* @package WB * @subpackage vfs */ WBClass::load('WBVFS_AccessControlRule' , 'WBUser' , 'WBDatasource_Table' ); /** * Virtual File System: Access Control Rule: Deny * * @version 0.1.0 * @package WB * @subpackage vfs */ class WBVFS_AccessControlRule_UserGroup extends WBVFS_AccessControlRule { /** * 2nc Constructor * * Called after configuration was set */ protected function init() { if (!is_array($this->config['dir'])) { $this->config['dir'] = array(); } if (empty($this->config['dir'])) { return; } /** @var WBDatasource_Table */ $table = WBClass::create('WBDatasource_Table'); $clause = array(); $clause[] = array( 'field' => 'path', 'relation' => 'begins', 'value' => '' ); $clause[] = array( 'field' => 'uid', 'value' => '' ); foreach ($this->config['dir'] as &$dir) { $data = $table->get('vfsdir', $dir['dir']); if (1 != count($data)) { continue; } $data = $data[0]; $clause[0]['value'] = $data['path']; $clause[1]['value'] = $data['uid']; $dir['list'] = $table->getIds('vfsdir', null, $clause); } } /** * Check Permissions 4 Request * * @param WBRequest * @return bool */ public function isRequestGranted($req) { if (empty($this->config['dir'])) { $this->log->debug($this->getLogMsg($this::GRANT_ALLOW, 'Empty config')); return true; } $did = $this->file->getDirId(); /** @var WBUser_Auth */ $user = WBUser::getCurrent(); foreach ($this->config['dir'] as $dir) { if (!in_array($did, $dir['list'])) { continue; } if ($user->isInGroup($dir['group'])) { $this->log->debug($this->getLogMsg($this::GRANT_ALLOW, sprintf('Dir %s - current user %s in group %s', $did, $user->getId(), $dir['group']))); return true; } else { $this->log->debug($this->getLogMsg($this::GRANT_DENY, sprintf('Dir %s - current user %s NOT in group %s', $did, $user->getId(), $dir['group']))); return false; } } $this->log->debug($this->getLogMsg($this::GRANT_ALLOW, 'Fallback')); return true; } }