CWIS Developer Documentation
PrivilegeSet.php
Go to the documentation of this file.
1 <?PHP
2 #
3 # FILE: PrivilegeSet.php
4 #
5 # Part of the Collection Workflow Integration System (CWIS)
6 # Copyright 2013 Edward Almasy and Internet Scout Research Group
7 # http://scout.wisc.edu/cwis/
8 #
9 
16 class PrivilegeSet {
17 
25  function __construct($Data = NULL)
26  {
27  # if privilege data supplied
28  if ($Data !== NULL)
29  {
30  # if data is in legacy form (an array of privileges)
31  if (is_array($Data))
32  {
33  # set internal privilege set from array
34  $this->Privileges = $Data;
35  }
36  else
37  {
38  # set internal values from data
39  $this->Data($Data);
40  }
41  }
42  }
43 
53  function Data($NewValue = NULL)
54  {
55  # if new data supplied
56  if ($NewValue !== NULL)
57  {
58  # unpack new data
59  $Data = unserialize($NewValue);
60 
61  # unpack privilege data (if available) and load
62  if (array_key_exists("Privileges", $Data))
63  {
64  $this->Privileges = array();
65  foreach ($Data["Privileges"] as $Priv)
66  {
67  if (is_array($Priv) && array_key_exists("SUBSET", $Priv))
68  {
69  $Subset = new PrivilegeSet();
70  $Subset->Data($Priv["SUBSET"]);
71  $this->Privileges[] = $Subset;
72  }
73  else
74  {
75  $this->Privileges[] = $Priv;
76  }
77  }
78  }
79 
80  # load associated user ID if available
81  if (array_key_exists("UserId", $Data))
82  {
83  $this->UserId = $Data["UserId"];
84  }
85 
86  # load logic if available
87  if (array_key_exists("Logic", $Data))
88  {
89  $this->Logic = $Data["Logic"];
90  }
91  }
92 
93  # serialize current data and return to caller
94  $Data = array();
95  if (count($this->Privileges))
96  {
97  foreach ($this->Privileges as $Priv)
98  {
99  $Data["Privileges"][] = is_object($Priv)
100  ? array("SUBSET" => $Priv->Data())
101  : $Priv;
102  }
103  }
104  if ($this->UserId !== NULL) { $Data["UserId"] = $this->UserId; }
105  $Data["Logic"] = $this->Logic;
106  return serialize($Data);
107  }
108 
120  function IsGreaterThan(PrivilegeSet $Set, Resource $Resource = NULL)
121  {
122  # if target set has no requirements then we must be greater
123  if (!count($Set->Privileges)) { return TRUE; }
124 
125  # for each privilege in target set
126  foreach ($Set->Privileges as $Priv)
127  {
128  # if privilege is actually a privilege subgroup
129  if (is_object($Priv))
130  {
131  # check if our privileges are greater than subgroup
132  $OursGreater = $this->IsGreaterThan($Priv, $Resource);
133  }
134  # else if privilege is actually a condition
135  elseif (is_array($Priv))
136  {
137  # check if privilege set meets that condition
138  $OursGreater = $this->MeetsCondition($Priv, $Resource);
139  }
140  # else privilege is actually a privilege
141  else
142  {
143  # check we have specified privilege
144  $OursGreater = $this->IncludesPrivilege($Priv);
145  }
146 
147  # if only one privilege must be greater
148  if ($this->Logic == "OR")
149  {
150  # if our privileges were greater
151  if ($OursGreater)
152  {
153  # bail out and report to caller that our privileges are greater
154  break;
155  }
156  }
157  # else if all privileges must be greater
158  else
159  {
160  # if our privileges were not greater
161  if (!$OursGreater)
162  {
163  # bail out and report to caller that our privileges are not greater
164  break;
165  }
166  }
167  }
168 
169  # all privileges must have been greater (if all required) or none of
170  # the privileges were greater (if only one required)
171  # so report accordingly to caller
172  return $OursGreater;
173  }
174 
183  function IsLessThan(PrivilegeSet $Set, Resource $Resource = NULL)
184  {
185  # just return inverse of IsGreaterThan()
186  return $this->IsGreaterThan($Set, $Resource) ? FALSE : TRUE;
187  }
188 
195  function AddPrivilege($Privilege)
196  {
197  # add privilege if not currently in set
198  if (!$this->IncludesPrivilege($Privilege))
199  {
200  if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
201  $this->Privileges[] = $Privilege;
202  }
203  }
204 
211  function RemovePrivilege($Privilege)
212  {
213  # remove privilege if currently in set
214  if ($this->IncludesPrivilege($Privilege))
215  {
216  if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
217  $Index = array_search($Privilege, $this->Privileges);
218  unset($this->Privileges[$Index]);
219  }
220  }
221 
227  function IncludesPrivilege($Privilege)
228  {
229  # check whether privilege is in our list and report to caller
230  if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
231  return $this->IsInPrivilegeData($Privilege) ? TRUE : FALSE;
232  }
233 
242  function GetPrivilegeInfo()
243  {
244  # grab privilege information and add logic
245  $Info = $this->Privileges;
246  $Info["Logic"] = $this->Logic;
247 
248  # return privilege info array to caller
249  return $Info;
250  }
251 
258  function GetPrivilegeList()
259  {
260  # create list of privileges with conditions stripped out
261  $List = array();
262  foreach ($this->Privileges as $Priv)
263  {
264  if (!is_array($Priv)) { $List[] = $Priv; }
265  }
266 
267  # return list of privileges to caller
268  return $List;
269  }
270 
283  function AddCondition($Field, $Value = NULL, $Operator = "==")
284  {
285  # get field ID
286  $FieldId = is_object($Field) ? $Field->Id() : $Field;
287 
288  # set up condition array
289  $Condition = array(
290  "FieldId" => intval($FieldId),
291  "Operator" => trim($Operator),
292  "Value" => $Value);
293 
294  # if condition is not already in set
295  if (!$this->IsInPrivilegeData($Condition))
296  {
297  # add condition to privilege set
298  $this->Privileges[] = $Condition;
299  }
300  }
301 
313  function RemoveCondition(MetadataField $Field, $Value = NULL, $Operator = "==")
314  {
315  # get field ID
316  $FieldId = is_object($Field) ? $Field->Id() : $Field;
317 
318  # set up condition array
319  $Condition = array(
320  "FieldId" => intval($FieldId),
321  "Operator" => trim($Operator),
322  "Value" => $Value);
323 
324  # if condition is in set
325  if ($this->IsInPrivilegeData($Condition))
326  {
327  # remove condition from privilege set
328  $Index = array_search($Condition, $this->Privileges);
329  unset($this->Privileges[$Index]);
330  }
331  }
332 
337  function AddSet(PrivilegeSet $Set)
338  {
339  # if subgroup is not already in set
340  if (!$this->IsInPrivilegeData($Set))
341  {
342  # add subgroup to privilege set
343  $this->Privileges[] = $Set;
344  }
345  }
346 
356  function AllRequired($NewValue = NULL)
357  {
358  if ($NewValue !== NULL)
359  {
360  $this->Logic = $NewValue ? "AND" : "OR";
361  }
362  return ($this->Logic == "AND") ? TRUE : FALSE;
363  }
364 
371  function AssociatedUserId($NewValue = NULL)
372  {
373  # if new associated user specified
374  if ($NewValue !== NULL)
375  {
376  # save ID of new associated user
377  $this->UserId = $NewValue;
378  }
379 
380  # return ID of currently associated user to caller
381  return $this->UserId;
382  }
383 
384 
385  # ---- PRIVATE INTERFACE -------------------------------------------------
386 
387  private $Privileges = array();
388  private $Logic = "OR";
389  private $UserId = NULL;
390 
397  private function MeetsCondition($Condition, Resource $Resource = NULL)
398  {
399  # if no resource was available to check against
400  if ($Resource === NULL)
401  {
402  # report to caller that we do not meet condition
403  return FALSE;
404  }
405  else
406  {
407  # pre-process condition parameters based on type of field
408  $Field = new MetadataField($Condition["FieldId"]);
409  $Operator = $Condition["Operator"];
410  $Value = $Condition["Value"];
411  $FieldValue = $Resource->Get($Field, TRUE);
412  switch ($Field->Type())
413  {
415  # if supplied value is NULL
416  if ($Value === NULL)
417  {
418  # if local associated user ID is available
419  if ($this->UserId !== NULL)
420  {
421  # use ID of associated user
422  $Value = $this->UserId;
423  }
424  # else if global user ID available
425  elseif ($GLOBALS["G_User"]->IsLoggedIn())
426  {
427  # use global user ID
428  $Value = $GLOBALS["G_User"]->Id();
429  }
430  else
431  {
432  # report to caller that condition was not met
433  return FALSE;
434  }
435  }
436 
437  # convert field value to user ID
438  $FieldValue = $FieldValue->Id();
439  break;
440 
443  # date field values are Date objects, so handle those
444  if ($FieldValue instanceof Date)
445  {
446  $FieldValue = strtotime($FieldValue->Formatted());
447  }
448 
449  # timestamp field values are just the date/time string
450  else
451  {
452  $FieldValue = strtotime($FieldValue);
453  }
454 
455  # use the current time for the value if it's NULL
456  if ($Value === NULL)
457  {
458  $Value = time();
459  }
460 
461  # otherwise, parse the value to get a numeric timestamp
462  else
463  {
464  $Value = strtotime($Value);
465  }
466  break;
467 
470  break;
471 
472  default:
473  throw new Exception("Unsupported metadata field type ("
474  .print_r($Field->Type(), TRUE)
475  .") for condition in privilege set.");
476  break;
477  }
478 
479  # compare field value and supplied value using specified operator
480  switch ($Operator)
481  {
482  case "==":
483  $Result = ($FieldValue == $Value);
484  break;
485 
486  case "!=":
487  $Result = ($FieldValue != $Value);
488  break;
489 
490  case "<":
491  $Result = ($FieldValue < $Value);
492  break;
493 
494  case ">":
495  $Result = ($FieldValue > $Value);
496  break;
497 
498  case "<=":
499  $Result = ($FieldValue <= $Value);
500  break;
501 
502  case ">=":
503  $Result = ($FieldValue >= $Value);
504  break;
505 
506  default:
507  throw new Exception("Unsupported condition operator ("
508  .print_r($Operator, TRUE).") in privilege set.");
509  break;
510  }
511 
512  # report to caller whether condition was met
513  return $Result ? TRUE : FALSE;
514  }
515  }
516 
525  private function IsInPrivilegeData($Item)
526  {
527  # step through privilege data
528  foreach ($this->Privileges as $Priv)
529  {
530  # report to caller if item is found
531  if (is_object($Item))
532  {
533  if (is_object($Priv) && ($Item == $Priv)) { return TRUE; }
534  }
535  elseif (is_array($Item))
536  {
537  if (is_array($Priv) && ($Item == $Priv)) { return TRUE; }
538  }
539  elseif ($Item == $Priv) { return TRUE; }
540  }
541 
542  # report to caller that item is not in privilege data
543  return FALSE;
544  }
545 }
AssociatedUserId($NewValue=NULL)
Get/set ID of user associated with privilege set.
AddSet(PrivilegeSet $Set)
Add subgroup of privileges/conditions to set.
Set of privileges used to access resource information or other parts of the system.
IsLessThan(PrivilegeSet $Set, Resource $Resource=NULL)
Check whether a privilege set is less than another privilege set.
PHP
Definition: OAIClient.php:39
__construct($Data=NULL)
Class constructor, used to create a new set or reload an existing set from previously-constructed dat...
IncludesPrivilege($Privilege)
Check whether this privilege set includes the specified privilege.
IsGreaterThan(PrivilegeSet $Set, Resource $Resource=NULL)
Check whether a privilege set is greater than or equal to another privilege set.
GetPrivilegeInfo()
Get privilege information as an array, with numerical indexes except for the logic, which is contained in a element with the index &quot;Logic&quot;.
GetPrivilegeList()
Get list of privileges.
Object representing a locally-defined type of metadata field.
Data($NewValue=NULL)
Get/set privilege set data, in the form of an opaque string.
Represents a &quot;resource&quot; in CWIS.
Definition: Resource.php:13
Id()
Get metadata field ID.
AddPrivilege($Privilege)
Add specified privilege to set.
AddCondition($Field, $Value=NULL, $Operator="==")
Add condition to privilege set.
RemovePrivilege($Privilege)
Remove specified privilege from set.
AllRequired($NewValue=NULL)
Get/set whether all privileges/conditions in set are required (i.e.
RemoveCondition(MetadataField $Field, $Value=NULL, $Operator="==")
Remove condition from privilege set.