3 # FILE: PrivilegeSet.php
5 # Part of the Collection Workflow Integration System (CWIS)
6 # Copyright 2013 Edward Almasy and Internet Scout Research Group
7 # http://scout.wisc.edu/cwis/
27 # if privilege data supplied
30 # if data is in legacy form (an array of privileges)
33 # set internal privilege set from array
34 $this->Privileges = $Data;
38 # set internal values from data
53 function Data($NewValue = NULL)
55 # if new data supplied
56 if ($NewValue !== NULL)
59 $Data = unserialize($NewValue);
61 # unpack privilege data (if available) and load
62 if (array_key_exists(
"Privileges", $Data))
64 $this->Privileges = array();
65 foreach ($Data[
"Privileges"] as $Priv)
67 if (is_array($Priv) && array_key_exists(
"SUBSET", $Priv))
70 $Subset->Data($Priv[
"SUBSET"]);
71 $this->Privileges[] = $Subset;
75 $this->Privileges[] = $Priv;
80 # load associated user ID if available
81 if (array_key_exists(
"UserId", $Data))
83 $this->UserId = $Data[
"UserId"];
86 # load logic if available
87 if (array_key_exists(
"Logic", $Data))
89 $this->Logic = $Data[
"Logic"];
93 # serialize current data and return to caller
95 if (count($this->Privileges))
97 foreach ($this->Privileges as $Priv)
99 $Data[
"Privileges"][] = is_object($Priv)
100 ? array(
"SUBSET" => $Priv->Data())
104 if ($this->UserId !== NULL) { $Data[
"UserId"] = $this->UserId; }
105 $Data[
"Logic"] = $this->Logic;
106 return serialize($Data);
122 # if target set has no requirements then we must be greater
123 if (!count($Set->Privileges)) {
return TRUE; }
125 # for each privilege in target set
126 foreach ($Set->Privileges as $Priv)
128 # if privilege is actually a privilege subgroup
129 if (is_object($Priv))
131 # check if our privileges are greater than subgroup
134 # else if privilege is actually a condition
135 elseif (is_array($Priv))
137 # check if privilege set meets that condition
138 $OursGreater = $this->MeetsCondition($Priv, $Resource);
140 # else privilege is actually a privilege
143 # check we have specified privilege
147 # if only one privilege must be greater
148 if ($this->Logic ==
"OR")
150 # if our privileges were greater
153 # bail out and report to caller that our privileges are greater
157 # else if all privileges must be greater
160 # if our privileges were not greater
163 # bail out and report to caller that our privileges are not greater
169 # all privileges must have been greater (if all required) or none of
170 # the privileges were greater (if only one required)
171 # so report accordingly to caller
185 # just return inverse of IsGreaterThan()
197 # add privilege if not currently in set
200 if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
201 $this->Privileges[] = $Privilege;
213 # remove privilege if currently in set
216 if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
217 $Index = array_search($Privilege, $this->Privileges);
218 unset($this->Privileges[$Index]);
229 # check whether privilege is in our list and report to caller
230 if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
231 return $this->IsInPrivilegeData($Privilege) ? TRUE : FALSE;
244 # grab privilege information and add logic
245 $Info = $this->Privileges;
246 $Info[
"Logic"] = $this->Logic;
248 # return privilege info array to caller
260 # create list of privileges with conditions stripped out
262 foreach ($this->Privileges as $Priv)
264 if (!is_array($Priv)) { $List[] = $Priv; }
267 # return list of privileges to caller
286 $FieldId = is_object($Field) ? $Field->Id() : $Field;
288 # set up condition array
290 "FieldId" => intval($FieldId),
291 "Operator" => trim($Operator),
294 # if condition is not already in set
295 if (!$this->IsInPrivilegeData($Condition))
297 # add condition to privilege set
298 $this->Privileges[] = $Condition;
316 $FieldId = is_object($Field) ? $Field->
Id() : $Field;
318 # set up condition array
320 "FieldId" => intval($FieldId),
321 "Operator" => trim($Operator),
324 # if condition is in set
325 if ($this->IsInPrivilegeData($Condition))
327 # remove condition from privilege set
328 $Index = array_search($Condition, $this->Privileges);
329 unset($this->Privileges[$Index]);
339 # if subgroup is not already in set
340 if (!$this->IsInPrivilegeData($Set))
342 # add subgroup to privilege set
343 $this->Privileges[] = $Set;
358 if ($NewValue !== NULL)
360 $this->Logic = $NewValue ?
"AND" :
"OR";
362 return ($this->Logic ==
"AND") ? TRUE : FALSE;
373 # if new associated user specified
374 if ($NewValue !== NULL)
376 # save ID of new associated user
377 $this->UserId = $NewValue;
380 # return ID of currently associated user to caller
381 return $this->UserId;
385 # ---- PRIVATE INTERFACE -------------------------------------------------
387 private $Privileges = array();
388 private $Logic =
"OR";
389 private $UserId = NULL;
397 private function MeetsCondition($Condition,
Resource $Resource = NULL)
399 # if no resource was available to check against
400 if ($Resource === NULL)
402 # report to caller that we do not meet condition
407 # pre-process condition parameters based on type of field
409 $Operator = $Condition[
"Operator"];
410 $Value = $Condition[
"Value"];
411 $FieldValue = $Resource->Get($Field, TRUE);
412 switch ($Field->Type())
415 # if supplied value is NULL
418 # if local associated user ID is available
419 if ($this->UserId !== NULL)
421 # use ID of associated user
422 $Value = $this->UserId;
424 # else if global user ID available
425 elseif ($GLOBALS[
"G_User"]->IsLoggedIn())
428 $Value = $GLOBALS[
"G_User"]->Id();
432 # report to caller that condition was not met
437 # convert field value to user ID
438 $FieldValue = $FieldValue->Id();
443 # date field values are Date objects, so handle those
444 if ($FieldValue instanceof
Date)
446 $FieldValue = strtotime($FieldValue->Formatted());
449 # timestamp field values are just the date/time string
452 $FieldValue = strtotime($FieldValue);
455 # use the current time for the value if it's NULL
461 # otherwise, parse the value to get a numeric timestamp
464 $Value = strtotime($Value);
473 throw new Exception(
"Unsupported metadata field type ("
474 .print_r($Field->Type(), TRUE)
475 .
") for condition in privilege set.");
479 # compare field value and supplied value using specified operator
483 $Result = ($FieldValue == $Value);
487 $Result = ($FieldValue != $Value);
491 $Result = ($FieldValue < $Value);
495 $Result = ($FieldValue > $Value);
499 $Result = ($FieldValue <= $Value);
503 $Result = ($FieldValue >= $Value);
507 throw new Exception(
"Unsupported condition operator ("
508 .print_r($Operator, TRUE).
") in privilege set.");
512 # report to caller whether condition was met
513 return $Result ? TRUE : FALSE;
525 private function IsInPrivilegeData($Item)
527 # step through privilege data
528 foreach ($this->Privileges as $Priv)
530 # report to caller if item is found
531 if (is_object($Item))
533 if (is_object($Priv) && ($Item == $Priv)) {
return TRUE; }
535 elseif (is_array($Item))
537 if (is_array($Priv) && ($Item == $Priv)) {
return TRUE; }
539 elseif ($Item == $Priv) {
return TRUE; }
542 # report to caller that item is not in privilege data
AssociatedUserId($NewValue=NULL)
Get/set ID of user associated with privilege set.
AddSet(PrivilegeSet $Set)
Add subgroup of privileges/conditions to set.
Set of privileges used to access resource information or other parts of the system.
IsLessThan(PrivilegeSet $Set, Resource $Resource=NULL)
Check whether a privilege set is less than another privilege set.
__construct($Data=NULL)
Class constructor, used to create a new set or reload an existing set from previously-constructed dat...
IncludesPrivilege($Privilege)
Check whether this privilege set includes the specified privilege.
IsGreaterThan(PrivilegeSet $Set, Resource $Resource=NULL)
Check whether a privilege set is greater than or equal to another privilege set.
GetPrivilegeInfo()
Get privilege information as an array, with numerical indexes except for the logic, which is contained in a element with the index "Logic".
GetPrivilegeList()
Get list of privileges.
Data($NewValue=NULL)
Get/set privilege set data, in the form of an opaque string.
Represents a "resource" in CWIS.
AddPrivilege($Privilege)
Add specified privilege to set.
AddCondition($Field, $Value=NULL, $Operator="==")
Add condition to privilege set.
RemovePrivilege($Privilege)
Remove specified privilege from set.
AllRequired($NewValue=NULL)
Get/set whether all privileges/conditions in set are required (i.e.
RemoveCondition(MetadataField $Field, $Value=NULL, $Operator="==")
Remove condition from privilege set.