public static function getUserTeamOwnershipSql($userId, $farmId = null)
{
$farm = new Farm();
$farmTeam = new FarmTeam();
$accountTeamUser = new Account\TeamUser();
$accountTeamEnv = new Account\TeamEnvs();
$sql = "EXISTS(" . "SELECT 1 FROM {$farmTeam->table()}" . "JOIN {$accountTeamUser->table()} ON {$accountTeamUser->columnTeamId} = {$farmTeam->columnTeamId} " . "JOIN {$accountTeamEnv->table()} ON {$accountTeamEnv->columnTeamId} = {$farmTeam->columnTeamId} " . ($farmId ? "JOIN {$farm->table('f')} ON {$farmTeam->columnFarmId} = {$farm->columnId('f')}" : "") . "WHERE {$accountTeamEnv->columnEnvId()} = {$farm->columnEnvId('f')} " . "AND " . ($farmId ? "{$farm->columnId('f')} = " . $farm->db()->qstr($farmId) : "{$farm->columnId('f')} = {$farmTeam->columnFarmId}") . " " . "AND {$accountTeamUser->columnUserId} = " . $farm->db()->qstr($userId) . ")";
return $sql;
} /**
* Generate conditions for sql query to limit access by only allowable farms.
* Table `farms` should have alias `f`.
*
* @param string $permissionId optional
* @return string
*/
public function getFarmSqlQuery($permissionId = null)
{
if (!$this->isAllowed(Acl::RESOURCE_FARMS, $permissionId)) {
$q = [];
if ($this->isAllowed(Acl::RESOURCE_TEAM_FARMS, $permissionId)) {
$q[] = Farm::getUserTeamOwnershipSql($this->user->id);
}
if ($this->isAllowed(Acl::RESOURCE_OWN_FARMS, $permissionId)) {
$q[] = "f.created_by_id = '{$this->user->getId()}'";
}
if (count($q)) {
$sql = '(' . join(' OR ', $q) . ')';
} else {
$sql = '0';
// no permissions
}
} else {
$sql = '1';
// all farms in env
}
return $sql;
}
