CWIS Developer Documentation
Public Member Functions | Public Attributes | List of all members
PrivilegeSet Class Reference

Set of privileges used to access resource information or other parts of the system. More...

Public Member Functions

 __construct ($Data=NULL)
 Class constructor, used to create a new set or reload an existing set from previously-constructed data. More...
 
 Data ($NewValue=NULL)
 Get/set privilege set data, in the form of an opaque string. More...
 
 MeetsRequirements (CWUser $User, $Resource=self::NO_RESOURCE)
 Determine if a given user meets the requirements specified by this PrivilegeSet. More...
 
 AddPrivilege ($Privileges)
 Add specified privilege to set. More...
 
 RemovePrivilege ($Privilege)
 Remove specified privilege from set. More...
 
 IncludesPrivilege ($Privilege)
 Check whether this privilege set includes the specified privilege. More...
 
 GetPrivilegeInfo ()
 Get privilege information as an array, with numerical indexes except for the logic, which is contained in a element with the index "Logic". More...
 
 GetPrivilegeList ()
 Get list of privileges. More...
 
 AddCondition ($Field, $Value=NULL, $Operator="==")
 Add condition to privilege set. More...
 
 RemoveCondition ($Field, $Value=NULL, $Operator="==")
 Remove condition from privilege set. More...
 
 AddSet (PrivilegeSet $Set)
 Add subgroup of privileges/conditions to set. More...
 
 AllRequired ($NewValue=NULL)
 Get/set whether all privileges/conditions in set are required (i.e. More...
 
 PrivilegeFlagsChecked ()
 List which privilege flags (e.g. More...
 
 FieldsWithUserComparisons ($ComparisonType)
 List which fields in this privset are involved in UserIs or UserIsNot comparisons for this privilege set. More...
 

Public Attributes

const HAVE_RESOURCE = -1
 
const NO_RESOURCE = "XXX NO RESOURCE XXX"
 

Detailed Description

Set of privileges used to access resource information or other parts of the system.

A privilege set is a combination of privileges (integers), MetadataFields (to check against a specified value), and privilege/MetadataField combinations.

Definition at line 16 of file PrivilegeSet.php.

Constructor & Destructor Documentation

PrivilegeSet::__construct (   $Data = NULL)

Class constructor, used to create a new set or reload an existing set from previously-constructed data.

Parameters
string$DataExisting privilege set data, previously retrieved with PrivilegeSet::Data(). (OPTIONAL)
See also
PrivilegeSet::Data()

Definition at line 29 of file PrivilegeSet.php.

Member Function Documentation

PrivilegeSet::AddCondition (   $Field,
  $Value = NULL,
  $Operator = "==" 
)

Add condition to privilege set.

If the condition is already present in the set, no action is taken. The $Field argument may also be PrivilegeSet::HAVE_RESOURCE to test against whether a resource is available for the privilege set check.

Parameters
mixed$FieldMetadata field object or ID to test against.
mixed$ValueValue to test against. (Specify NULL for User fields to test against current user and for Date/Timestamp fields to test against the current date and time.)
string$OperatorString containing operator to used for condition. (Standard PHP operators are used.) (OPTIONAL, defaults to "==")
Returns
bool TRUE if condition was added, otherwise FALSE.

Definition at line 248 of file PrivilegeSet.php.

PrivilegeSet::AddPrivilege (   $Privileges)

Add specified privilege to set.

If specified privilege is already part of the set, no action is taken.

Parameters
mixed$PrivilegesPrivilege ID or object (or array of IDs or objects).
See also
PrivilegeSet::RemovePrivilege()

Definition at line 148 of file PrivilegeSet.php.

References IncludesPrivilege().

PrivilegeSet::AddSet ( PrivilegeSet  $Set)

Add subgroup of privileges/conditions to set.

Parameters
PrivilegeSet$SetSubgroup to add.

Definition at line 302 of file PrivilegeSet.php.

PrivilegeSet::AllRequired (   $NewValue = NULL)

Get/set whether all privileges/conditions in set are required (i.e.

"AND" logic), or only one privilege/condition needs to be met ("OR"). By default only one of the specified privilegs/conditions in a set is required.

Parameters
bool$NewValueSpecify TRUE if all privileges are required, otherwise FALSE if only one privilege required. (OPTIONAL)
Returns
bool TRUE if all privileges required, otherwise FALSE.

Definition at line 321 of file PrivilegeSet.php.

PrivilegeSet::Data (   $NewValue = NULL)

Get/set privilege set data, in the form of an opaque string.

This method can be used to retrieve an opaque string containing privilege set data, which can then be saved (e.g. to a database) and later used to reload a privilege set. (Use instead of serialize() to avoid future issues with internal class changes.)

Parameters
string$NewValueNew privilege set data. (OPTIONAL)
Returns
string Current privilege set data (opaque value).

Definition at line 57 of file PrivilegeSet.php.

PrivilegeSet::FieldsWithUserComparisons (   $ComparisonType)

List which fields in this privset are involved in UserIs or UserIsNot comparisons for this privilege set.

Parameters
string$ComparisonTypeone of "==" or "!=".
Returns
Array of FieldIds that have a User comparison.

Definition at line 361 of file PrivilegeSet.php.

References GetPrivilegeInfo(), and MetadataSchema\MDFTYPE_USER.

PrivilegeSet::GetPrivilegeInfo ( )

Get privilege information as an array, with numerical indexes except for the logic, which is contained in a element with the index "Logic".

Values are either an associative array with three elements, "FieldId", "Operator", and "Value", or a PrivilegeSet object (for subsets).

Returns
array Array with privilege information.

Definition at line 205 of file PrivilegeSet.php.

Referenced by FieldsWithUserComparisons(), and PrivilegeFlagsChecked().

Here is the caller graph for this function:

PrivilegeSet::GetPrivilegeList ( )

Get list of privileges.

(Intended primarily for supporting legacy privilege operations – list contains privilege IDs only, and does not include conditions.)

Returns
array Array of privilege IDs.

Definition at line 221 of file PrivilegeSet.php.

PrivilegeSet::IncludesPrivilege (   $Privilege)

Check whether this privilege set includes the specified privilege.

Parameters
mixed$PrivilegePrivilege ID or object to check.
Returns
bool TRUE if privilege is included, otherwise FALSE.

Definition at line 190 of file PrivilegeSet.php.

Referenced by AddPrivilege(), and RemovePrivilege().

Here is the caller graph for this function:

PrivilegeSet::MeetsRequirements ( CWUser  $User,
  $Resource = self::NO_RESOURCE 
)

Determine if a given user meets the requirements specified by this PrivilegeSet.

Typically used to determine if a user should be allowed access to a particular piece of data.

Parameters
object$UserCWUser object to use in comparisons.
object$ResourceResource object to used for comparison, for sets that include user conditions. (OPTIONAL)
Returns
bool TRUE if privileges in set are greater than or equal to privileges in specified set, otherwise FALSE.

Definition at line 91 of file PrivilegeSet.php.

References CWUser\HasPriv().

Referenced by PrivilegeSetCompatibilityShim\IsGreaterThan().

Here is the caller graph for this function:

PrivilegeSet::PrivilegeFlagsChecked ( )

List which privilege flags (e.g.

PRIV_MYRESOURCEADMIN) are examined by this privset.

Returns
Array of privilege flags checked.

Definition at line 335 of file PrivilegeSet.php.

References GetPrivilegeInfo().

PrivilegeSet::RemoveCondition (   $Field,
  $Value = NULL,
  $Operator = "==" 
)

Remove condition from privilege set.

If condition was not present in privilege set, no action is taken.

Parameters
mixed$FieldMetadata field object or ID to test against.
mixed$ValueValue to test against. (Specify NULL for User fields to test against current user.)
string$OperatorString containing operator to used for condition. (Standard PHP operators are used.) (OPTIONAL, defaults to "==")
Returns
bool TRUE if condition was removed, otherwise FALSE.

Definition at line 278 of file PrivilegeSet.php.

PrivilegeSet::RemovePrivilege (   $Privilege)

Remove specified privilege from set.

If specified privilege is not currently in the set, no action is taken.

Parameters
mixed$PrivilegePrivilege ID or object to remove from set.
See also
PrivilegeSet::AddPrivilege()

Definition at line 174 of file PrivilegeSet.php.

References IncludesPrivilege().

Member Data Documentation

const PrivilegeSet::HAVE_RESOURCE = -1

Definition at line 20 of file PrivilegeSet.php.

const PrivilegeSet::NO_RESOURCE = "XXX NO RESOURCE XXX"

Definition at line 398 of file PrivilegeSet.php.


The documentation for this class was generated from the following file: