CWIS Developer Documentation
PrivilegeSet.php
Go to the documentation of this file.
1 <?PHP
2 #
3 # FILE: PrivilegeSet.php
4 #
5 # Part of the Collection Workflow Integration System (CWIS)
6 # Copyright 2013 Edward Almasy and Internet Scout Research Group
7 # http://scout.wisc.edu/cwis/
8 #
9 
16 class PrivilegeSet {
17 
25  function __construct($Data = NULL)
26  {
27  # if privilege data supplied
28  if ($Data !== NULL)
29  {
30  # if data is in legacy form (an array of privileges)
31  if (is_array($Data))
32  {
33  # set internal privilege set from array
34  $this->Privileges = $Data;
35  }
36  else
37  {
38  # set internal values from data
39  $this->LoadFromData($Data);
40  }
41  }
42  }
43 
53  function Data($NewValue = NULL)
54  {
55  # if new data supplied
56  if ($NewValue !== NULL)
57  {
58  # unpack privilege data and load
59  $this->LoadFromData($NewValue);
60  }
61 
62  # serialize current data and return to caller
63  $Data = array();
64  if (count($this->Privileges))
65  {
66  foreach ($this->Privileges as $Priv)
67  {
68  $Data["Privileges"][] = is_object($Priv)
69  ? array("SUBSET" => $Priv->Data())
70  : $Priv;
71  }
72  }
73  if ($this->UserId !== NULL) { $Data["UserId"] = $this->UserId; }
74  $Data["Logic"] = $this->Logic;
75  return serialize($Data);
76  }
77 
89  function IsGreaterThan(PrivilegeSet $Set, $Resource = self::NO_RESOURCE)
90  {
91  # if target set has no requirements then we must be greater
92  if (!count($Set->Privileges)) { return TRUE; }
93 
94  # for each privilege in target set
95  foreach ($Set->Privileges as $Priv)
96  {
97  # if privilege is actually a privilege subgroup
98  if (is_object($Priv))
99  {
100  # check if our privileges are greater than subgroup
101  $OursGreater = $this->IsGreaterThan($Priv, $Resource);
102  }
103  # else if privilege is actually a condition
104  elseif (is_array($Priv))
105  {
106  # check if privilege set meets that condition
107  $OursGreater = $this->MeetsCondition($Priv, $Resource);
108  }
109  # else privilege is actually a privilege
110  else
111  {
112  # check we have specified privilege
113  $OursGreater = $this->IncludesPrivilege($Priv);
114  }
115 
116  # if either set requires that all privileges must be greater
117  if (($this->Logic == "AND") || ($Set->Logic == "AND"))
118  {
119  # if our privileges were not greater
120  if (!$OursGreater)
121  {
122  # bail out and report to caller that our privileges are not greater
123  break;
124  }
125  }
126  # else if only one privilege must be greater
127  else
128  {
129  # if our privileges were greater
130  if ($OursGreater)
131  {
132  # bail out and report to caller that our privileges are greater
133  break;
134  }
135  }
136  }
137 
138  # all privileges must have been greater (if all required) or none of
139  # the privileges were greater (if only one required)
140  # so report accordingly to caller
141  return $OursGreater;
142  }
143 
152  function IsLessThan(PrivilegeSet $Set, Resource $Resource = NULL)
153  {
154  # just return inverse of IsGreaterThan()
155  return $this->IsGreaterThan($Set, $Resource) ? FALSE : TRUE;
156  }
157 
164  function AddPrivilege($Privilege)
165  {
166  # add privilege if not currently in set
167  if (!$this->IncludesPrivilege($Privilege))
168  {
169  if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
170  $this->Privileges[] = $Privilege;
171  }
172  }
173 
180  function RemovePrivilege($Privilege)
181  {
182  # remove privilege if currently in set
183  if ($this->IncludesPrivilege($Privilege))
184  {
185  if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
186  $Index = array_search($Privilege, $this->Privileges);
187  unset($this->Privileges[$Index]);
188  }
189  }
190 
196  function IncludesPrivilege($Privilege)
197  {
198  # check whether privilege is in our list and report to caller
199  if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
200  return $this->IsInPrivilegeData($Privilege) ? TRUE : FALSE;
201  }
202 
211  function GetPrivilegeInfo()
212  {
213  # grab privilege information and add logic
214  $Info = $this->Privileges;
215  $Info["Logic"] = $this->Logic;
216 
217  # return privilege info array to caller
218  return $Info;
219  }
220 
227  function GetPrivilegeList()
228  {
229  # create list of privileges with conditions stripped out
230  $List = array();
231  foreach ($this->Privileges as $Priv)
232  {
233  if (!is_array($Priv)) { $List[] = $Priv; }
234  }
235 
236  # return list of privileges to caller
237  return $List;
238  }
239 
252  function AddCondition($Field, $Value = NULL, $Operator = "==")
253  {
254  # get field ID
255  $FieldId = is_object($Field) ? $Field->Id() : $Field;
256 
257  # set up condition array
258  $Condition = array(
259  "FieldId" => intval($FieldId),
260  "Operator" => trim($Operator),
261  "Value" => $Value);
262 
263  # if condition is not already in set
264  if (!$this->IsInPrivilegeData($Condition))
265  {
266  # add condition to privilege set
267  $this->Privileges[] = $Condition;
268  }
269  }
270 
282  function RemoveCondition(MetadataField $Field, $Value = NULL, $Operator = "==")
283  {
284  # get field ID
285  $FieldId = is_object($Field) ? $Field->Id() : $Field;
286 
287  # set up condition array
288  $Condition = array(
289  "FieldId" => intval($FieldId),
290  "Operator" => trim($Operator),
291  "Value" => $Value);
292 
293  # if condition is in set
294  if ($this->IsInPrivilegeData($Condition))
295  {
296  # remove condition from privilege set
297  $Index = array_search($Condition, $this->Privileges);
298  unset($this->Privileges[$Index]);
299  }
300  }
301 
306  function AddSet(PrivilegeSet $Set)
307  {
308  # if subgroup is not already in set
309  if (!$this->IsInPrivilegeData($Set))
310  {
311  # add subgroup to privilege set
312  $this->Privileges[] = $Set;
313  }
314  }
315 
325  function AllRequired($NewValue = NULL)
326  {
327  if ($NewValue !== NULL)
328  {
329  $this->Logic = $NewValue ? "AND" : "OR";
330  }
331  return ($this->Logic == "AND") ? TRUE : FALSE;
332  }
333 
340  function AssociatedUserId($NewValue = NULL)
341  {
342  # if new associated user specified
343  if ($NewValue !== NULL)
344  {
345  # save ID of new associated user
346  $this->UserId = $NewValue;
347  }
348 
349  # return ID of currently associated user to caller
350  return $this->UserId;
351  }
352 
353 
354  # ---- PRIVATE INTERFACE -------------------------------------------------
355 
356  private $Privileges = array();
357  private $Logic = "OR";
358  private $UserId = NULL;
359 
360  const NO_RESOURCE = "XXX NO RESOURCE XXX";
361 
366  private function LoadFromData($Serialized)
367  {
368  # unpack new data
369  $Data = unserialize($Serialized);
370 
371  # unpack privilege data (if available) and load
372  if (array_key_exists("Privileges", $Data))
373  {
374  $this->Privileges = array();
375  foreach ($Data["Privileges"] as $Priv)
376  {
377  if (is_array($Priv) && array_key_exists("SUBSET", $Priv))
378  {
379  $Subset = new PrivilegeSet();
380  $Subset->LoadFromData($Priv["SUBSET"]);
381  $this->Privileges[] = $Subset;
382  }
383  else
384  {
385  $this->Privileges[] = $Priv;
386  }
387  }
388  }
389 
390  # load associated user ID if available
391  if (array_key_exists("UserId", $Data))
392  {
393  $this->UserId = $Data["UserId"];
394  }
395 
396  # load logic if available
397  if (array_key_exists("Logic", $Data))
398  {
399  $this->Logic = $Data["Logic"];
400  }
401  }
402 
409  private function MeetsCondition($Condition, $Resource = self::NO_RESOURCE)
410  {
411  # if no resource was available to check against
412  if ($Resource === "XXX NO RESOURCE XXX")
413  {
414  # report to caller that we do meet condition
415  return TRUE;
416  }
417  elseif ($Resource instanceof Resource)
418  {
419  # pre-process condition parameters based on type of field
420  $Field = new MetadataField($Condition["FieldId"]);
421  $Operator = $Condition["Operator"];
422  $Value = $Condition["Value"];
423  $FieldValue = $Resource->Get($Field, TRUE);
424  switch ($Field->Type())
425  {
427  # if supplied value is NULL
428  if ($Value === NULL)
429  {
430  # if local associated user ID is available
431  if ($this->UserId !== NULL)
432  {
433  # use ID of associated user
434  $Value = $this->UserId;
435  }
436  # else if global user ID available
437  elseif ($GLOBALS["G_User"]->IsLoggedIn())
438  {
439  # use global user ID
440  $Value = $GLOBALS["G_User"]->Id();
441  }
442  else
443  {
444  # report to caller that condition was not met
445  return FALSE;
446  }
447  }
448 
449  # convert field value to user ID
450  $FieldValue = $FieldValue->Id();
451  break;
452 
455  # date field values are Date objects, so handle those
456  if ($FieldValue instanceof Date)
457  {
458  $FieldValue = strtotime($FieldValue->Formatted());
459  }
460 
461  # timestamp field values are just the date/time string
462  else
463  {
464  $FieldValue = strtotime($FieldValue);
465  }
466 
467  # use the current time for the value if it's NULL
468  if ($Value === NULL)
469  {
470  $Value = time();
471  }
472 
473  # otherwise, parse the value to get a numeric timestamp
474  else
475  {
476  $Value = strtotime($Value);
477  }
478  break;
479 
482  break;
483 
484  default:
485  throw new Exception("Unsupported metadata field type ("
486  .print_r($Field->Type(), TRUE)
487  .") for condition in privilege set.");
488  break;
489  }
490 
491  # compare field value and supplied value using specified operator
492  switch ($Operator)
493  {
494  case "==":
495  $Result = ($FieldValue == $Value);
496  break;
497 
498  case "!=":
499  $Result = ($FieldValue != $Value);
500  break;
501 
502  case "<":
503  $Result = ($FieldValue < $Value);
504  break;
505 
506  case ">":
507  $Result = ($FieldValue > $Value);
508  break;
509 
510  case "<=":
511  $Result = ($FieldValue <= $Value);
512  break;
513 
514  case ">=":
515  $Result = ($FieldValue >= $Value);
516  break;
517 
518  default:
519  throw new Exception("Unsupported condition operator ("
520  .print_r($Operator, TRUE).") in privilege set.");
521  break;
522  }
523 
524  # report to caller whether condition was met
525  return $Result ? TRUE : FALSE;
526  }
527  else
528  {
529  # error out because resource was illegal
530  throw new Exception("Invalid Resource passed in for privilege"
531  ." set comparison.");
532  }
533  }
534 
543  private function IsInPrivilegeData($Item)
544  {
545  # step through privilege data
546  foreach ($this->Privileges as $Priv)
547  {
548  # report to caller if item is found
549  if (is_object($Item))
550  {
551  if (is_object($Priv) && ($Item == $Priv)) { return TRUE; }
552  }
553  elseif (is_array($Item))
554  {
555  if (is_array($Priv) && ($Item == $Priv)) { return TRUE; }
556  }
557  elseif ($Item == $Priv) { return TRUE; }
558  }
559 
560  # report to caller that item is not in privilege data
561  return FALSE;
562  }
563 }
AssociatedUserId($NewValue=NULL)
Get/set ID of user associated with privilege set.
AddSet(PrivilegeSet $Set)
Add subgroup of privileges/conditions to set.
Set of privileges used to access resource information or other parts of the system.
IsLessThan(PrivilegeSet $Set, Resource $Resource=NULL)
Check whether a privilege set is less than another privilege set.
PHP
Definition: OAIClient.php:39
__construct($Data=NULL)
Class constructor, used to create a new set or reload an existing set from previously-constructed dat...
IncludesPrivilege($Privilege)
Check whether this privilege set includes the specified privilege.
GetPrivilegeInfo()
Get privilege information as an array, with numerical indexes except for the logic, which is contained in a element with the index &quot;Logic&quot;.
GetPrivilegeList()
Get list of privileges.
Object representing a locally-defined type of metadata field.
Data($NewValue=NULL)
Get/set privilege set data, in the form of an opaque string.
Represents a &quot;resource&quot; in CWIS.
Definition: Resource.php:13
IsGreaterThan(PrivilegeSet $Set, $Resource=self::NO_RESOURCE)
Check whether a privilege set is greater than or equal to another privilege set.
Id()
Get metadata field ID.
AddPrivilege($Privilege)
Add specified privilege to set.
AddCondition($Field, $Value=NULL, $Operator="==")
Add condition to privilege set.
RemovePrivilege($Privilege)
Remove specified privilege from set.
AllRequired($NewValue=NULL)
Get/set whether all privileges/conditions in set are required (i.e.
RemoveCondition(MetadataField $Field, $Value=NULL, $Operator="==")
Remove condition from privilege set.