CWIS Developer Documentation
Public Member Functions | Static Public Member Functions | Public Attributes | List of all members
PrivilegeSet Class Reference

Set of privileges used to access resource information or other parts of the system. More...

Public Member Functions

 __construct ($Data=NULL)
 Class constructor, used to create a new set or reload an existing set from previously-constructed data. More...
 
 Data ($NewValue=NULL)
 Get/set privilege set data, in the form of an opaque string. More...
 
 MeetsRequirements (CWUser $User, $Resource=self::NO_RESOURCE)
 Determine if a given user meets the requirements specified by this PrivilegeSet. More...
 
 AddPrivilege ($Privileges)
 Add specified privilege to set. More...
 
 RemovePrivilege ($Privilege)
 Remove specified privilege from set. More...
 
 IncludesPrivilege ($Privilege)
 Check whether this privilege set includes the specified privilege. More...
 
 GetPrivilegeInfo ()
 Get privilege information as an array, with numerical indexes except for the logic, which is contained in a element with the index "Logic". More...
 
 GetPrivilegeList ()
 Get list of privileges. More...
 
 AddCondition ($Field, $Value=NULL, $Operator="==")
 Add condition to privilege set. More...
 
 RemoveCondition ($Field, $Value=NULL, $Operator="==", $IncludeSubsets=FALSE)
 Remove condition from privilege set. More...
 
 AddSet (PrivilegeSet $Set)
 Add subgroup of privileges/conditions to set. More...
 
 AllRequired ($NewValue=NULL)
 Get/set whether all privileges/conditions in set are required (i.e. More...
 
 PrivilegeFlagsChecked ()
 List which privilege flags (e.g. More...
 
 FieldsWithUserComparisons ($ComparisonType=NULL)
 List which fields in this privset are involved in UserIs or UserIsNot comparisons for this privilege set. More...
 
 ComparisonCount ()
 Get number of privilege comparisons in set, including those in subgroups. More...
 
 GetPossibleNecessaryPrivileges ()
 Get all privileges that could be necessary to fulfill privilege set requirements. More...
 
 ChecksField ($FieldId)
 Determine if a PrivilegeSet checks values from a specified field. More...
 

Static Public Member Functions

static ClearCaches ()
 Clear internal caches. More...
 

Public Attributes

const NO_RESOURCE = "XXX NO RESOURCE XXX"
 

Detailed Description

Set of privileges used to access resource information or other parts of the system.

A privilege set is a combination of privileges (integers), MetadataFields (to check against a specified value), and privilege/MetadataField combinations.

Definition at line 16 of file PrivilegeSet.php.

Constructor & Destructor Documentation

PrivilegeSet::__construct (   $Data = NULL)

Class constructor, used to create a new set or reload an existing set from previously-constructed data.

Parameters
mixed$DataExisting privilege set data, previously retrieved with PrivilegeSet::Data(), array of privilege values, or a single privilege value. (OPTIONAL)
Exceptions
InvalidArgumentExceptionIf data passed in was invalid.
See also
PrivilegeSet::Data()

Definition at line 27 of file PrivilegeSet.php.

Member Function Documentation

PrivilegeSet::AddCondition (   $Field,
  $Value = NULL,
  $Operator = "==" 
)

Add condition to privilege set.

If the condition is already present in the set, no action is taken.

Parameters
mixed$FieldMetadata field object or ID to test against.
mixed$ValueValue to test against. User fields expect a UserId or expect NULL to test against the current user. Option fields expect a ControlledNameId. Date and Timestamp fields expect either a UNIX timestamp or expect NULL to test against the current time.
string$OperatorString containing operator to used for condition. (Standard PHP operators are used.) (OPTIONAL, defaults to "==")
Returns
bool TRUE if condition was added, otherwise FALSE.
Exceptions
InvalidArgumentExceptionIf invalid field provided.

Definition at line 254 of file PrivilegeSet.php.

References MetadataSchema\GetCanonicalFieldIdentifier().

PrivilegeSet::AddPrivilege (   $Privileges)

Add specified privilege to set.

If specified privilege is already part of the set, no action is taken.

Parameters
mixed$PrivilegesPrivilege ID or object (or array of IDs or objects).
See also
PrivilegeSet::RemovePrivilege()

Definition at line 153 of file PrivilegeSet.php.

References IncludesPrivilege().

PrivilegeSet::AddSet ( PrivilegeSet  $Set)

Add subgroup of privileges/conditions to set.

Parameters
PrivilegeSet$SetSubgroup to add.

Definition at line 331 of file PrivilegeSet.php.

PrivilegeSet::AllRequired (   $NewValue = NULL)

Get/set whether all privileges/conditions in set are required (i.e.

"AND" logic), or only one privilege/condition needs to be met ("OR"). By default only one of the specified privilegs/conditions in a set is required.

Parameters
bool$NewValueSpecify TRUE if all privileges are required, otherwise FALSE if only one privilege required. (OPTIONAL)
Returns
bool TRUE if all privileges required, otherwise FALSE.

Definition at line 350 of file PrivilegeSet.php.

PrivilegeSet::ChecksField (   $FieldId)

Determine if a PrivilegeSet checks values from a specified field.

Parameters
int$FieldIdFieldId to check.
Returns
bool TRUE if the given field is checked.

Definition at line 501 of file PrivilegeSet.php.

References ChecksField().

Referenced by ChecksField().

Here is the caller graph for this function:

static PrivilegeSet::ClearCaches ( )
static

Clear internal caches.

This is primarily intended for situations where memory may have run low.

Definition at line 528 of file PrivilegeSet.php.

PrivilegeSet::ComparisonCount ( )

Get number of privilege comparisons in set, including those in subgroups.

Returns
int Comparison count.

Definition at line 428 of file PrivilegeSet.php.

PrivilegeSet::Data (   $NewValue = NULL)

Get/set privilege set data, in the form of an opaque string.

This method can be used to retrieve an opaque string containing privilege set data, which can then be saved (e.g. to a database) and later used to reload a privilege set. (Use instead of serialize() to avoid future issues with internal class changes.)

Parameters
string$NewValueNew privilege set data. (OPTIONAL)
Returns
string Current privilege set data (opaque value).
Exceptions
InvalidArgumentExceptionIf data passed in was invalid.

Definition at line 62 of file PrivilegeSet.php.

PrivilegeSet::FieldsWithUserComparisons (   $ComparisonType = NULL)

List which fields in this privset are involved in UserIs or UserIsNot comparisons for this privilege set.

Parameters
string$ComparisonTypeComparison Type ("==" or "!="). (OPTIONAL, defaults to both comparisons)
Returns
Array of FieldIds that have a User comparison.

Definition at line 391 of file PrivilegeSet.php.

References MetadataSchema\FieldExistsInAnySchema(), GetPrivilegeInfo(), and MetadataSchema\MDFTYPE_USER.

PrivilegeSet::GetPossibleNecessaryPrivileges ( )

Get all privileges that could be necessary to fulfill privilege set requirements.

Not all of the privileges may be necessary, but a user must have at least one of the listed privileges to qualify. If there is no set of privileges where at least one is definitely required, an empty array is returned.

Returns
array Privilege IDs.

Definition at line 446 of file PrivilegeSet.php.

PrivilegeSet::GetPrivilegeInfo ( )

Get privilege information as an array, with numerical indexes except for the logic, which is contained in a element with the index "Logic".

Values are either an associative array with three elements, "FieldId", "Operator", and "Value", or a PrivilegeSet object (for subsets).

Returns
array Array with privilege information.

Definition at line 210 of file PrivilegeSet.php.

Referenced by PrivilegeEditingUI\DisplaySet(), FieldsWithUserComparisons(), and PrivilegeFlagsChecked().

Here is the caller graph for this function:

PrivilegeSet::GetPrivilegeList ( )

Get list of privileges.

(Intended primarily for supporting legacy privilege operations – list contains privilege IDs only, and does not include conditions.)

Returns
array Array of privilege IDs.

Definition at line 226 of file PrivilegeSet.php.

PrivilegeSet::IncludesPrivilege (   $Privilege)

Check whether this privilege set includes the specified privilege.

Parameters
mixed$PrivilegePrivilege ID or object to check.
Returns
bool TRUE if privilege is included, otherwise FALSE.

Definition at line 195 of file PrivilegeSet.php.

Referenced by AddPrivilege(), and RemovePrivilege().

Here is the caller graph for this function:

PrivilegeSet::MeetsRequirements ( CWUser  $User,
  $Resource = self::NO_RESOURCE 
)

Determine if a given user meets the requirements specified by this PrivilegeSet.

Typically used to determine if a user should be allowed access to a particular piece of data.

Parameters
object$UserCWUser object to use in comparisons.
object$ResourceResource object to used for comparison, for sets that include user conditions. (OPTIONAL)
Returns
bool TRUE if privileges in set are greater than or equal to privileges in specified set, otherwise FALSE.

Definition at line 96 of file PrivilegeSet.php.

References CWUser\HasPriv().

Referenced by PrivilegeSetCompatibilityShim\IsGreaterThan().

Here is the caller graph for this function:

PrivilegeSet::PrivilegeFlagsChecked ( )

List which privilege flags (e.g.

PRIV_MYRESOURCEADMIN) are examined by this privset.

Returns
Array of privilege flags checked.

Definition at line 364 of file PrivilegeSet.php.

References GetPrivilegeInfo().

PrivilegeSet::RemoveCondition (   $Field,
  $Value = NULL,
  $Operator = "==",
  $IncludeSubsets = FALSE 
)

Remove condition from privilege set.

If condition was not present in privilege set, no action is taken.

Parameters
mixed$FieldMetadata field object or ID to test against.
mixed$ValueValue to test against. (Specify NULL for User fields to test against current user.)
string$OperatorString containing operator to used for condition. (Standard PHP operators are used.) (OPTIONAL, defaults to "==")
bool$IncludeSubsetsTRUE to remove the condition from any subsets in which it appears as well (OPTIONAL, default FALSE).
Returns
bool TRUE if condition was removed, otherwise FALSE.

Definition at line 288 of file PrivilegeSet.php.

PrivilegeSet::RemovePrivilege (   $Privilege)

Remove specified privilege from set.

If specified privilege is not currently in the set, no action is taken.

Parameters
mixed$PrivilegePrivilege ID or object to remove from set.
See also
PrivilegeSet::AddPrivilege()

Definition at line 179 of file PrivilegeSet.php.

References IncludesPrivilege().

Member Data Documentation

const PrivilegeSet::NO_RESOURCE = "XXX NO RESOURCE XXX"

Definition at line 543 of file PrivilegeSet.php.


The documentation for this class was generated from the following file: