/ck/protected/modules/rbam/components/behaviors/RbamPhpAuthManagerBehavior.php

https://github.com/moravianlibrary/Projekt-Ceska-knihovna · PHP · 230 lines · 116 code · 28 blank · 86 comment · 11 complexity · ff587d3f20a45552e69aecb4df4edde3 MD5 · raw file 

    

  1. <?php

    2. 

  2. /* SVN FILE: $Id: RbamPhpAuthManagerBehavior.php 15 2010-12-20 09:01:13Z Chris $*/

    3. 

  3. /**

    4. 

  4. * RBAM PhpAuthManager Behavior class file.

    5. 

  5. * Provides additional features used by RBAM to CPhpAuthmanager.

    6. 

  6. * 

    7. 

  7. * @copyright	Copyright &copy; 2010 PBM Web Development - All Rights Reserved

    8. 

  8. * @package		RBAM

    9. 

  9. * @since			V1.0.0

    10. 

  10. * @version		$Revision: 15 $

    11. 

  11. * @license		BSD License (see documentation)

    12. 

  12. */

    13. 

  13. /**

    14. 

  14. * RBAM PhpAuthManager Behavior class

    15. 

  15. * @package		RBAM

    16. 

  16. */

    17. 

  17. class RbamPhpAuthManagerBehavior extends RbamAuthManagerBehavior {	

    18. 

  18. 	/**

    19. 

  19. 	* Returns the assignments authorised for the specified item.

    20. 

  20. 	* @param string the item name.

    21. 

  21. 	* @return array CAuthAssignments authorised for the item

    22. 

  22. 	*/

    23. 

  23. 	public function getItemEAuthAssignments($name) {		

    24. 

  24. 		$owner = $this->getOwner();

    25. 

  25. 		$roles = array();

    26. 

  26. 

    27. 

  27. 		if ($owner->getAuthItem($name)->getType() == CAuthItem::TYPE_ROLE)

    28. 

  28. 			$roles[] = $name;

    29. 

  29. 

    30. 

  30. 		$authItems = $this->getEAncestors($name);

    31. 

  31. 		foreach ($authItems as $authItem)

    32. 

  32. 			if ($authItem->getType() == CAuthItem::TYPE_ROLE)

    33. 

  33. 				$roles[] = $authItem->getName();

    34. 

  34. 				

    35. 

  35. 		$assignments = array();

    36. 

  36. 		if (!empty($roles)) {

    37. 

  37. 			// get users, then all their assignments, then filter those by name

    38. 

  38. 			$userIdAttribute = $this->module->userIdAttribute;

    39. 

  39. 			$criteria = new CDbCriteria($this->module->userCriteria);

    40. 

  40. 			$criteria->mergeWith(new CDbCriteria(array('select'=>$userIdAttribute)));

    41. 

  41. 			

    42. 

  42. 			$userAssignments = array();

    43. 

  43. 			foreach (CActiveRecord::model($this->module->userClass)->findAll($criteria) as $user) {

    44. 

  44. 				$usersAssignments[$user->$userIdAttribute] = $owner->getAuthAssignments($user->$userIdAttribute);

    45. 

  45. 			}

    46. 

  46. 			

    47. 

  47. 			foreach ($roles as $role)

    48. 

  48. 				foreach ($usersAssignments as $userAssignments)

    49. 

  49. 					if (array_key_exists($role, $userAssignments))

    50. 

  50. 						$assignments[] = $userAssignments[$role];

    51. 

  51. 			

    52. 

  52. 			foreach($assignments as &$assignment)

    53. 

  53. 				$assignment->attachBehavior('RbamAuthAssignmentBehavior', array(

    54. 

  54. 				'class'=>'RbamAuthAssignmentBehavior',

    55. 

  55. 				'module'=>$this->module

    56. 

  56. 			));

    57. 

  57. 		}

    58. 

  58. 				

    59. 

  59. 		return $assignments;

    60. 

  60. 	}

    61. 

  61. 	

    62. 

  62. 	/**

    63. 

  63. 	* Returns the parents of the specified item.

    64. 

  64. 	* If type is not given all parents are returned.

    65. 

  65. 	* @param mixed name(s) of the child item(s).

    66. 

  66. 	* This can be either a string or an array.

    67. 

  67. 	* The latter represents a list of item names.

    68. 

  68. 	* @param integer type of parents to return.

    69. 

  69. 	* @return array all parent items of the child

    70. 

  70. 	*/

    71. 

  71. 	public function getItemEParents($names, $type=null) {

    72. 

  72. 		if (is_string($names))

    73. 

  73. 			$names = array($names);

    74. 

  74. 		$owner = $this->getOwner();

    75. 

  75. 		$parents = array();

    76. 

  76. 		

    77. 

  77. 		foreach ($owner->getAuthItems() as $authItem)

    78. 

  78. 			foreach ($names as $name)

    79. 

  79. 				if ($authItem->hasChild($name))

    80. 

  80. 					$parents[] = $authItem;

    81. 

  81. 

    82. 

  82. 		$parents = $this->filterByType($parents, $type);

    83. 

  83. 		foreach($parents as &$parent)

    84. 

  84. 			$parent->attachBehavior('RbamAuthItemBehavior', 'RbamAuthItemBehavior');

    85. 

  85. 		return $parents;

    86. 

  86. 	}

    87. 

  87. 	

    88. 

  88. 	/**

    89. 

  89. 	* Returns items of the specified type that are children of the specified parent item.

    90. 

  90. 	* If type is not given all children are returned.

    91. 

  91. 	* @param mixed name(s) of the parent item(s).

    92. 

  92. 	* This can be either a string or an array.

    93. 

  93. 	* The latter represents a list of item names.

    94. 

  94. 	* @param integer type of children to return.

    95. 

  95. 	* @return array items of the specified type that are children of the parent.

    96. 

  96. 	*/

    97. 

  97. 	public function getItemEChildren($names, $type=null) {

    98. 

  98. 		$children = $this->getOwner()->getItemChildren($names);

    99. 

  99. 		$children = $this->filterByType($children, $type);

    100. 

  100. 		foreach($children as &$child)

    101. 

  101. 			$child->attachBehavior('RbamAuthItemBehavior', 'RbamAuthItemBehavior');

    102. 

  102. 		return $children;

    103. 

  103. 	}

    104. 

  104. 	

    105. 

  105. 	/**

    106. 

  106. 	* Returns items of the specified type that are unrelated to the specified item.

    107. 

  107. 	* If type is not given all unrelated items are returned.

    108. 

  108. 	* @param string name of the item.

    109. 

  109. 	* @param integer type of item to return

    110. 

  110. 	* @return array items of the specified type that are unrelated to the item.

    111. 

  111. 	*/

    112. 

  112. 	public function getItemEUnrelated($name, $type=null) {

    113. 

  113. 		$unrelated = $this->filterOutRelated($name, $type, $this->getOwner()->getAuthItems($type));

    114. 

  114. 		foreach($unrelated as &$item)

    115. 

  115. 			$item->attachBehavior('RbamAuthItemBehavior', 'RbamAuthItemBehavior');

    116. 

  116. 		

    117. 

  117. 		$related = array_merge($this->getEAncestors($name), $this->getEDescendants($name));

    118. 

  118. 		

    119. 

  119. 		return array_diff_key($unrelated, $related);

    120. 

  120. 	}

    121. 

  121. 	

    122. 

  122. 	/**

    123. 

  123. 	* Returns the number of children of the specified item.

    124. 

  124. 	* @param string $name the parent item name.

    125. 

  125. 	* @return int the number of child items of the parent

    126. 

  126. 	*/

    127. 

  127. 	public function getItemChildCount($name) {

    128. 

  128. 		return count($this->getOwner()->getItemChildren($name));

    129. 

  129. 	}

    130. 

  130. 	

    131. 

  131. 	/**

    132. 

  132. 	* Returns the number of parents of the specified item.

    133. 

  133. 	* @param string $name the child item name.

    134. 

  134. 	* @return int the number of parent items of the child

    135. 

  135. 	*/

    136. 

  136. 	public function getItemParentCount($name) {

    137. 

  137. 		return count($this->getItemEParents($name));

    138. 

  138. 	}

    139. 

  139. 	

    140. 

  140. 	/**

    141. 

  141. 	* Returns roles not assigned to the user, either directly or via inheritance.

    142. 

  142. 	* @param mixed the user id.

    143. 

  143. 	* @return array roles not assigned to the user.

    144. 

  144. 	*/

    145. 

  145. 	public function getEUnassignedRoles($uid) {

    146. 

  146. 		$owner = $this->getOwner();

    147. 

  147. 		$unassignedRoles = array();

    148. 

  148. 		

    149. 

  149. 		foreach ($owner->getAuthItems(CAuthItem::TYPE_ROLE) as $role)

    150. 

  150. 			if (!$owner->isAssigned($role->name, $uid))

    151. 

  151. 				$unassignedRoles[] = $role;

    152. 

  152. 		

    153. 

  153. 		foreach ($owner->defaultRoles as $defaultRole)

    154. 

  154. 			unset($unassignedRoles[$defaultRole]);

    155. 

  155. 

    156. 

  156. 		foreach($unassignedRoles as &$unassignedRole)

    157. 

  157. 			$unassignedRole->attachBehavior('RbamAuthItemBehavior', 'RbamAuthItemBehavior');

    158. 

  158. 			

    159. 

  159. 		$assignedRoles = array();

    160. 

  160. 		foreach ($owner->getAuthAssignments($uid) as $assignment)

    161. 

  161. 			$assignedRoles[] = $assignment->itemName;			

    162. 

  162. 		

    163. 

  163. 		$childRoles = $this->getItemEChildren($assignedRoles, CAuthItem::TYPE_ROLE);

    164. 

  164. 

    165. 

  165. 		return array_diff_key($unassignedRoles, $childRoles);

    166. 

  166. 	}

    167. 

  167. 	

    168. 

  168. 	/**

    169. 

  169. 	* Filter items by type 

    170. 

  170. 	* @param array items to filter

    171. 

  171. 	* @param integer type of auth items required

    172. 

  172. 	* @return filtered items

    173. 

  173. 	*/

    174. 

  174. 	private function filterByType($items, $type) {

    175. 

  175. 		if (!is_null($type)) {

    176. 

  176. 			switch ($type) {

    177. 

  177. 				case CAuthItem::TYPE_OPERATION:

    178. 

  178. 					$items = array_filter($items, array($this,'isOperation'));

    179. 

  179. 					break;

    180. 

  180. 				case CAuthItem::TYPE_TASK:

    181. 

  181. 					$items = array_filter($items, array($this,'isTask'));

    182. 

  182. 					break;

    183. 

  183. 				case CAuthItem::TYPE_ROLE:

    184. 

  184. 					$items = array_filter($items, array($this,'isRole'));

    185. 

  185. 					break;

    186. 

  186. 			}

    187. 

  187. 		}

    188. 

  188. 		return $items; 

    189. 

  189. 	}

    190. 

  190. 	

    191. 

  191. 	/**

    192. 

  192. 	* Filters out relations of an item from the list of items 

    193. 

  193. 	* @param string name of the item

    194. 

  194. 	* @param integer type of items

    195. 

  195. 	* @param array list of items to filter

    196. 

  196. 	* @return array filtered items

    197. 

  197. 	*/

    198. 

  198. 	private function filterOutRelated($name, $type, $items) {

    199. 

  199. 		foreach ($this->getItemEChildren($name, $type) as $child)

    200. 

  200. 			unset($items[$child->getName()]);

    201. 

  201. 		foreach ($this->getItemEParents($name, $type) as $child)

    202. 

  202. 			unset($items[$child->getName()]);

    203. 

  203. 		unset($items[$name]);

    204. 

  204. 		return $items;

    205. 

  205. 	}

    206. 

  206. 	

    207. 

  207. 	/**

    208. 

  208. 	* Callback to filter auth items that are operations

    209. 

  209. 	* @param CAuthItem the item to test

    210. 

  210. 	*/

    211. 

  211. 	public function isOperation($item) {

    212. 

  212. 		return $item->type==CAuthItem::TYPE_OPERATION;

    213. 

  213. 	}

    214. 

  214. 	

    215. 

  215. 	/**

    216. 

  216. 	* Callback to filter auth items that are tasks

    217. 

  217. 	* @param CAuthItem the item to test

    218. 

  218. 	*/

    219. 

  219. 	public function isTask($item) {

    220. 

  220. 		return $item->type==CAuthItem::TYPE_TASK;

    221. 

  221. 	}

    222. 

  222. 	

    223. 

  223. 	/**

    224. 

  224. 	* Callback to filter auth items that are roles

    225. 

  225. 	* @param CAuthItem the item to test

    226. 

  226. 	*/

    227. 

  227. 	public function isRole($item) {

    228. 

  228. 		return $item->type==CAuthItem::TYPE_ROLE;

    229. 

  229. 	} 

    230. 

  230. }
    231.