CWIS Developer Documentation
PrivilegeSet.php
Go to the documentation of this file.
1 <?PHP
2 #
3 # FILE: PrivilegeSet.php
4 #
5 # Part of the Collection Workflow Integration System (CWIS)
6 # Copyright 2013 Edward Almasy and Internet Scout Research Group
7 # http://scout.wisc.edu/cwis/
8 #
9 
17 {
27  public function __construct($Data = NULL)
28  {
29  # if privilege data supplied
30  if ($Data !== NULL)
31  {
32  # if data is an array of privileges
33  if (is_array($Data))
34  {
35  # set internal privilege set from array
36  $this->Privileges = $Data;
37  }
38  # else if data is a single privilege
39  elseif (is_numeric($Data))
40  {
41  # set internal privilege set from data
42  $this->Privileges = array($Data);
43  }
44  else
45  {
46  # set internal values from data
47  $this->LoadFromData($Data);
48  }
49  }
50  }
51 
62  public function Data($NewValue = NULL)
63  {
64  # if new data supplied
65  if ($NewValue !== NULL)
66  {
67  # unpack privilege data and load
68  $this->LoadFromData($NewValue);
69  }
70 
71  # serialize current data and return to caller
72  $Data = array();
73  if (count($this->Privileges))
74  {
75  foreach ($this->Privileges as $Priv)
76  {
77  $Data["Privileges"][] = is_object($Priv)
78  ? array("SUBSET" => $Priv->Data())
79  : $Priv;
80  }
81  }
82  $Data["Logic"] = $this->Logic;
83  return serialize($Data);
84  }
85 
96  public function MeetsRequirements(CWUser $User, $Resource = self::NO_RESOURCE)
97  {
98  # when there are no requirements, then every user meets them
99  $Satisfied = TRUE;
100 
101  # for each privilege requirement
102  foreach ($this->Privileges as $Priv)
103  {
104  # if privilege is actually a privilege subgroup
105  if (is_object($Priv))
106  {
107  # check if the subgroup is satisfied
108  $Satisfied = $Priv->MeetsRequirements($User, $Resource);
109  }
110  # else if privilege is actually a condition
111  elseif (is_array($Priv))
112  {
113  # check if condition is satisfied for the given resource
114  $Satisfied = $this->MeetsCondition($Priv, $Resource, $User);
115  }
116  # else privilege is actually a privilege
117  else
118  {
119  # check if user has the spcified privilege
120  $Satisfied = $User->HasPriv( $Priv );
121  }
122 
123  # for AND logic, we can bail as soon as the first
124  # condition is not met
125  if ($this->Logic == "AND")
126  {
127  if (!$Satisfied)
128  {
129  break;
130  }
131  }
132  # conversely, for OR logic, we can bail as soon as any
133  # condition is met
134  else
135  {
136  if ($Satisfied)
137  {
138  break;
139  }
140  }
141  }
142 
143  # report result of the test back to caller
144  return $Satisfied;
145  }
146 
156  public function FindUsersThatMeetRequirements($ResourceIds = array())
157  {
158  # if there are necessary privileges for this privilege set
159  $ReqPrivs = $this->GetPossibleNecessaryPrivileges();
160  $UFactory = new CWUserFactory();
161  if (count($ReqPrivs))
162  {
163  # start with only those users who have at least one of those privileges
164  $UserIds = array_keys($UFactory->GetUsersWithPrivileges($ReqPrivs));
165  }
166  else
167  {
168  # start with all users
169  $UserIds = $UFactory->GetUserIds();
170  }
171 
172  # for each user
173  $UsersThatMeetReqs = array();
174  foreach ($UserIds as $UserId)
175  {
176  # load user
177  $User = new CWUser($UserId);
178 
179  # if resources were specified
180  if (count($ResourceIds))
181  {
182  # for each resource
183  foreach ($ResourceIds as $ResourceId)
184  {
185  # if we're running low on memory, nuke the resource cache
186  if ($GLOBALS["AF"]->GetFreeMemory() /
187  $GLOBALS["AF"]->GetPhpMemoryLimit() < self::$LowMemoryThresh)
188  {
189  self::$ResourceCache = [];
190  }
191 
192  # load resource
193  if (!isset(self::$ResourceCache[$ResourceId]))
194  {
195  self::$ResourceCache[$ResourceId] = new Resource($ResourceId);
196  }
197 
198  # if user meets requirements for set
199  if ($this->MeetsRequirements(
200  $User, self::$ResourceCache[$ResourceId]))
201  {
202  # add user to list
203  $UsersThatMeetReqs[$UserId][] = $ResourceId;
204  }
205  }
206  }
207  else
208  {
209  # if user meets requirements for set
210  if ($this->MeetsRequirements($User))
211  {
212  # add user to list
213  $UsersThatMeetReqs[$UserId] = array();
214  }
215  }
216  }
217 
218  # return IDs for users that meet requirements to caller
219  return $UsersThatMeetReqs;
220  }
221 
228  public function AddPrivilege($Privileges)
229  {
230  # convert incoming value to array if needed
231  if (!is_array($Privileges))
232  {
233  $Privileges = array($Privileges);
234  }
235 
236  # for each privilege passed in
237  foreach ($Privileges as $Privilege)
238  {
239  # add privilege if not currently in set
240  if (!$this->IncludesPrivilege($Privilege))
241  {
242  if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
243  $this->Privileges[] = $Privilege;
244  }
245  }
246  }
247 
254  public function RemovePrivilege($Privilege)
255  {
256  # remove privilege if currently in set
257  if ($this->IncludesPrivilege($Privilege))
258  {
259  if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
260  $Index = array_search($Privilege, $this->Privileges);
261  unset($this->Privileges[$Index]);
262  }
263  }
264 
270  public function IncludesPrivilege($Privilege)
271  {
272  # check whether privilege is in our list and report to caller
273  if (is_object($Privilege)) { $Privilege = $Privilege->Id(); }
274  return $this->IsInPrivilegeData($Privilege) ? TRUE : FALSE;
275  }
276 
285  public function GetPrivilegeInfo()
286  {
287  # grab privilege information and add logic
288  $Info = $this->Privileges;
289  $Info["Logic"] = $this->Logic;
290 
291  # return privilege info array to caller
292  return $Info;
293  }
294 
301  public function GetPrivilegeList()
302  {
303  # create list of privileges with conditions stripped out
304  $List = array();
305  foreach ($this->Privileges as $Priv)
306  {
307  if (!is_array($Priv)) { $List[] = $Priv; }
308  }
309 
310  # return list of privileges to caller
311  return $List;
312  }
313 
330  public function AddCondition($Field, $Value = NULL, $Operator = "==")
331  {
332  # get field ID
333  $FieldId = is_object($Field) ? $Field->Id() : $Field;
334 
335  # make sure we were not passed an invalid field
336  if ($FieldId <= -1)
337  {
338  throw new InvalidArgumentException("Field with negative ID supplied.");
339  }
340 
341  # set up condition array
342  $Condition = array(
343  "FieldId" => intval($FieldId),
344  "Operator" => trim($Operator),
345  "Value" => $Value);
346 
347  # if condition is not already in set
348  if (!$this->IsInPrivilegeData($Condition))
349  {
350  # add condition to privilege set
351  $this->Privileges[] = $Condition;
352  return TRUE;
353  }
354  return FALSE;
355  }
356 
370  public function RemoveCondition(
371  $Field, $Value = NULL, $Operator = "==",
372  $IncludeSubsets = FALSE)
373  {
374  $Result = FALSE;
375 
376  # get field ID
377  $FieldId = is_object($Field) ? $Field->Id() : $Field;
378 
379  # set up condition array
380  $Condition = array(
381  "FieldId" => intval($FieldId),
382  "Operator" => trim($Operator),
383  "Value" => $Value);
384 
385  # if condition is in set
386  if ($this->IsInPrivilegeData($Condition))
387  {
388  # remove condition from privilege set
389  $Index = array_search($Condition, $this->Privileges);
390  unset($this->Privileges[$Index]);
391  $Result = TRUE;
392  }
393 
394  if ($IncludeSubsets)
395  {
396  foreach ($this->Privileges as $Priv)
397  {
398  if ($Priv instanceof PrivilegeSet)
399  {
400  $Result |= $Priv->RemoveCondition(
401  $FieldId, $Value, $Operator, TRUE);
402  }
403  }
404  }
405 
406  return $Result;
407  }
408 
413  public function AddSet(PrivilegeSet $Set)
414  {
415  # if subgroup is not already in set
416  if (!$this->IsInPrivilegeData($Set))
417  {
418  # add subgroup to privilege set
419  $this->Privileges[] = $Set;
420  }
421  }
422 
432  public function AllRequired($NewValue = NULL)
433  {
434  if ($NewValue !== NULL)
435  {
436  $this->Logic = $NewValue ? "AND" : "OR";
437  }
438  return ($this->Logic == "AND") ? TRUE : FALSE;
439  }
440 
446  public function PrivilegeFlagsChecked()
447  {
448  $Info = $this->GetPrivilegeInfo();
449  unset($Info["Logic"]);
450 
451  $Result = array();
452  foreach ($Info as $Item)
453  {
454  if (is_object($Item))
455  {
456  $Result = array_merge($Result, $Item->PrivilegeFlagsChecked() );
457  }
458  elseif (!is_array($Item))
459  {
460  $Result[]= $Item;
461  }
462  }
463  return array_unique($Result);
464  }
465 
473  public function FieldsWithUserComparisons($ComparisonType = NULL)
474  {
475  $Info = $this->GetPrivilegeInfo();
476  unset($Info["Logic"]);
477 
478  $Result = array();
479  foreach ($Info as $Item)
480  {
481  if (is_object($Item))
482  {
483  $Result = array_merge(
484  $Result,
485  $Item->FieldsWithUserComparisons($ComparisonType));
486  }
487  elseif (is_array($Item))
488  {
489  if ( (($Item["Operator"] == $ComparisonType)
490  || ($ComparisonType === NULL)) &&
491  MetadataSchema::FieldExistsInAnySchema($Item["FieldId"]))
492  {
493  $Field = new MetadataField($Item["FieldId"]);
494 
495  if ($Field->Type() == MetadataSchema::MDFTYPE_USER)
496  {
497  $Result[]= $Item["FieldId"];
498  }
499  }
500  }
501  }
502 
503  return array_unique($Result);
504  }
505 
510  public function ComparisonCount()
511  {
512  $Count = 0;
513  foreach ($this->Privileges as $Priv)
514  {
515  $Count += is_object($Priv) ? $Priv->ComparisonCount() : 1;
516  }
517  return $Count;
518  }
519 
529  {
530  # for each privilege requirement
531  $NecessaryPrivs = array();
532  foreach ($this->Privileges as $Priv)
533  {
534  # if requirement is comparison
535  if (is_array($Priv))
536  {
537  # if logic is OR
538  if ($this->Logic == "OR")
539  {
540  # bail out because no privileges are required
541  return array();
542  }
543  }
544  # else if requirement is subgroup
545  elseif (is_object($Priv))
546  {
547  # retrieve possible needed privileges from subgroup
548  $SubPrivs = $Priv->GetPossibleNecessaryPrivileges();
549 
550  # if no privileges were required by subgroup
551  if (!count($SubPrivs))
552  {
553  # if logic is OR
554  if ($this->Logic == "OR")
555  {
556  # bail out because no privileges are required
557  return array();
558  }
559  }
560  else
561  {
562  # add subgroup privileges to required list
563  $NecessaryPrivs = array_merge($NecessaryPrivs, $SubPrivs);
564  }
565  }
566  # else requirement is privilege
567  else
568  {
569  # add privilege to required list
570  $NecessaryPrivs[] = $Priv;
571  }
572  }
573 
574  # return possible needed privileges to caller
575  return $NecessaryPrivs;
576  }
577 
583  public function ChecksField($FieldId)
584  {
585  # iterate over all the privs in this privset
586  foreach ($this->Privileges as $Priv)
587  {
588  # if this priv is a field condition that references the
589  # provided FieldId, return true
590  if (is_array($Priv) && $Priv["FieldId"] == $FieldId)
591  {
592  return TRUE;
593  }
594  # otherwise, if this was a privset then call ourself recursively
595  elseif ($Priv instanceof PrivilegeSet &&
596  $Priv->ChecksField($FieldId))
597  {
598  return TRUE;
599  }
600  }
601 
602  # found no references to this field, return FALSE
603  return FALSE;
604  }
605 
610  public static function ClearCaches()
611  {
612  self::$MetadataFieldCache = array();
613  self::$ResourceCache = array();
614  self::$ValueCache = array();
615  }
616 
617  # ---- PRIVATE INTERFACE -------------------------------------------------
618 
619  private $RFactories = array();
620  private $Privileges = array();
621  private $Logic = "OR";
622 
623  private static $MetadataFieldCache;
624  private static $ResourceCache;
625  private static $ValueCache;
626 
627  private static $LowMemoryThresh = 0.25;
628 
629  const NO_RESOURCE = "XXX NO RESOURCE XXX";
630 
636  private function LoadFromData($Serialized)
637  {
638  # save calling context in case load causes out-of-memory crash
639  $GLOBALS["AF"]->RecordContextInCaseOfCrash();
640 
641  # unpack new data
642  $Data = unserialize($Serialized);
643  if ($Data === FALSE)
644  {
645  throw new InvalidArgumentException(
646  "Invalid serialized data supplied (\"".$Serialized."\").");
647  }
648 
649  # unpack privilege data (if available) and load
650  if (array_key_exists("Privileges", $Data))
651  {
652  $this->Privileges = array();
653  foreach ($Data["Privileges"] as $Priv)
654  {
655  if (is_array($Priv) && array_key_exists("SUBSET", $Priv))
656  {
657  $Subset = new PrivilegeSet();
658  $Subset->LoadFromData($Priv["SUBSET"]);
659  $this->Privileges[] = $Subset;
660  }
661  else
662  {
663  $this->Privileges[] = $Priv;
664  }
665  }
666  }
667 
668  # load logic if available
669  if (array_key_exists("Logic", $Data))
670  {
671  $this->Logic = $Data["Logic"];
672  }
673  }
674 
682  private function MeetsCondition($Condition, $Resource, $User)
683  {
684  # make sure metadata field is loaded
685  $MFieldId = $Condition["FieldId"];
686  if (!isset(self::$MetadataFieldCache[$MFieldId]))
687  {
688  self::$MetadataFieldCache[$MFieldId] =
689  !MetadataSchema::FieldExistsInAnySchema($Condition["FieldId"])
690  ? FALSE
691  : new MetadataField($MFieldId);
692  }
693 
694  # if the specified field does not exist
695  if (self::$MetadataFieldCache[$MFieldId] === FALSE)
696  {
697  # return a result that in effect ignores the condition
698  return ($this->Logic == "AND") ? TRUE : FALSE;
699  }
700 
701  # pull out provided field
702  $Field = self::$MetadataFieldCache[$MFieldId];
703  $Operator = $Condition["Operator"];
704  $Value = $Condition["Value"];
705 
706  # determine if the provided operator is valid for the provided field
707  if (!in_array($Operator, $this->ValidOperatorsForFieldType($Field->Type()) ))
708  {
709  throw new Exception("Operator ".$Operator." not supported for "
710  .$Field->TypeAsName()." fields");
711  }
712 
713  # if we don't have a specific resource to check, then we want
714  # to determine if this condition would be satisfied by any
715  # resource
716  if ($Resource == self::NO_RESOURCE)
717  {
718  $Count = $this->CountResourcesThatSatisfyCondition(
719  $User, $Field, $Operator, $Value);
720  return $Count > 0 ? TRUE : FALSE;
721  }
722  # else if resource is valid
723  elseif ($Resource instanceof Resource)
724  {
725  # if this field is from a different schema than our resource
726  # and also this field is not from the User schema, then there's
727  # no comparison for us to do
728  if ($Field->SchemaId() != $Resource->SchemaId() &&
729  $Field->SchemaId() != MetadataSchema::SCHEMAID_USER)
730  {
731  # return a result that in effect ignores the condition
732  return ($this->Logic == "AND") ? TRUE : FALSE;
733  }
734 
735  # normalize the incoming value for comparison
736  $Value = $this->NormalizeTargetValue($Field->Type(), $User, $Value);
737  $FieldValue = $this->GetNormalizedFieldValue($Field, $Resource, $User);
738 
739  # perform comparison, returning result
740  return $this->CompareNormalizedFieldValues($FieldValue, $Operator, $Value);
741  }
742  else
743  {
744  # error out because resource was illegal
745  throw new Exception("Invalid Resource passed in for privilege"
746  ." set comparison.");
747  }
748  }
749 
756  private function ValidOperatorsForFieldType($FieldType)
757  {
758  switch ($FieldType)
759  {
761  $ValidOps = ["=="];
762  break;
763 
767  $ValidOps = ["==", "!=", "<=", "<", ">=", ">"];
768  break;
769 
772  $ValidOps = ["==", "!="];
773  break;
774 
775  default:
776  $ValidOps = [];
777  break;
778  }
779 
780  return $ValidOps;
781  }
782 
791  private function NormalizeTargetValue($FieldType, $User, $Value)
792  {
793  switch ($FieldType)
794  {
797  # "Now" is encoded as NULL for timestamp and date comparisons
798  if ($Value === NULL)
799  {
800  $Value = time();
801  }
802  # otherwise, parse the value to get a numeric timestamp
803  else
804  {
805  $Value = strtotime($Value);
806  }
807  break;
808 
810  # "Current user" is encoded as NULL for user comparisons
811  if ($Value === NULL)
812  {
813  $Value = $User->Id();
814  }
815  break;
816 
817  default:
818  # no normalization needed for other field types
819  break;
820  }
821 
822  return $Value;
823  }
824 
839  private function GetNormalizedFieldValue($Field, $Resource, $User)
840  {
841  # if we have a cached normalized value for this field,
842  # use that for comparisons
843  $CacheKey = $Resource->Id()."_".$Field->Id();
844  if (!isset(self::$ValueCache[$CacheKey]))
845  {
846  # if the given field comes from the User schema and our
847  # resource does not, evaluate this comparison against the
848  # provided $User rather than the provided $Resource
849  # (this allows conditions like User: Zip Code = XXX to
850  # work as expected rather than being skipped)
851  if ($Field->SchemaId() != $Resource->SchemaId() &&
852  $Field->SchemaId() == MetadataSchema::SCHEMAID_USER)
853  {
854  $FieldValue = $User->Get($Field);
855  }
856  else
857  {
858  # Note: Resource::Get() on a ControlledName with
859  # IncludeVariants=TRUE does not return CNIds for
860  # array indexes, which will break the normalization
861  # below, so do not change this to add $IncludeVariants
862  # without revising the normalization code below
863  $FieldValue = $Resource->Get($Field);
864  }
865 
866  # normalize field value for comparison
867  switch ($Field->Type())
868  {
871  # get the UserIds or CNIds from this field
872  $FieldValue = array_keys($FieldValue);
873  break;
874 
877  # convert returned value to a numeric timestamp
878  $FieldValue = strtotime($FieldValue);
879  break;
880 
883  # no conversion needed
884  break;
885 
886  default:
887  throw new Exception("Unsupported metadata field type ("
888  .print_r($Field->Type(), TRUE)
889  .") for condition in privilege set with resource.");
890  break;
891  }
892 
893  # cache the normalized value for subsequent reuse
894  self::$ValueCache[$CacheKey] = $FieldValue;
895  }
896 
897  return self::$ValueCache[$CacheKey];
898  }
899 
908  private function CompareNormalizedFieldValues($FieldValue, $Operator, $Value)
909  {
910  # compare field value and supplied value using specified operator
911 
912  # if this is a multi-value field, be sure that the provided
913  # operator makes sense
914  if (is_array($FieldValue) && !in_array($Operator, ["==", "!="]) )
915  {
916  throw new Exception(
917  "Multiple-value fields ony support == and != operators");
918  }
919 
920  switch ($Operator)
921  {
922  case "==":
923  if (is_array($FieldValue))
924  {
925  # equality against multi-value fields is
926  # interpreted as 'contains', true if the
927  # target value is one of those set
928  $Result = in_array($Value, $FieldValue);
929  }
930  else
931  {
932  $Result = ($FieldValue == $Value);
933  }
934  break;
935 
936  case "!=":
937  if (is_array($FieldValue))
938  {
939  # not equal against multi-value fields is
940  # interpreted as 'does not contain', true as long as
941  # the target value is not one of those set
942  $Result = !in_array($Value, $FieldValue);
943  }
944  else
945  {
946  $Result = ($FieldValue != $Value);
947  }
948  break;
949 
950  case "<":
951  $Result = ($FieldValue < $Value);
952  break;
953 
954  case ">":
955  $Result = ($FieldValue > $Value);
956  break;
957 
958  case "<=":
959  $Result = ($FieldValue <= $Value);
960  break;
961 
962  case ">=":
963  $Result = ($FieldValue >= $Value);
964  break;
965 
966  default:
967  throw new Exception("Unsupported condition operator ("
968  .print_r($Operator, TRUE).") in privilege set.");
969  break;
970  }
971 
972  # report to caller whether condition was met
973  return $Result ? TRUE : FALSE;
974  }
975 
986  private function CountResourcesThatSatisfyCondition(
987  $User, $Field, $Operator, $Value)
988  {
989  # get the SchemaId for this field
990  $ScId = $Field->SchemaId();
991 
992  # pull out an RFactory for the field's schema
993  if (!isset($this->RFactories[$ScId]))
994  {
995  $this->RFactories[$ScId] = new ResourceFactory($ScId);
996  }
997 
998  switch ($Field->Type())
999  {
1005  $ValuesToMatch = array(
1006  $Field->Id() => $Value,
1007  );
1008 
1009  $Matches = $this->RFactories[$ScId]->GetMatchingResources(
1010  $ValuesToMatch, TRUE, FALSE, $Operator);
1011 
1012  $Count = count($Matches);
1013  break;
1014 
1016  # find the number of resources associated with this option
1017  $Count = $this->RFactories[$ScId]->AssociatedVisibleResourceCount(
1018  $Value, $User, TRUE);
1019 
1020  # if our Op was !=, then subtract the resources
1021  # that have the spec'd option out of the total to
1022  # figure out how many lack the option
1023  if ($Operator == "!=")
1024  {
1025  $Count = $this->RFactories[$ScId]->GetVisibleResourcesCount(
1026  $User) - $Count;
1027  }
1028 
1029  break;
1030 
1031  default:
1032  throw new Exception("Unsupported metadata field type ("
1033  .print_r($Field->Type(), TRUE)
1034  .") for condition in privilege set without resource.");
1035  break;
1036  }
1037 
1038  return $Count;
1039  }
1040 
1049  private function IsInPrivilegeData($Item)
1050  {
1051  # step through privilege data
1052  foreach ($this->Privileges as $Priv)
1053  {
1054  # report to caller if item is found
1055  if (is_object($Item))
1056  {
1057  if (is_object($Priv) && ($Item == $Priv)) { return TRUE; }
1058  }
1059  elseif (is_array($Item))
1060  {
1061  if (is_array($Priv) && ($Item == $Priv)) { return TRUE; }
1062  }
1063  elseif ($Item == $Priv) { return TRUE; }
1064  }
1065 
1066  # report to caller that item is not in privilege data
1067  return FALSE;
1068  }
1069 }
RemoveCondition($Field, $Value=NULL, $Operator="==", $IncludeSubsets=FALSE)
Remove condition from privilege set.
AddSet(PrivilegeSet $Set)
Add subgroup of privileges/conditions to set.
GetPossibleNecessaryPrivileges()
Get all privileges that could be necessary to fulfill privilege set requirements. ...
FindUsersThatMeetRequirements($ResourceIds=array())
Find all users that meet the requirements for this privilege set.
ComparisonCount()
Get number of privilege comparisons in set, including those in subgroups.
HasPriv($Privilege, $Privileges=NULL)
Determine if a user has a given privilege, or satisfies the conditions specified by a given privilege...
Definition: CWUser.php:104
Set of privileges used to access resource information or other parts of the system.
MeetsRequirements(CWUser $User, $Resource=self::NO_RESOURCE)
Determine if a given user meets the requirements specified by this PrivilegeSet.
ChecksField($FieldId)
Determine if a PrivilegeSet checks values from a specified field.
CWIS-specific user factory class.
__construct($Data=NULL)
Class constructor, used to create a new set or reload an existing set from previously-constructed dat...
IncludesPrivilege($Privilege)
Check whether this privilege set includes the specified privilege.
GetPrivilegeInfo()
Get privilege information as an array, with numerical indexes except for the logic, which is contained in a element with the index "Logic".
static FieldExistsInAnySchema($Field)
Determine if a Field exists in any schema.
AddPrivilege($Privileges)
Add specified privilege to set.
PrivilegeFlagsChecked()
List which privilege flags (e.g.
GetPrivilegeList()
Get list of privileges.
Object representing a locally-defined type of metadata field.
Data($NewValue=NULL)
Get/set privilege set data, in the form of an opaque string.
Represents a "resource" in CWIS.
Definition: Resource.php:13
FieldsWithUserComparisons($ComparisonType=NULL)
List which fields in this privset are involved in UserIs or UserIsNot comparisons for this privilege ...
static ClearCaches()
Clear internal caches.
Factory for Resource objects.
CWIS-specific user class.
Definition: CWUser.php:13
AddCondition($Field, $Value=NULL, $Operator="==")
Add condition to privilege set.
RemovePrivilege($Privilege)
Remove specified privilege from set.
AllRequired($NewValue=NULL)
Get/set whether all privileges/conditions in set are required (i.e.