     self::garbageCollect($mungeTableName);
    347. 

  347.                 }
    348. 

  348.                 $userId = $user->id;
    349. 

  349.                 R::exec("delete from $mungeTableName
    350. 

  350.                          where       munge_id = 'U$userId'");
    351. 

  351.             }
    352. 

  352.         }
    353. 

  353. 

  354.         // Group operations.
    355. 

  355. 

  356.         public static function userAddedToGroup(Group $group, User $user)
    357. 

  357.         {
    358. 

  358.             foreach (self::getMungableModelClassNames() as $modelClassName)
    359. 

  359.             {
    360. 

  360.                 $mungeTableName = self::getMungeTableName($modelClassName);
    361. 

  361.                 $groupId = $group->id;
    362. 

  362.                 $sql = "select securableitem_id
    363. 

  363.                         from   $mungeTableName
    364. 

  364.                         where  munge_id = concat('G', $groupId)";
    365. 

  365.                 $securableItemIds = R::getCol($sql);
    366. 

  366.                 self::bulkIncrementParentRolesCounts($mungeTableName, $securableItemIds, $user->role);
    367. 

  367.                 /*
    368. 

  368.                  * This extra step is not needed. See slide 21.  This is similar to userBeingRemovedFromRole in that
    369. 

  369.                  * the above query already is trapping the information needed.
    370. 

  370.                     Follow the same process for any upstream groups that the group is a member of.
    371. 

  371.                 */
    372. 

  372.             }
    373. 

  373.         }
    374. 

  374. 

  375.         public static function userRemovedFromGroup(Group $group, User $user)
    376. 

  376.         {
    377. 

  377.             foreach (self::getMungableModelClassNames() as $modelClassName)
    378. 

  378.             {
    379. 

  379.                 $mungeTableName = self::getMungeTableName($modelClassName);
    380. 

  380.                 $groupId = $group->id;
    381. 

  381.                 $sql = "select securableitem_id
    382. 

  382.                         from   $mungeTableName
    383. 

  383.                         where  munge_id = concat('G', $groupId)";
    384. 

  384.                 $securableItemIds = R::getCol($sql);
    385. 

  385.                 self::bulkDecrementParentRolesCounts($mungeTableName, $securableItemIds, $user->role);
    386. 

  386.                 /*
    387. 

  387.                  * This extra step is not needed. See slide 22. This is similar to userBeingRemovedFromRole or
    388. 

  388.                  * userAddedToGroup in that the above query is already trapping the information needed.
    389. 

  389.                     Follow the same process for any upstream groups that the group is a member of.
    390. 

  390.                 */
    391. 

  391.                 self::garbageCollect($mungeTableName);
    392. 

  392.             }
    393. 

  393.         }
    394. 

  394. 

  395.         public static function groupAddedToGroup(Group $group)
    396. 

  396.         {
    397. 

  397.             self::groupAddedOrRemovedFromGroup(true, $group);
    398. 

  398.         }
    399. 

  399. 

  400.         public static function groupBeingRemovedFromGroup(Group $group) // Call being methods before the destructive operation.
    401. 

  401.         {
    402. 

  402.             self::groupAddedOrRemovedFromGroup(false, $group);
    403. 

  403.         }
    404. 

  404. 

  405.         public static function groupBeingDeleted($group) // Call being methods before the destructive operation.
    406. 

  406.         {
    407. 

  407.             if ($group->group->id > 0 && !(!RedBeanDatabase::isFrozen() && $group->group->isSame($group))) // Prevent cycles in database auto build.
    408. 

  408.             {
    409. 

  409.                 self::groupBeingRemovedFromGroup($group);
    410. 

  410.             }
    411. 

  411.             foreach ($group->groups as $childGroup)
    412. 

  412.             {
    413. 

  413.                 if (!RedBeanDatabase::isFrozen() && $group->isSame($childGroup)) // Prevent cycles in database auto build.
    414. 

  414.                 {
    415. 

  415.                     continue;
    416. 

  416.                 }
    417. 

  417.                 self::groupBeingRemovedFromGroup($childGroup);
    418. 

  418.             }
    419. 

  419.             foreach ($group->users as $user)
    420. 

  420.             {
    421. 

  421.                 self::userRemovedFromGroup($group, $user);
    422. 

  422.             }
    423. 

  423.             foreach (self::getMungableModelClassNames() as $modelClassName)
    424. 

  424.             {
    425. 

  425.                 $groupId = $group->id;
    426. 

  426.                 $mungeTableName = self::getMungeTableName($modelClassName);
    427. 

  427.                 R::exec("delete from $mungeTableName
    428. 

  428.                      where       munge_id = 'G$groupId'");
    429. 

  429.             }
    430. 

  430.         }
    431. 

  431. 

  432.         protected static function groupAddedOrRemovedFromGroup($isAdd, Group $group)
    433. 

  433.         {
    434. 

  434.             assert('is_bool($isAdd)');
    435. 

  435.             if (!RedBeanDatabase::isFrozen() && $group->group->isSame($group)) // Prevent cycles in database auto build.
    436. 

  436.             {
    437. 

  437.                 return;
    438. 

  438.             }
    439. 

  439. 

  440.             $countMethod1 = $isAdd ? 'bulkIncrementCount'             : 'bulkDecrementCount';
    441. 

  441.             $countMethod2 = $isAdd ? 'bulkIncrementParentRolesCounts' : 'bulkDecrementParentRolesCounts';
    442. 

  442. 

  443.             $parentGroups = self::getAllParentGroups($group);
    444. 

  444.             $users  = self::getAllUsersInGroupAndChildGroupsRecursively($group);
    445. 

  445. 

  446.             // Handle groups that $parentGroup is in. In/decrement for the containing groups' containing
    447. 

  447.             // groups the models they have explicit permissions on.
    448. 

  448.             // And handle user's role's parents. In/decrement for all users that have permission because
    449. 

  449.             // they are now in the containing group.
    450. 

  450.             if (count($parentGroups) > 0)
    451. 

  451.             {
    452. 

  452.                 $parentGroupPermitableIds = array();
    453. 

  453.                 foreach ($parentGroups as $parentGroup)
    454. 

  454.                 {
    455. 

  455.                     $parentGroupPermitableIds[] = $parentGroup->getClassId('Permitable');
    456. 

  456.                 }
    457. 

  457.                 $sql = 'select securableitem_id
    458. 

  458.                         from   permission
    459. 

  459.                         where  permitable_id in (' . join(', ', $parentGroupPermitableIds) . ')';
    460. 

  460.                 $securableItemIds = R::getCol($sql);
    461. 

  461.                 foreach (self::getMungableModelClassNames() as $modelClassName)
    462. 

  462.                 {
    463. 

  463.                     $mungeTableName = self::getMungeTableName($modelClassName);
    464. 

  464.                     self::$countMethod1($mungeTableName, $securableItemIds, $group);
    465. 

  465.                     foreach ($users as $user)
    466. 

  466.                     {
    467. 

  467.                         if ($user->role->id > 0)
    468. 

  468.                         {
    469. 

  469.                             self::$countMethod2($mungeTableName, $securableItemIds, $user->role);
    470. 

  470.                         }
    471. 

  471.                     }
    472. 

  472.                 }
    473. 

  473.             }
    474. 

  474.             if (!$isAdd)
    475. 

  475.             {
    476. 

  476.                 foreach (self::getMungableModelClassNames() as $modelClassName)
    477. 

  477.                 {
    478. 

  478.                     $mungeTableName = self::getMungeTableName($modelClassName);
    479. 

  479.                     self::garbageCollect($mungeTableName);
    480. 

  480.                 }
    481. 

  481.             }
    482. 

  482.         }
    483. 

  483. 

  484.         protected static function getAllUsersInGroupAndChildGroupsRecursively(Group $group)
    485. 

  485.         {
    486. 

  486.             $users = array();
    487. 

  487.             foreach ($group->users as $user)
    488. 

  488.             {
    489. 

  489.                 $users[] = $user;
    490. 

  490.             }
    491. 

  491.             foreach ($group->groups as $childGroup)
    492. 

  492.             {
    493. 

  493.                 if (!RedBeanDatabase::isFrozen() && $group->isSame($childGroup)) // Prevent cycles in database auto build.
    494. 

  494.                 {
    495. 

  495.                     continue;
    496. 

  496.                 }
    497. 

  497.                 $users = array_merge($users, self::getAllUsersInGroupAndChildGroupsRecursively($childGroup));
    498. 

  498.             }
    499. 

  499.             return $users;
    500. 

  500.         }
    501. 

  501. 

  502.         protected static function getAllParentGroups(Group $group)
    503. 

  503.         {
    504. 

  504.             $parentGroups = array();
    505. 

  505.             $parentGroup = $group->group;
    506. 

  506.             while ($parentGroup->id > 0 && !(!RedBeanDatabase::isFrozen() && $parentGroup->isSame($parentGroup->group))) // Prevent cycles in database auto build.
    507. 

  507.             {
    508. 

  508.                 $parentGroups[] = $parentGroup;
    509. 

  509.                 $parentGroup = $parentGroup->group;
    510. 

  510.             }
    511. 

  511.             return $parentGroups;
    512. 

  512.         }
    513. 

  513. 

  514.         // Role operations.
    515. 

  515. 

  516.         public static function roleParentSet(Role $role)
    517. 

  517.         {
    518. 

  518.             assert('$role->role->id > 0');
    519. 

  519.             self::roleParentSetOrRemoved(true, $role);
    520. 

  520.         }
    521. 

  521. 

  522.         public static function roleParentBeingRemoved(Role $role) // Call being methods before the destructive operation.
    523. 

  523.         {
    524. 

  524.             assert('$role->role->id > 0');
    525. 

  525.             self::roleParentSetOrRemoved(false, $role);
    526. 

  526.         }
    527. 

  527. 

  528.         public static function roleBeingDeleted(Role $role) // Call being methods before the destructive operation.
    529. 

  529.         {
    530. 

  530.             foreach (self::getMungableModelClassNames() as $modelClassName)
    531. 

  531.             {
    532. 

  532.                 if ($role->role->id > 0)
    533. 

  533.                 {
    534. 

  534.                     self::roleParentBeingRemoved($role);
    535. 

  535.                 }
    536. 

  536.                 foreach ($role->roles as $childRole)
    537. 

  537.                 {
    538. 

  538.                     if ($childRole->role->id > 0)
    539. 

  539.                     {
    540. 

  540.                         self::roleParentBeingRemoved($childRole);
    541. 

  541.                     }
    542. 

  542.                 }
    543. 

  543.                 $mungeTableName = self::getMungeTableName($modelClassName);
    544. 

  544.                 $roleId = $role->id;
    545. 

  545.                 $sql = "delete from $mungeTableName
    546. 

  546.                         where       munge_id = 'R$roleId'";
    547. 

  547.                 R::exec($sql);
    548. 

  548.             }
    549. 

  549.         }
    550. 

  550. 

  551.         protected static function roleParentSetOrRemoved($isSet, Role $role)
    552. 

  552.         {
    553. 

  553.             assert('is_bool($isSet)');
    554. 

  554.             if (!RedBeanDatabase::isFrozen() && $role->role->isSame($role)) // Prevent cycles in database auto build.
    555. 

  555.             {
    556. 

  556.                 return;
    557. 

  557.             }
    558. 

  558. 

  559.             $countMethod = $isSet ? 'bulkIncrementParentRolesCounts' : 'bulkDecrementParentRolesCounts';
    560. 

  560. 

  561.             foreach (self::getMungableModelClassNames() as $modelClassName)
    562. 

  562.             {
    563. 

  563.                 $mungeTableName = self::getMungeTableName($modelClassName);
    564. 

  564. 

  565.                 $usersInRolesChildren = self::getAllUsersInRolesChildRolesRecursively($role);
    566. 

  566. 

  567.                 // Handle users in $role. In/decrement for the parent's parent
    568. 

  568.                 // roles the models they either own or have explicit permissions on.
    569. 

  569. 

  570.                 if (count($role->users) > 0)
    571. 

  571.                 {
    572. 

  572.                     $userIds      = array();
    573. 

  573.                     $permitableIds = array();
    574. 

  574.                     foreach ($role->users as $user)
    575. 

  575.                     {
    576. 

  576.                         $userIds[]       = $user->id;
    577. 

  577.                         $permitableIds[] = $user->getClassId('Permitable');
    578. 

  578.                     }
    579. 

  579.                     $sql = 'select securableitem_id
    580. 

  580.                             from   ownedsecurableitem
    581. 

  581.                             where  owner__user_id in (' . join(', ', $userIds) . ')
    582. 

  582.                             union all
    583. 

  583.                             select securableitem_id
    584. 

  584.                             from   permission
    585. 

  585.                             where  permitable_id in (' . join(', ', $permitableIds) . ')';
    586. 

  586.                     $securableItemIds = R::getCol($sql);
    587. 

  587.                     self::$countMethod($mungeTableName, $securableItemIds, $role->role);
    588. 

  588.                 }
    589. 

  589. 

  590.                 // Handle users in the child roles of $role. Increment for the parent's parent
    591. 

  591.                 // roles the models they either own or have explicit permissions on.
    592. 

  592. 

  593.                 if (count($usersInRolesChildren))
    594. 

  594.                 {
    595. 

  595.                     $userIds       = array();
    596. 

  596.                     $permitableIds = array();
    597. 

  597.                     foreach ($usersInRolesChildren as $user)
    598. 

  598.                     {
    599. 

  599.                         $userIds[]       = $user->id;
    600. 

  600.                         $permitableIds[] = $user->getClassId('Permitable');
    601. 

  601.                     }
    602. 

  602.                     $sql = 'select securableitem_id
    603. 

  603.                             from   ownedsecurableitem
    604. 

  604.                             where  owner__user_id in (' . join(', ', $userIds) . ')
    605. 

  605.                             union all
    606. 

  606.                             select securableitem_id
    607. 

  607.                             from   permission
    608. 

  608.                             where  permitable_id in (' . join(', ', $permitableIds) . ')';
    609. 

  609.                     $securableItemIds = R::getCol($sql);
    610. 

  610.                     self::$countMethod($mungeTableName, $securableItemIds, $role);
    611. 

  611.                 }
    612. 

  612. 

  613.                 // Handle groups for the users in $role. Increment for the parent's parent
    614. 

  614.                 // roles the models they have explicit permissions on.
    615. 

  615. 

  616.                 if (count($role->users) > 0)
    617. 

  617.                 {
    618. 

  618.                     $permitableIds = array();
    619. 

  619.                     foreach ($role->users as $user)
    620. 

  620.                     {
    621. 

  621.                         foreach ($user->groups as $group)
    622. 

  622.                         {
    623. 

  623.                             $permitableIds[] = $group->getClassId('Permitable');
    624. 

  624.                         }
    625. 

  625.                     }
    626. 

  626.                     $permitableIds = array_unique($permitableIds);
    627. 

  627.                     $sql = 'select securableitem_id
    628. 

  628.                             from   permission
    629. 

  629.                             where  permitable_id in (' . join(', ', $permitableIds) . ')';
    630. 

  630.                     $securableItemIds = R::getCol($sql);
    631. 

  631.                     self::$countMethod($mungeTableName, $securableItemIds, $role->role);
    632. 

  632.                 }
    633. 

  633. 

  634.                 // Handle groups for the users $role's child roles. Increment for the role's parent
    635. 

  635.                 // roles the models they have explicit permissions on.
    636. 

  636. 

  637.                 if (count($usersInRolesChildren))
    638. 

  638.                 {
    639. 

  639.                     $permitableIds = array();
    640. 

  640.                     foreach ($usersInRolesChildren as $user)
    641. 

  641.                     {
    642. 

  642.                         foreach ($user->groups as $group)
    643. 

  643.                         {
    644. 

  644.                             $permitableIds[] = $group->getClassId('Permitable');
    645. 

  645.                         }
    646. 

  646.                     }
    647. 

  647.                     $permitableIds = array_unique($permitableIds);
    648. 

  648.                     if (count($permitableIds) > 0)
    649. 

  649.                     {
    650. 

  650.                         $sql = 'select securableitem_id
    651. 

  651.                                 from   permission
    652. 

  652.                                 where  permitable_id in (' . join(', ', $permitableIds) . ')';
    653. 

  653.                         $securableItemIds = R::getCol($sql);
    654. 

  654.                     }
    655. 

  655.                     else
    656. 

  656.                     {
    657. 

  657.                         $securableItemIds = array();
    658. 

  658.                     }
    659. 

  659.                     self::$countMethod($mungeTableName, $securableItemIds, $role);
    660. 

  660.                 }
    661. 

  661.                 if (!$isSet)
    662. 

  662.                 {
    663. 

  663.                     self::garbageCollect($mungeTableName);
    664. 

  664.                 }
    665. 

  665.             }
    666. 

  666.         }
    667. 

  667. 

  668.         protected static function getAllUsersInRolesChildRolesRecursively(Role $role)
    669. 

  669.         {
    670. 

  670.             $users = array();
    671. 

  671.             foreach ($role->roles as $childRole)
    672. 

  672.             {
    673. 

  673.                 if (!RedBeanDatabase::isFrozen() && $role->isSame($childRole)) // Prevent cycles in database auto build.
    674. 

  674.                 {
    675. 

  675.                     continue;
    676. 

  676.                 }
    677. 

  677.                 foreach ($childRole->users as $user)
    678. 

  678.                 {
    679. 

  679.                     $users[] = $user;
    680. 

  680.                 }
    681. 

  681.                 $users = array_merge($users, self::getAllUsersInRolesChildRolesRecursively($childRole));
    682. 

  682.             }
    683. 

  683.             return $users;
    684. 

  684.         }
    685. 

  685. 

  686.         public static function userAddedToRole(User $user)
    687. 

  687.         {
    688. 

  688.             assert('$user->role->id > 0');
    689. 

  689.             foreach (self::getMungableModelClassNames() as $modelClassName)
    690. 

  690.             {
    691. 

  691.                 $mungeTableName = self::getMungeTableName($modelClassName);
    692. 

  692.                 $userId = $user->id;
    693. 

  693.                 $sql = "select securableitem_id
    694. 

  694.                         from   ownedsecurableitem
    695. 

  695.                         where  owner__user_id = $userId";
    696. 

  696.                 $securableItemIds = R::getCol($sql);
    697. 

  697.                 //Increment the parent roles for securableItems that the user is the owner on.
    698. 

  698.                 self::bulkIncrementParentRolesCounts($mungeTableName, $securableItemIds, $user->role);
    699. 

  699. 

  700.                 //Get all downstream groups the user is in including any groups that are in those groups recursively.
    701. 

  701.                 //Then for each group found, add weight for the user's upstream roles.
    702. 

  702.                 $groupMungeIds = array();
    703. 

  703.                 foreach ($user->groups as $group)
    704. 

  704.                 {
    705. 

  705.                     $groupMungeIds[] = 'G' . $group->id;
    706. 

  706.                     self::getAllUpstreamGroupsRecursively($group, $groupMungeIds);
    707. 

  707.                 }
    708. 

  708.                 if (count($groupMungeIds) > 0)
    709. 

  709.                 {
    710. 

  710.                     $inSqlPart = SQLOperatorUtil::resolveOperatorAndValueForOneOf('oneOf', $groupMungeIds, true);
    711. 

  711.                     $sql = "select distinct $mungeTableName.securableitem_id
    712. 

  712.                             from   $mungeTableName
    713. 

  713.                             where  $mungeTableName.munge_id $inSqlPart";
    714. 

  714.                     $securableItemIds = R::getCol($sql);
    715. 

  715.                     self::bulkIncrementParentRolesCounts($mungeTableName, $securableItemIds, $user->role);
    716. 

  716.                 }
    717. 

  717.             }
    718. 

  718.         }
    719. 

  719. 

  720.         public static function userBeingRemovedFromRole(User $user, Role $role)
    721. 

  721.         {
    722. 

  722.             foreach (self::getMungableModelClassNames() as $modelClassName)
    723. 

  723.             {
    724. 

  724.                 $mungeTableName = self::getMungeTableName($modelClassName);
    725. 

  725.                 $userId = $user->id;
    726. 

  726.                 $sql = "select securableitem_id
    727. 

  727.                         from   ownedsecurableitem
    728. 

  728.                         where  owner__user_id = $userId";
    729. 

  729.                 $securableItemIds = R::getCol($sql);
    730. 

  730.                 self::bulkDecrementParentRolesCounts($mungeTableName, $securableItemIds, $role);
    731. 

  731. 

  732.                 $sql = "select $mungeTableName.securableitem_id
    733. 

  733.                         from   $mungeTableName, _group__user
    734. 

  734.                         where  $mungeTableName.munge_id = concat('G', _group__user._group_id) and
    735. 

  735.                                _group__user._user_id = $userId";
    736. 

  736.                 $securableItemIds = R::getCol($sql);
    737. 

  737.                 self::bulkDecrementParentRolesCounts($mungeTableName, $securableItemIds, $role);
    738. 

  738.                 /*
    739. 

  739.                  * This additional step I don't think is needed because the sql query above actually traps
    740. 

  740.                  * the upstream explicit securableItems because the lower level groups will already have a point for
    741. 

  741.                  * each of them.
    742. 

  742.                     What groups are the user part of and what groups are those groups children of recursively?
    743. 

  743.                     For any models that have that group explicity for read, subtract 1 point for the user's
    744. 

  744.                     upstream roles from the disconnected role.
    745. 

  745.                 */
    746. 

  746.                 self::garbageCollect($mungeTableName);
    747. 

  747.             }
    748. 

  748.         }
    749. 

  749. 

  750.         ///////////////////////////////////////////////////////////////////////
    751. 

  751. 

  752.         public static function getAllUpstreamGroupsRecursively(Group $group, & $groupMungeIds)
    753. 

  753.         {
    754. 

  754.             assert('is_array($groupMungeIds)');
    755. 

  755.             if ($group->group->id > 0 )
    756. 

  756.             {
    757. 

  757.                 $groupMungeIds[] = 'G' . $group->group->id;
    758. 

  758.                 if (!RedBeanDatabase::isFrozen() && $group->isSame($group->group))
    759. 

  759.                 {
    760. 

  760.                     //Do Nothing. Prevent cycles in database auto build.
    761. 

  761.                 }
    762. 

  762.                 else
    763. 

  763.                 {
    764. 

  764.                     self::getAllUpstreamGroupsRecursively($group->group, $groupMungeIds);
    765. 

  765.                 }
    766. 

  766.             }
    767. 

  767.         }
    768. 

  768. 

  769.         public static function getUserRoleIdAndGroupIds(User $user)
    770. 

  770.         {
    771. 

  771.             if ($user->role->id > 0)
    772. 

  772.             {
    773. 

  773.                 $roleId = $user->role->id;
    774. 

  774.             }
    775. 

  775.             else
    776. 

  776.             {
    777. 

  777.                 $roleId = null;
    778. 

  778.             }
    779. 

  779.             $groupIds = array();
    780. 

  780.             foreach ($user->groups as $group)
    781. 

  781.             {
    782. 

  782.                 $groupIds[] = $group->id;
    783. 

  783.             }
    784. 

  784.             return array($roleId, $groupIds);
    785. 

  785.         }
    786. 

  786. 

  787.         public static function getMungeIdsByUser(User $user)
    788. 

  788.         {
    789. 

  789.             list($roleId, $groupIds) = self::getUserRoleIdAndGroupIds($user);
    790. 

  790.             $mungeIds = array("U$user->id");
    791. 

  791.             if ($roleId != null)
    792. 

  792.             {
    793. 

  793.                 $mungeIds[] = "R$roleId";
    794. 

  794.             }
    795. 

  795.             foreach ($groupIds as $groupId)
    796. 

  796.             {
    797. 

  797.                 $mungeIds[] = "G$groupId";
    798. 

  798.             }
    799. 

  799.             //Add everyone group
    800. 

  800.             $everyoneGroupId = Group::getByName(Group::EVERYONE_GROUP_NAME)->id;
    801. 

  801.             if (!in_array("G" . $everyoneGroupId, $mungeIds) && $everyoneGroupId > 0)
    802. 

  802.             {
    803. 

  803.                 $mungeIds[] = "G" . $everyoneGroupId;
    804. 

  804.             }
    805. 

  805.             return $mungeIds;
    806. 

  806.         }
    807. 

  807. 

  808.         /**
    809. 

  809.          * Public for testing only. Need to manually create test model tables that would not be picked up normally.
    810. 

  810.          */
    811. 

  811.         public static function recreateTable($mungeTableName)
    812. 

  812.         {
    813. 

  813.             assert('is_string($mungeTableName) && $mungeTableName  != ""');
    814. 

  814.             R::exec("drop table if exists $mungeTableName");
    815. 

  815.             R::exec("create table $mungeTableName (
    816. 

  816.                         securableitem_id int(11)     unsigned not null,
    817. 

  817.                         munge_id         varchar(12)          not null,
    818. 

  818.                         count            int(8)      unsigned not null,
    819. 

  819.                         primary key (securableitem_id, munge_id)
    820. 

  820.                      )");
    821. 

  821.             R::exec("create index index_${mungeTableName}_securable_item_id
    822. 

  822.                      on $mungeTableName (securableitem_id);");
    823. 

  823.         }
    824. 

  824. 

  825.         protected static function incrementCount($mungeTableName, $securableItemId, $item)
    826. 

  826.         {
    827. 

  827.             assert('is_string($mungeTableName) && $mungeTableName != ""');
    828. 

  828.             assert('is_int($securableItemId) && $securableItemId > 0');
    829. 

  829.             assert('$item instanceof User || $item instanceof Group || $item instanceof Role');
    830. 

  830.             $itemId  = $item->id;
    831. 

  831.             $type    = self::getMungeType($item);
    832. 

  832.             $mungeId = "$type$itemId";
    833. 

  833.             R::exec("insert into $mungeTableName
    834. 

  834.                                  (securableitem_id, munge_id, count)
    835. 

  835.                      values ($securableItemId, '$mungeId', 1)
    836. 

  836.                      on duplicate key
    837. 

  837.                      update count = count + 1");
    838. 

  838.         }
    839. 

  839. 

  840.         protected static function setCount($mungeTableName, $securableItemId, $item, $count)
    841. 

  841.         {
    842. 

  842.             assert('is_string($mungeTableName) && $mungeTableName != ""');
    843. 

  843.             assert('is_int($securableItemId) && $securableItemId > 0');
    844. 

  844.             assert('$item instanceof User || $item instanceof Group || $item instanceof Role');
    845. 

  845.             $itemId  = $item->id;
    846. 

  846.             $type    = self::getMungeType($item);
    847. 

  847.             $mungeId = "$type$itemId";
    848. 

  848.             R::exec("insert into $mungeTableName
    849. 

  849.                                  (securableitem_id, munge_id, count)
    850. 

  850.                      values ($securableItemId, '$mungeId', $count)
    851. 

  851.                      on duplicate key
    852. 

  852.                      update count = $count");
    853. 

  853.         }
    854. 

  854. 

  855.         protected static function decrementCount($mungeTableName, $securableItemId, $item)
    856. 

  856.         {
    857. 

  857.             assert('is_string($mungeTableName) && $mungeTableName != ""');
    858. 

  858.             assert('is_int($securableItemId) && $securableItemId > 0');
    859. 

  859.             assert('$item instanceof User || $item instanceof Group || $item instanceof Role');
    860. 

  860.             $itemId  = $item->id;
    861. 

  861.             $type    = self::getMungeType($item);
    862. 

  862.             $mungeId = "$type$itemId";
    863. 

  863.             R::exec("update $mungeTableName
    864. 

  864.                      set count = count - 1
    865. 

  865.                      where securableitem_id = $securableItemId and
    866. 

  866.                            munge_id         = '$mungeId'");
    867. 

  867.         }
    868. 

  868. 

  869.         protected static function decrementCountForAllSecurableItems($mungeTableName, $item)
    870. 

  870.         {
    871. 

  871.             assert('is_string($mungeTableName) && $mungeTableName != ""');
    872. 

  872.             assert('$item instanceof User || $item instanceof Group || $item instanceof Role');
    873. 

  873.             $itemId  = $item->id;
    874. 

  874.             $type    = self::getMungeType($item);
    875. 

  875.             $mungeId = "$type$itemId";
    876. 

  876.             R::exec("update $mungeTableName
    877. 

  877.                      set count = count - 1
    878. 

  878.                      where munge_id = '$mungeId'");
    879. 

  879.         }
    880. 

  880. 

  881.         protected static function bulkIncrementCount($mungeTableName, $securableItemIds, $item)
    882. 

  882.         {
    883. 

  883.             assert('is_string($mungeTableName) && $mungeTableName != ""');
    884. 

  884.             assert('$item instanceof User || $item instanceof Group || $item instanceof Role');
    885. 

  885.             foreach ($securableItemIds as $securableItemId)
    886. 

  886.             {
    887. 

  887.                 self::incrementCount($mungeTableName, intval($securableItemId), $item);
    888. 

  888.             }
    889. 

  889.         }
    890. 

  890. 

  891.         protected static function bulkDecrementCount($mungeTableName, $securableItemIds, $item)
    892. 

  892.         {
    893. 

  893.             assert('is_string($mungeTableName) && $mungeTableName != ""');
    894. 

  894.             assert('$item instanceof User || $item instanceof Group || $item instanceof Role');
    895. 

  895.             foreach ($securableItemIds as $securableItemId)
    896. 

  896.             {
    897. 

  897.                 self::decrementCount($mungeTableName, intval($securableItemId), $item);
    898. 

  898.             }
    899. 

  899.         }
    900. 

  900. 

  901.         protected static function incrementParentRolesCounts($mungeTableName, $securableItemId, Role $role)
    902. 

  902.         {
    903. 

  903.             assert('is_string($mungeTableName) && $mungeTableName != ""');
    904. 

  904.             assert('is_int($securableItemId) && $securableItemId > 0');
    905. 

  905.             if (!RedBeanDatabase::isFrozen() && $role->role->isSame($role)) // Prevent cycles in database auto build.
    906. 

  906.             {
    907. 

  907.                 return;
    908. 

  908.             }
    909. 

  909.             if ($role->role->id > 0)
    910. 

  910.             {
    911. 

  911.                 self::incrementCount            ($mungeTableName, $securableItemId, $role->role);
    912. 

  912.                 self::incrementParentRolesCounts($mungeTableName, $securableItemId, $role->role);
    913. 

  913.             }
    914. 

  914.         }
    915. 

  915. 

  916.         protected static function decrementParentRolesCounts($mungeTableName, $securableItemId, Role $role)
    917. 

  917.         {
    918. 

  918.             assert('is_string($mungeTableName) && $mungeTableName != ""');
    919. 

  919.             assert('is_int($securableItemId) && $securableItemId > 0');
    920. 

  920.             if (!RedBeanDatabase::isFrozen() && $role->role->isSame($role)) // Prevent cycles in database auto build.
    921. 

  921.             {
    922. 

  922.                 return;
    923. 

  923.             }
    924. 

  924.             if ($role->role->id > 0)
    925. 

  925.             {
    926. 

  926.                 self::decrementCount            ($mungeTableName, $securableItemId, $role->role);
    927. 

  927.                 self::decrementParentRolesCounts($mungeTableName, $securableItemId, $role->role);
    928. 

  928.             }
    929. 

  929.         }
    930. 

  930. 

  931.         protected static function decrementParentRolesCountsForAllSecurableItems($mungeTableName, Role $role)
    932. 

  932.         {
    933. 

  933.             assert('is_string($mungeTableName) && $mungeTableName != ""');
    934. 

  934.             if (!RedBeanDatabase::isFrozen() && $role->role->isSame($role)) // Prevent cycles in database auto build.
    935. 

  935.             {
    936. 

  936.                 return;
    937. 

  937.             }
    938. 

  938.             if ($role->role->id > 0)
    939. 

  939.             {
    940. 

  940.                 self::decrementCountForAllSecurableItems            ($mungeTableName, $role->role);
    941. 

  941.                 self::decrementParentRolesCountsForAllSecurableItems($mungeTableName, $role->role);
    942. 

  942.             }
    943. 

  943.         }
    944. 

  944. 

  945.         protected static function bulkIncrementParentRolesCounts($mungeTableName, $securableItemIds, Role $role)
    946. 

  946.         {
    947. 

  947.             foreach ($securableItemIds as $securableItemId)
    948. 

  948.             {
    949. 

  949.                 self::incrementParentRolesCounts($mungeTableName, intval($securableItemId), $role);
    950. 

  950.             }
    951. 

  951.         }
    952. 

  952. 

  953.         protected static function bulkDecrementParentRolesCounts($mungeTableName, $securableItemIds, Role $role)
    954. 

  954.         {
    955. 

  955.             foreach ($securableItemIds as $securableItemId)
    956. 

  956.             {
    957. 

  957.                 self::decrementParentRolesCounts($mungeTableName, intval($securableItemId), $role);
    958. 

  958.             }
    959. 

  959.         }
    960. 

  960. 

  961.         // This must be called ny any public method which decrements
    962. 

  962.         // counts after it has done all its count decrementing.
    963. 

  963.         // It is not done in decrementCount to avoid doing it more
    964. 

  964.         // than is necessary.
    965. 

  965.         protected static function garbageCollect($mungeTableName)
    966. 

  966.         {
    967. 

  967.             assert("(int)R::getCell('select count(*)
    968. 

  968.                                 from   $mungeTableName
    969. 

  969.                                 where  count < 0') == 0");
    970. 

  970.             R::exec("delete from $mungeTableName
    971. 

  971.                      where       count = 0");
    972. 

  972.             assert("(int)R::getCell('select count(*)
    973. 

  973.                                 from   $mungeTableName
    974. 

  974.                                 where  count < 1') == 0");
    975. 

  975.         }
    976. 

  976. 

  977.         protected static function getMungeType($item)
    978. 

  978.         {
    979. 

  979.             assert('$item instanceof User || $item instanceof Group || $item instanceof Role');
    980. 

  980.             return substr(get_class($item), 0, 1);
    981. 

  981.         }
    982. 

  982. 

  983.         //public for testing only
    984. 

  984.         public static function getMungableModelClassNames()
    985. 

  985.         {
    986. 

  986.             try
    987. 

  987.             {
    988. 

  988.                 return GeneralCache::getEntry('mungableModelClassNames');
    989. 

  989.             }
    990. 

  990.             catch (NotFoundException $e)
    991. 

  991.             {
    992. 

  992.                 $mungableClassNames = self::findMungableModelClassNames();
    993. 

  993.                 GeneralCache::cacheEntry('mungableModelClassNames', $mungableClassNames);
    994. 

  994.                 return $mungableClassNames;
    995. 

  995.             }
    996. 

  996.         }
    997. 

  997. 

  998.         //public for testing only.
    999. 

  999.         public static function findMungableModelClassNames()
    1000. 

  1000.         {
    1001. 

  1001.             $mungableModelClassNames = array();
    1002. 

  1002.             $modules = Module::getModuleObjects();
    1003. 

  1003.             foreach ($modules as $module)
    1004. 

  1004.             {
    1005. 

  1005.                 $modelClassNames = $module::getModelClassNames();
    1006. 

  1006.                 foreach ($modelClassNames as $modelClassName)
    1007. 

  1007.                 {
    1008. 

  1008.                     if (is_subclass_of($modelClassName, 'SecurableItem') &&
    1009. 

  1009.                         $modelClassName::hasReadPermissionsOptimization())
    1010. 

  1010.                     {
    1011. 

  1011.                         $mungableModelClassNames[] = $modelClassName;
    1012. 

  1012.                     }
    1013. 

  1013.                 }
    1014. 

  1014.             }
    1015. 

  1015.             return $mungableModelClassNames;
    1016. 

  1016.         }
    1017. 

  1017. 

  1018.         protected static function getMainTableName($modelClassName)
    1019. 

  1019.         {
    1020. 

  1020.             assert('is_string($modelClassName) && $modelClassName != ""');
    1021. 

  1021.             return RedBeanModel::getTableName($modelClassName);
    1022. 

  1022.         }
    1023. 

  1023. 

  1024.         public static function getMungeTableName($modelClassName)
    1025. 

  1025.         {
    1026. 

  1026.             assert('is_string($modelClassName) && $modelClassName != ""');
    1027. 

  1027.             return self::getMainTableName($modelClassName) . '_read';
    1028. 

  1028.         }
    1029. 

  1029.     }
    1030. 

  1030. ?>
    1031. 

  1031.