| static public getForUser ( $user_ID, $only_dynamic = false ) : array | ||
| $user_ID | user ID | |
| $only_dynamic | get only recursive rights (false by default) | |
| return | array | of entities ID |
static function getForUser($user_ID, $only_dynamic = false)
{
global $DB;
$condition = "`users_id` = '{$user_ID}'";
if ($only_dynamic) {
$condition .= " AND `is_dynamic` = 1";
}
return getAllDatasFromTable('glpi_profiles_users', $condition);
} /**
* Apply rules to determine dynamic rights of the user
*
* @return boolean : true if we play the Rule Engine
**/
function applyRightRules()
{
global $DB;
$return = false;
if ((isset($this->fields['_ruleright_process']) || isset($this->input['_ruleright_process'])) && isset($this->fields["authtype"]) && ($this->fields["authtype"] == Auth::LDAP || $this->fields["authtype"] == Auth::MAIL || Auth::isAlternateAuth($this->fields["authtype"]))) {
$dynamic_profiles = Profile_User::getForUser($this->fields["id"], true);
if (isset($this->fields["id"]) && $this->fields["id"] > 0 && isset($this->input["_ldap_rules"]) && count($this->input["_ldap_rules"])) {
//and add/update/delete only if it's necessary !
if (isset($this->input["_ldap_rules"]["rules_entities_rights"])) {
$entities_rules = $this->input["_ldap_rules"]["rules_entities_rights"];
} else {
$entities_rules = array();
}
if (isset($this->input["_ldap_rules"]["rules_entities"])) {
$entities = $this->input["_ldap_rules"]["rules_entities"];
} else {
$entities = array();
}
if (isset($this->input["_ldap_rules"]["rules_rights"])) {
$rights = $this->input["_ldap_rules"]["rules_rights"];
} else {
$rights = array();
}
$retrieved_dynamic_profiles = array();
//For each affectation -> write it in DB
foreach ($entities_rules as $entity) {
//Multiple entities assignation
if (is_array($entity[0])) {
foreach ($entity[0] as $tmp => $ent) {
$affectation['entities_id'] = $ent;
$affectation['profiles_id'] = $entity[1];
$affectation['is_recursive'] = $entity[2];
$affectation['users_id'] = $this->fields['id'];
$affectation['is_dynamic'] = 1;
$retrieved_dynamic_profiles[] = $affectation;
}
} else {
$affectation['entities_id'] = $entity[0];
$affectation['profiles_id'] = $entity[1];
$affectation['is_recursive'] = $entity[2];
$affectation['users_id'] = $this->fields['id'];
$affectation['is_dynamic'] = 1;
$retrieved_dynamic_profiles[] = $affectation;
}
}
if (count($entities) > 0 && count($rights) == 0) {
if ($def_prof = Profile::getDefault()) {
$rights[] = $def_prof;
}
}
if (count($rights) > 0 && count($entities) > 0) {
foreach ($rights as $right) {
foreach ($entities as $entity) {
$affectation['entities_id'] = $entity[0];
$affectation['profiles_id'] = $right;
$affectation['users_id'] = $this->fields['id'];
$affectation['is_recursive'] = $entity[1];
$affectation['is_dynamic'] = 1;
$retrieved_dynamic_profiles[] = $affectation;
}
}
}
// Compare retrived profiles to existing ones : clean arrays to do purge and add
if (count($retrieved_dynamic_profiles)) {
foreach ($retrieved_dynamic_profiles as $keyretr => $retr_profile) {
$found = false;
foreach ($dynamic_profiles as $keydb => $db_profile) {
// Found existing profile : unset values in array
if (!$found && $db_profile['entities_id'] == $retr_profile['entities_id'] && $db_profile['profiles_id'] == $retr_profile['profiles_id'] && $db_profile['is_recursive'] == $retr_profile['is_recursive']) {
unset($retrieved_dynamic_profiles[$keyretr]);
unset($dynamic_profiles[$keydb]);
}
}
}
}
// Add new dynamic profiles
if (count($retrieved_dynamic_profiles)) {
$right = new Profile_User();
foreach ($retrieved_dynamic_profiles as $keyretr => $retr_profile) {
$right->add($retr_profile);
}
}
//Unset all the temporary tables
unset($this->input["_ldap_rules"]);
$return = true;
}
// Delete old dynamic profiles
if (count($dynamic_profiles)) {
$right = new Profile_User();
foreach ($dynamic_profiles as $keydb => $db_profile) {
$right->delete($db_profile);
}
}
}
return $return;
}
