public function getUserRoles($user)
{
$ret = new \Scalr\Acl\Role\AccountRoleSuperposition([]);
if ($user instanceof \Scalr_Account_User) {
$userId = $user->getId();
$ret->setUser($user);
} else {
$userId = $user;
$ret->setUser($userId);
$user = Entity\Account\User::findPk($userId);
}
//The teams in which user has ACL role
$teamsUserHasAcl = array();
//Selects User's ACLs
$res = $this->db->Execute("\n SELECT atu.`team_id`, ar.*\n FROM `acl_account_roles` ar\n JOIN `account_team_user_acls` ua ON ua.`account_role_id` = ar.`account_role_id`\n JOIN `account_team_users` atu ON atu.`id` = ua.`account_team_user_id`\n JOIN `account_team_envs` te ON te.`team_id` = atu.`team_id`\n JOIN `account_teams` at ON at.id = atu.`team_id`\n WHERE atu.`user_id` = ? AND ar.`account_id` = ?\n GROUP BY at.`id`, ar.`account_role_id`\n ", [$userId, $user->getAccountId()]);
while ($rec = $res->FetchRow()) {
$teamsUserHasAcl[$rec['team_id']] = $rec['team_id'];
$role = $this->getAccountRoleByRow($rec);
$role->setTeamRole(false);
$ret[$role->getRoleId()] = $role;
}
//Selects Team's ACLs where user enters without defined ACL
$rs = $this->db->Execute("\n SELECT ar.*\n FROM `account_teams` at\n JOIN `account_team_users` tu ON at.`id` = tu.`team_id`\n JOIN `acl_account_roles` ar ON ar.`account_role_id` = at.`account_role_id` AND ar.`account_id` = at.`account_id`\n JOIN `account_team_envs` te ON te.`team_id` = tu.`team_id`\n WHERE tu.user_id = ? AND at.account_id = ?\n AND at.`account_role_id` IS NOT NULL\n " . (!empty($teamsUserHasAcl) ? "AND at.id NOT IN('" . join("','", array_values($teamsUserHasAcl)) . "')" : "") . "\n ", [$userId, $user->getAccountId()]);
while ($rec = $rs->FetchRow()) {
if (!isset($ret[$rec['account_role_id']])) {
$role = $this->getAccountRoleByRow($rec);
$role->setTeamRole(true);
$ret[$role->getRoleId()] = $role;
}
}
return $ret;
}