3 # FILE: PrivilegeSet.php
5 # Part of the Collection Workflow Integration System (CWIS)
6 # Copyright 2013 Edward Almasy and Internet Scout Research Group
7 # http://scout.wisc.edu/cwis/
27 # if privilege data supplied
30 # if data is in legacy form (an array of privileges)
33 # set internal privilege set from array
34 $this->Privileges = $Data;
38 # set internal values from data
39 $this->LoadFromData($Data);
53 function Data($NewValue = NULL)
55 # if new data supplied
56 if ($NewValue !== NULL)
58 # unpack privilege data and load
59 $this->LoadFromData($NewValue);
62 # serialize current data and return to caller
64 if (count($this->Privileges))
66 foreach ($this->Privileges as $Priv)
68 $Data[
"Privileges"][] = is_object($Priv)
69 ? array(
"SUBSET" => $Priv->Data())
73 if ($this->UserId !== NULL) { $Data[
"UserId"] = $this->UserId; }
74 $Data[
"Logic"] = $this->Logic;
75 return serialize($Data);
91 # if target set has no requirements then we must be greater
92 if (!count($Set->Privileges)) {
return TRUE; }
94 # for each privilege in target set
95 foreach ($Set->Privileges as $Priv)
97 # if privilege is actually a privilege subgroup
100 # check if our privileges are greater than subgroup
103 # else if privilege is actually a condition
104 elseif (is_array($Priv))
106 # check if privilege set meets that condition
107 $OursGreater = $this->MeetsCondition($Priv, $Resource);
109 # else privilege is actually a privilege
112 # check we have specified privilege
116 # if either set requires that all privileges must be greater
117 if (($this->Logic ==
"AND") || ($Set->Logic ==
"AND"))
119 # if our privileges were not greater
122 # bail out and report to caller that our privileges are not greater
126 # else if only one privilege must be greater
129 # if our privileges were greater
132 # bail out and report to caller that our privileges are greater
138 # all privileges must have been greater (if all required) or none of
139 # the privileges were greater (if only one required)
140 # so report accordingly to caller
154 # just return inverse of IsGreaterThan()
166 # add privilege if not currently in set
169 if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
170 $this->Privileges[] = $Privilege;
182 # remove privilege if currently in set
185 if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
186 $Index = array_search($Privilege, $this->Privileges);
187 unset($this->Privileges[$Index]);
198 # check whether privilege is in our list and report to caller
199 if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
200 return $this->IsInPrivilegeData($Privilege) ? TRUE : FALSE;
213 # grab privilege information and add logic
214 $Info = $this->Privileges;
215 $Info[
"Logic"] = $this->Logic;
217 # return privilege info array to caller
229 # create list of privileges with conditions stripped out
231 foreach ($this->Privileges as $Priv)
233 if (!is_array($Priv)) { $List[] = $Priv; }
236 # return list of privileges to caller
255 $FieldId = is_object($Field) ? $Field->Id() : $Field;
257 # set up condition array
259 "FieldId" => intval($FieldId),
260 "Operator" => trim($Operator),
263 # if condition is not already in set
264 if (!$this->IsInPrivilegeData($Condition))
266 # add condition to privilege set
267 $this->Privileges[] = $Condition;
285 $FieldId = is_object($Field) ? $Field->
Id() : $Field;
287 # set up condition array
289 "FieldId" => intval($FieldId),
290 "Operator" => trim($Operator),
293 # if condition is in set
294 if ($this->IsInPrivilegeData($Condition))
296 # remove condition from privilege set
297 $Index = array_search($Condition, $this->Privileges);
298 unset($this->Privileges[$Index]);
308 # if subgroup is not already in set
309 if (!$this->IsInPrivilegeData($Set))
311 # add subgroup to privilege set
312 $this->Privileges[] = $Set;
327 if ($NewValue !== NULL)
329 $this->Logic = $NewValue ?
"AND" :
"OR";
331 return ($this->Logic ==
"AND") ? TRUE : FALSE;
342 # if new associated user specified
343 if ($NewValue !== NULL)
345 # save ID of new associated user
346 $this->UserId = $NewValue;
349 # return ID of currently associated user to caller
350 return $this->UserId;
354 # ---- PRIVATE INTERFACE -------------------------------------------------
356 private $Privileges = array();
357 private $Logic =
"OR";
358 private $UserId = NULL;
366 private function LoadFromData($Serialized)
369 $Data = unserialize($Serialized);
371 # unpack privilege data (if available) and load
372 if (array_key_exists(
"Privileges", $Data))
374 $this->Privileges = array();
375 foreach ($Data[
"Privileges"] as $Priv)
377 if (is_array($Priv) && array_key_exists(
"SUBSET", $Priv))
380 $Subset->LoadFromData($Priv[
"SUBSET"]);
381 $this->Privileges[] = $Subset;
385 $this->Privileges[] = $Priv;
390 # load associated user ID if available
391 if (array_key_exists(
"UserId", $Data))
393 $this->UserId = $Data[
"UserId"];
396 # load logic if available
397 if (array_key_exists(
"Logic", $Data))
399 $this->Logic = $Data[
"Logic"];
409 private function MeetsCondition($Condition, $Resource = self::NO_RESOURCE)
411 # if no resource was available to check against
412 if ($Resource ===
"XXX NO RESOURCE XXX")
414 # report to caller that we do meet condition
417 elseif ($Resource instanceof
Resource)
419 # pre-process condition parameters based on type of field
421 $Operator = $Condition[
"Operator"];
422 $Value = $Condition[
"Value"];
423 $FieldValue = $Resource->Get($Field, TRUE);
424 switch ($Field->Type())
427 # if supplied value is NULL
430 # if local associated user ID is available
431 if ($this->UserId !== NULL)
433 # use ID of associated user
434 $Value = $this->UserId;
436 # else if global user ID available
437 elseif ($GLOBALS[
"G_User"]->IsLoggedIn())
440 $Value = $GLOBALS[
"G_User"]->Id();
444 # report to caller that condition was not met
449 # convert field value to user ID
450 $FieldValue = $FieldValue->Id();
455 # date field values are Date objects, so handle those
456 if ($FieldValue instanceof
Date)
458 $FieldValue = strtotime($FieldValue->Formatted());
461 # timestamp field values are just the date/time string
464 $FieldValue = strtotime($FieldValue);
467 # use the current time for the value if it's NULL
473 # otherwise, parse the value to get a numeric timestamp
476 $Value = strtotime($Value);
485 throw new Exception(
"Unsupported metadata field type ("
486 .print_r($Field->Type(), TRUE)
487 .
") for condition in privilege set.");
491 # compare field value and supplied value using specified operator
495 $Result = ($FieldValue == $Value);
499 $Result = ($FieldValue != $Value);
503 $Result = ($FieldValue < $Value);
507 $Result = ($FieldValue > $Value);
511 $Result = ($FieldValue <= $Value);
515 $Result = ($FieldValue >= $Value);
519 throw new Exception(
"Unsupported condition operator ("
520 .print_r($Operator, TRUE).
") in privilege set.");
524 # report to caller whether condition was met
525 return $Result ? TRUE : FALSE;
529 # error out because resource was illegal
530 throw new Exception(
"Invalid Resource passed in for privilege"
531 .
" set comparison.");
543 private function IsInPrivilegeData($Item)
545 # step through privilege data
546 foreach ($this->Privileges as $Priv)
548 # report to caller if item is found
549 if (is_object($Item))
551 if (is_object($Priv) && ($Item == $Priv)) {
return TRUE; }
553 elseif (is_array($Item))
555 if (is_array($Priv) && ($Item == $Priv)) {
return TRUE; }
557 elseif ($Item == $Priv) {
return TRUE; }
560 # report to caller that item is not in privilege data
AssociatedUserId($NewValue=NULL)
Get/set ID of user associated with privilege set.
AddSet(PrivilegeSet $Set)
Add subgroup of privileges/conditions to set.
Set of privileges used to access resource information or other parts of the system.
IsLessThan(PrivilegeSet $Set, Resource $Resource=NULL)
Check whether a privilege set is less than another privilege set.
__construct($Data=NULL)
Class constructor, used to create a new set or reload an existing set from previously-constructed dat...
IncludesPrivilege($Privilege)
Check whether this privilege set includes the specified privilege.
GetPrivilegeInfo()
Get privilege information as an array, with numerical indexes except for the logic, which is contained in a element with the index "Logic".
GetPrivilegeList()
Get list of privileges.
Data($NewValue=NULL)
Get/set privilege set data, in the form of an opaque string.
Represents a "resource" in CWIS.
IsGreaterThan(PrivilegeSet $Set, $Resource=self::NO_RESOURCE)
Check whether a privilege set is greater than or equal to another privilege set.
AddPrivilege($Privilege)
Add specified privilege to set.
AddCondition($Field, $Value=NULL, $Operator="==")
Add condition to privilege set.
RemovePrivilege($Privilege)
Remove specified privilege from set.
AllRequired($NewValue=NULL)
Get/set whether all privileges/conditions in set are required (i.e.
RemoveCondition(MetadataField $Field, $Value=NULL, $Operator="==")
Remove condition from privilege set.