3 # FILE: PrivilegeSet.php
5 # Part of the Collection Workflow Integration System (CWIS)
6 # Copyright 2013 Edward Almasy and Internet Scout Research Group
7 # http://scout.wisc.edu/cwis/
18 # used as a field ID in conditions to test whether a resources is
19 # available as part of the privilege check
31 # if privilege data supplied
34 # if data is in legacy form (an array of privileges)
37 # set internal privilege set from array
38 $this->Privileges = $Data;
42 # set internal values from data
43 $this->LoadFromData($Data);
57 function Data($NewValue = NULL)
59 # if new data supplied
60 if ($NewValue !== NULL)
62 # unpack privilege data and load
63 $this->LoadFromData($NewValue);
66 # serialize current data and return to caller
68 if (count($this->Privileges))
70 foreach ($this->Privileges as $Priv)
72 $Data[
"Privileges"][] = is_object($Priv)
73 ? array(
"SUBSET" => $Priv->Data())
77 if ($this->UserId !== NULL) { $Data[
"UserId"] = $this->UserId; }
78 $Data[
"Logic"] = $this->Logic;
79 return serialize($Data);
95 # if target set has no requirements then we must be greater
96 if (!count($Set->Privileges)) {
return TRUE; }
98 # for each privilege in target set
99 foreach ($Set->Privileges as $Priv)
101 # if privilege is actually a privilege subgroup
102 if (is_object($Priv))
104 # check if our privileges are greater than subgroup
107 # else if privilege is actually a condition
108 elseif (is_array($Priv))
110 # check if privilege set meets that condition
111 $OursGreater = $this->MeetsCondition($Priv, $Resource, $Set->Logic);
113 # else privilege is actually a privilege
116 # check we have specified privilege
120 # if either set requires that all privileges must be greater
121 if (($this->Logic ==
"AND") || ($Set->Logic ==
"AND"))
123 # if our privileges were not greater
126 # bail out and report to caller that our privileges are not greater
130 # else if only one privilege must be greater
133 # if our privileges were greater
136 # bail out and report to caller that our privileges are greater
142 # all privileges must have been greater (if all required) or none of
143 # the privileges were greater (if only one required)
144 # so report accordingly to caller
158 # just return inverse of IsGreaterThan()
170 # add privilege if not currently in set
173 if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
174 $this->Privileges[] = $Privilege;
186 # remove privilege if currently in set
189 if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
190 $Index = array_search($Privilege, $this->Privileges);
191 unset($this->Privileges[$Index]);
202 # check whether privilege is in our list and report to caller
203 if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
204 return $this->IsInPrivilegeData($Privilege) ? TRUE : FALSE;
217 # grab privilege information and add logic
218 $Info = $this->Privileges;
219 $Info[
"Logic"] = $this->Logic;
221 # return privilege info array to caller
233 # create list of privileges with conditions stripped out
235 foreach ($this->Privileges as $Priv)
237 if (!is_array($Priv)) { $List[] = $Priv; }
240 # return list of privileges to caller
261 $FieldId = is_object($Field) ? $Field->Id() : $Field;
263 # set up condition array
265 "FieldId" => intval($FieldId),
266 "Operator" => trim($Operator),
269 # if condition is not already in set
270 if (!$this->IsInPrivilegeData($Condition))
272 # add condition to privilege set
273 $this->Privileges[] = $Condition;
291 $FieldId = is_object($Field) ? $Field->Id() : $Field;
293 # set up condition array
295 "FieldId" => intval($FieldId),
296 "Operator" => trim($Operator),
299 # if condition is in set
300 if ($this->IsInPrivilegeData($Condition))
302 # remove condition from privilege set
303 $Index = array_search($Condition, $this->Privileges);
304 unset($this->Privileges[$Index]);
314 # if subgroup is not already in set
315 if (!$this->IsInPrivilegeData($Set))
317 # add subgroup to privilege set
318 $this->Privileges[] = $Set;
333 if ($NewValue !== NULL)
335 $this->Logic = $NewValue ?
"AND" :
"OR";
337 return ($this->Logic ==
"AND") ? TRUE : FALSE;
348 # if new associated user specified
349 if ($NewValue !== NULL)
351 # save ID of new associated user
352 $this->UserId = $NewValue;
355 # return ID of currently associated user to caller
356 return $this->UserId;
360 # ---- PRIVATE INTERFACE -------------------------------------------------
362 private $Privileges = array();
363 private $Logic =
"OR";
364 private $UserId = NULL;
372 private function LoadFromData($Serialized)
374 # save calling context in case load causes out-of-memory crash
375 $GLOBALS[
"AF"]->RecordContextInCaseOfCrash();
378 $Data = unserialize($Serialized);
380 # unpack privilege data (if available) and load
381 if (array_key_exists(
"Privileges", $Data))
383 $this->Privileges = array();
384 foreach ($Data[
"Privileges"] as $Priv)
386 if (is_array($Priv) && array_key_exists(
"SUBSET", $Priv))
389 $Subset->LoadFromData($Priv[
"SUBSET"]);
390 $this->Privileges[] = $Subset;
394 $this->Privileges[] = $Priv;
399 # load associated user ID if available
400 if (array_key_exists(
"UserId", $Data))
402 $this->UserId = $Data[
"UserId"];
405 # load logic if available
406 if (array_key_exists(
"Logic", $Data))
408 $this->Logic = $Data[
"Logic"];
420 private function MeetsCondition($Condition, $Resource, $Logic)
422 # if condition is a check for whether a resource is available
423 if ($Condition[
"FieldId"] == self::HAVE_RESOURCE)
425 # return a result based on whether a resource is available
426 return ((
bool)($Resource == self::NO_RESOURCE)
427 != (
bool)$Condition[
"Value"]) ? TRUE : FALSE;
429 # else if no resource is available
430 elseif ($Resource == self::NO_RESOURCE)
432 # return a result that in effect ignores the condition
433 return ($Logic ==
"AND") ? TRUE : FALSE;
435 # else if resource is valid
436 elseif ($Resource instanceof
Resource)
438 # pre-process condition parameters based on type of field
445 # if the field in a condition was invalid, the condition fails
449 $Operator = $Condition[
"Operator"];
450 $Value = $Condition[
"Value"];
451 $FieldValue = $Resource->Get($Field, TRUE);
452 switch ($Field->Type())
455 # if supplied value is NULL
458 # if local associated user ID is available
459 if ($this->UserId !== NULL)
461 # use ID of associated user
462 $Value = $this->UserId;
464 # else if global user ID available
465 elseif ($GLOBALS[
"G_User"]->IsLoggedIn())
468 $Value = $GLOBALS[
"G_User"]->Id();
472 # report to caller that condition was not met
477 # convert field value to user ID
478 $FieldValue = $FieldValue->Id();
483 # date field values are Date objects, so handle those
484 if ($FieldValue instanceof
Date)
486 $FieldValue = strtotime($FieldValue->Formatted());
489 # timestamp field values are just the date/time string
492 $FieldValue = strtotime($FieldValue);
495 # use the current time for the value if it's NULL
501 # otherwise, parse the value to get a numeric timestamp
504 $Value = strtotime($Value);
513 # for options, construct a list of the CNIDs in this field
515 foreach ($FieldValue as $CName)
517 $NewValue []= $CName->Id();
519 $FieldValue = $NewValue;
523 throw new Exception(
"Unsupported metadata field type ("
524 .print_r($Field->Type(), TRUE)
525 .
") for condition in privilege set.");
529 # compare field value and supplied value using specified operator
533 if (is_array($FieldValue))
535 # equality against an option field is a 'contains' condition,
536 # true if the specified value is one of those set
538 foreach ($FieldValue as $FieldValue_i)
540 $Result |= ($FieldValue_i == $Value);
545 $Result = ($FieldValue == $Value);
550 if (is_array($FieldValue))
552 # not equal against an option field is 'does not contains',
553 # true as long as the spcified value is not one of those set
555 foreach ($FieldValue as $FieldValue_i)
557 $Result &= ($FieldValue_i != $Value);
562 $Result = ($FieldValue != $Value);
567 $Result = ($FieldValue < $Value);
571 $Result = ($FieldValue > $Value);
575 $Result = ($FieldValue <= $Value);
579 $Result = ($FieldValue >= $Value);
583 throw new Exception(
"Unsupported condition operator ("
584 .print_r($Operator, TRUE).
") in privilege set.");
588 # report to caller whether condition was met
589 return $Result ? TRUE : FALSE;
593 # error out because resource was illegal
594 throw new Exception(
"Invalid Resource passed in for privilege"
595 .
" set comparison.");
607 private function IsInPrivilegeData($Item)
609 # step through privilege data
610 foreach ($this->Privileges as $Priv)
612 # report to caller if item is found
613 if (is_object($Item))
615 if (is_object($Priv) && ($Item == $Priv)) {
return TRUE; }
617 elseif (is_array($Item))
619 if (is_array($Priv) && ($Item == $Priv)) {
return TRUE; }
621 elseif ($Item == $Priv) {
return TRUE; }
624 # report to caller that item is not in privilege data
AssociatedUserId($NewValue=NULL)
Get/set ID of user associated with privilege set.
AddSet(PrivilegeSet $Set)
Add subgroup of privileges/conditions to set.
Set of privileges used to access resource information or other parts of the system.
IsLessThan(PrivilegeSet $Set, Resource $Resource=NULL)
Check whether a privilege set is less than another privilege set.
__construct($Data=NULL)
Class constructor, used to create a new set or reload an existing set from previously-constructed dat...
IncludesPrivilege($Privilege)
Check whether this privilege set includes the specified privilege.
GetPrivilegeInfo()
Get privilege information as an array, with numerical indexes except for the logic, which is contained in a element with the index "Logic".
GetPrivilegeList()
Get list of privileges.
Data($NewValue=NULL)
Get/set privilege set data, in the form of an opaque string.
Represents a "resource" in CWIS.
IsGreaterThan(PrivilegeSet $Set, $Resource=self::NO_RESOURCE)
Check whether a privilege set is greater than or equal to another privilege set.
AddPrivilege($Privilege)
Add specified privilege to set.
AddCondition($Field, $Value=NULL, $Operator="==")
Add condition to privilege set.
RemovePrivilege($Privilege)
Remove specified privilege from set.
AllRequired($NewValue=NULL)
Get/set whether all privileges/conditions in set are required (i.e.
RemoveCondition($Field, $Value=NULL, $Operator="==")
Remove condition from privilege set.