From 1bc1a0a1b28e7e09afc3f68ce8ce18159cf374c2 Mon Sep 17 00:00:00 2001
From: Romain Quetiez <romain.quetiez@combodo.com>
Date: Tue, 5 Jun 2012 15:46:24 +0000
Subject: [PATCH] #556 Merged in branch 1.2

SVN:1.2[2083]
---
 .../userrightsprofile.class.inc.php           | 174 ++++++++++--------
 1 file changed, 98 insertions(+), 76 deletions(-)

diff --git a/addons/userrights/userrightsprofile.class.inc.php b/addons/userrights/userrightsprofile.class.inc.php
index f479bf33a3..c0c0235bbe 100644
--- a/addons/userrights/userrightsprofile.class.inc.php
+++ b/addons/userrights/userrightsprofile.class.inc.php
@@ -597,12 +597,12 @@ class UserRightsProfile extends UserRightsAddOnAPI
 	}
 
 
-	protected $m_aAdmins; // id of users being linked to the well-known admin profile
-	protected $m_aPortalUsers; // id of users being linked to the well-known admin profile
+	protected $m_aAdmins = array(); // id -> bool, true if the user has the well-known admin profile
+	protected $m_aPortalUsers = array(); // id -> bool, true if the user has the well-known portal user profile
 
 	protected $m_aProfiles; // id -> object
-	protected $m_aUserProfiles; // userid,profileid -> object
-	protected $m_aUserOrgs; // userid -> orgid
+	protected $m_aUserProfiles = array(); // userid,profileid -> object
+	protected $m_aUserOrgs = array(); // userid -> array of orgid
 
 	// Those arrays could be completed on demand (inheriting parent permissions)
 	protected $m_aClassActionGrants = null; // profile, class, action -> actiongrantid (or false if NO, or null/missing if undefined)
@@ -611,20 +611,76 @@ class UserRightsProfile extends UserRightsAddOnAPI
 	// Built on demand, could be optimized if necessary (doing a query for each attribute that needs to be read)
 	protected $m_aObjectActionGrants = array();
 
-	protected function GetUserOrgs($oUser, $sClass)
+	/**
+	 * Read and cache organizations allowed to the given user
+	 */
+	protected function GetUserOrgs($iUser)
 	{
-		return @$this->m_aUserOrgs[$oUser->GetKey()];
+		if (!array_key_exists($iUser, $this->m_aUserOrgs))
+		{
+			$this->m_aUserOrgs[$iUser] = array();
+
+			$sHierarchicalKeyCode = MetaModel::IsHierarchicalClass('Organization');
+			if ($sHierarchicalKeyCode !== false)
+			{
+				$sUserOrgQuery = 'SELECT UserOrg, Org FROM Organization AS Org JOIN Organization AS Root ON Org.'.$sHierarchicalKeyCode.' BELOW Root.id JOIN URP_UserOrg AS UserOrg ON UserOrg.allowed_org_id = Root.id WHERE UserOrg.userid = :userid';
+				$oUserOrgSet = new DBObjectSet(DBObjectSearch::FromOQL_AllData($sUserOrgQuery), array(), array('userid' => $iUser));
+				while ($aRow = $oUserOrgSet->FetchAssoc())
+				{
+					$oUserOrg = $aRow['UserOrg'];
+					$oOrg = $aRow['Org'];
+					$this->m_aUserOrgs[$iUser][] = $oOrg->GetKey();
+				}
+			}
+			else
+			{
+				$oSearch = new DBObjectSearch('URP_UserOrg');
+				$oSearch->AllowAllData();
+				$oCondition = new BinaryExpression(new FieldExpression('userid'), '=', new VariableExpression('userid'));
+				$oSearch->AddConditionExpression($oCondition);
+				
+				$oUserOrgSet = new DBObjectSet($oSearch, array(), array('userid' => $iUser));
+				while ($oUserOrg = $oUserOrgSet->Fetch())
+				{
+					$this->m_aUserOrgs[$iUser][] = $oUserOrg->Get('allowed_org_id');
+				}
+			}
+		}
+		return $this->m_aUserOrgs[$iUser];
+	}
+
+	/**
+	 * Read and cache profiles of the given user
+	 */
+	protected function GetUserProfiles($iUser)
+	{
+		if (!array_key_exists($iUser, $this->m_aUserProfiles))
+		{
+			$oSearch = new DBObjectSearch('URP_UserProfile');
+			$oSearch->AllowAllData();
+			$oCondition = new BinaryExpression(new FieldExpression('userid'), '=', new VariableExpression('userid'));
+			$oSearch->AddConditionExpression($oCondition);
+			
+			$this->m_aUserProfiles[$iUser] = array();
+			$oUserProfileSet = new DBObjectSet($oSearch, array(), array('userid' => $iUser));
+			while ($oUserProfile = $oUserProfileSet->Fetch())
+			{
+				$this->m_aUserProfiles[$iUser][$oUserProfile->Get('profileid')] = $oUserProfile;
+			}
+		}
+		return $this->m_aUserProfiles[$iUser];
+
 	}
 
 	public function ResetCache()
 	{
 		// Loaded by Load cache
 		$this->m_aProfiles = null; 
-		$this->m_aUserProfiles = null;
-		$this->m_aUserOrgs = null;
+		$this->m_aUserProfiles = array();
+		$this->m_aUserOrgs = array();
 
-		$this->m_aAdmins = null;
-		$this->m_aPortalUsers = null;
+		$this->m_aAdmins = array();
+		$this->m_aPortalUsers = array();
 
 		// Loaded on demand (time consuming as compared to the others)
 		$this->m_aClassActionGrants = null;
@@ -671,46 +727,6 @@ class UserRightsProfile extends UserRightsAddOnAPI
 			$this->m_aProfiles[$oProfile->GetKey()] = $oProfile; 
 		}
 
-		$oUserProfileSet = new DBObjectSet(DBObjectSearch::FromOQL_AllData("SELECT URP_UserProfile"));
-		$this->m_aUserProfiles = array();
-		$this->m_aAdmins = array();
-		$this->m_aPortalUsers = array();
-		while ($oUserProfile = $oUserProfileSet->Fetch())
-		{
-			$this->m_aUserProfiles[$oUserProfile->Get('userid')][$oUserProfile->Get('profileid')] = $oUserProfile;
-			if ($oUserProfile->Get('profile') == ADMIN_PROFILE_NAME)
-			{
-				$this->m_aAdmins[] = $oUserProfile->Get('userid');
-			}
-			elseif ($oUserProfile->Get('profile') == PORTAL_PROFILE_NAME)
-			{
-				$this->m_aPortalUsers[] = $oUserProfile->Get('userid');
-			}
-		}
-
-		$this->m_aUserOrgs = array();
-
-		$sHierarchicalKeyCode = MetaModel::IsHierarchicalClass('Organization');
-		if ($sHierarchicalKeyCode !== false)
-		{
-			$sUserOrgQuery = 'SELECT UserOrg, Org FROM Organization AS Org JOIN Organization AS Root ON Org.'.$sHierarchicalKeyCode.' BELOW Root.id JOIN URP_UserOrg AS UserOrg ON UserOrg.allowed_org_id = Root.id';
-			$oUserOrgSet = new DBObjectSet(DBObjectSearch::FromOQL_AllData($sUserOrgQuery));
-			while ($aRow = $oUserOrgSet->FetchAssoc())
-			{
-				$oUserOrg = $aRow['UserOrg'];
-				$oOrg = $aRow['Org'];
-				$this->m_aUserOrgs[$oUserOrg->Get('userid')][] = $oOrg->GetKey();
-			}
-		}
-		else
-		{
-			$oUserOrgSet = new DBObjectSet(DBObjectSearch::FromOQL_AllData("SELECT URP_UserOrg"));
-			while ($oUserOrg = $oUserOrgSet->Fetch())
-			{
-				$this->m_aUserOrgs[$oUserOrg->Get('userid')][] = $oUserOrg->Get('allowed_org_id');
-			}
-		}
-
 		$this->m_aClassStimulusGrants = array();
 		$oStimGrantSet = new DBObjectSet(DBObjectSearch::FromOQL_AllData("SELECT URP_StimulusGrant"));
 		$this->m_aStimGrants = array();
@@ -737,31 +753,43 @@ exit;
 
 	public function IsAdministrator($oUser)
 	{
-		$this->LoadCache();
-
-		if (in_array($oUser->GetKey(), $this->m_aAdmins))
+		//$this->LoadCache();
+		$iUser = $oUser->GetKey();
+		if (!array_key_exists($iUser, $this->m_aAdmins))
 		{
-			return true;
-		}
-		else
+			$bIsAdmin = false;
+			foreach($this->GetUserProfiles($iUser) as $oUserProfile)
 		{
-			return false;
+				if ($oUserProfile->Get('profile') == ADMIN_PROFILE_NAME)
+				{
+					$bIsAdmin = true;
+					break;
 		}
 	}
+			$this->m_aAdmins[$iUser] = $bIsAdmin;
+		}
+		return $this->m_aAdmins[$iUser];
+	}
 
 	public function IsPortalUser($oUser)
 	{
-		$this->LoadCache();
-
-		if (in_array($oUser->GetKey(), $this->m_aPortalUsers))
+		//$this->LoadCache();
+		$iUser = $oUser->GetKey();
+		if (!array_key_exists($iUser, $this->m_aPortalUsers))
 		{
-			return true;
-		}
-		else
+			$bIsPortalUser = false;
+			foreach($this->GetUserProfiles($iUser) as $oUserProfile)
 		{
-			return false;
+				if ($oUserProfile->Get('profile') == PORTAL_PROFILE_NAME)
+				{
+					$bIsPortalUser = true;
+					break;
 		}
 	}
+			$this->m_aPortalUsers[$iUser] = $bIsPortalUser;
+		}
+		return $this->m_aPortalUsers[$iUser];
+	}
 
 	public function GetSelectFilter($oUser, $sClass, $aSettings = array())
 	{
@@ -783,10 +811,10 @@ exit;
 		}
 		// Position the user
 		//
-		$aUserOrgs = $this->GetUserOrgs($oUser, $sClass);
-		if (is_null($aUserOrgs) || count($aUserOrgs) == 0)
+		$aUserOrgs = $this->GetUserOrgs($oUser->GetKey());
+		if (count($aUserOrgs) == 0)
 		{
-			// No position means 'Everywhere'
+			// No org means 'any org'
 			return true;
 		}
 
@@ -898,10 +926,8 @@ exit;
 
 		$iPermission = UR_ALLOWED_NO;
 		$aAttributes = array();
-		if (isset($this->m_aUserProfiles[$iUser]))
+		foreach($this->GetUserProfiles($iUser) as $iProfile => $oProfile)
 		{
-			foreach($this->m_aUserProfiles[$iUser] as $iProfile => $oProfile)
-			{
 				$iGrant = $this->GetProfileActionGrant($iProfile, $sClass, $sAction);
 				if (is_null($iGrant) || !$iGrant)
 				{
@@ -910,7 +936,7 @@ exit;
 				else
 				{
 					$iPermission = UR_ALLOWED_YES;
-	
+
 					// update the list of attributes with those allowed for this profile
 					//
 					$oSearch = DBObjectSearch::FromOQL_AllData("SELECT URP_AttributeGrant WHERE actiongrantid = :actiongrantid");
@@ -927,7 +953,6 @@ exit;
 					}
 				}
 			}
-		}
 
 		$aRes = array(
 			'permission' => $iPermission,
@@ -1055,10 +1080,8 @@ exit;
 		// Note: The object set is ignored because it was interesting to optimize for huge data sets
 		//       and acceptable to consider only the root class of the object set
 		$iPermission = UR_ALLOWED_NO;
-		if (isset($this->m_aUserProfiles[$iUser]))
+		foreach($this->GetUserProfiles($iUser) as $iProfile => $oProfile)
 		{
-			foreach($this->m_aUserProfiles[$iUser] as $iProfile => $oProfile)
-			{
 				$oGrantRecord = $this->GetClassStimulusGrant($iProfile, $sClass, $sStimulusCode);
 				if (!is_null($oGrantRecord))
 				{
@@ -1066,7 +1089,6 @@ exit;
 					$iPermission = UR_ALLOWED_YES;
 				}
 			}
-		}
 		return $iPermission;
 	}