public function getRules($objectKey, $mode = 1, $targetType = ACL::TARGET_TYPE_USER, $targetId = null)
{
$objectKey = Objects::normalizeObjectKey($objectKey);
//normalize input. default is user
$targetType = ACL::TARGET_TYPE_GROUP === $targetType ? ACL::TARGET_TYPE_GROUP : ACL::TARGET_TYPE_USER;
$user = null;
if ($targetType === ACL::TARGET_TYPE_USER) {
if (!$targetId) {
$user = $this->pageStack->getUser();
} else {
$user = UserQuery::create()->findPk($targetId);
}
}
if (ACL::TARGET_TYPE_USER === $targetType) {
if ($user) {
$targetId = $user->getId();
$inGroups = $user->getGroupIdsArray();
} else {
//no user found, so we check against guest
$targetId = 0;
$inGroups = [0];
}
} else {
$inGroups = [(string) $targetId];
}
$cacheKey = '';
if ($this->getCaching()) {
$cacheKey = md5($targetType . '.' . $targetId . '.' . implode(',', $inGroups) . '.' . $objectKey . '.' . $mode);
$cached = $this->cacher->getDistributedCache('core/acl/rules/' . $cacheKey);
if (null !== $cached) {
return $cached;
}
}
$mode += 0;
$data = array($objectKey, $mode);
$targets = array();
//group is always checked. If no user found, $inGroups is 0, which means it checks against Guest group.
$targets[] = "( target_type = 1 AND target_id IN (?))";
$data[] = implode(', ', $inGroups);
if (ACL::TARGET_TYPE_USER === $targetType) {
//if user type, we include additionally all user rules
$targets[] = "( target_type = 0 AND target_id = ?)";
if ($user) {
$data[] = $user->getId();
} else {
//no user found, so we check against guest
$data[] = 0;
}
}
//now it gets dirty. A bit more complicated query, so we do it directly with PDO.
$con = Propel::getReadConnection('default');
$targets = implode(' OR ', $targets);
$query = "\n SELECT constraint_type, constraint_code, mode, access, sub, fields\n FROM system_acl\n WHERE\n object = ? AND\n (mode = ? OR mode = 0) AND\n (\n {$targets}\n )\n ORDER BY prio DESC\n ";
$stmt = $con->prepare($query);
$stmt->execute($data);
$rules = array();
while ($rule = $stmt->fetch(\PDO::FETCH_ASSOC)) {
$rule['mode'] = (int) $rule['mode'];
$rule['access'] = (int) $rule['access'];
$rule['sub'] = (bool) $rule['sub'];
$rule['constraint_type'] = (int) $rule['constraint_type'];
if ($rule['fields'] && substr($rule['fields'], 0, 1) === '{') {
$rule['fields'] = json_decode($rule['fields'], true);
}
if ($rule['constraint_type'] === ACL::CONSTRAINT_CONDITION && substr($rule['constraint_code'], 0, 1) === '[') {
$rule['constraint_code'] = json_decode($rule['constraint_code'], true);
}
$rules[] = $rule;
}
if ($this->getCaching()) {
$this->cacher->setDistributedCache('core/acl/rules/' . $cacheKey, $rules);
return $rules;
} else {
return $rules;
}
}
