diff --git a/addons/userrights/userrightsprofile.class.inc.php b/addons/userrights/userrightsprofile.class.inc.php index 326f4ef0a..e05c88d1c 100644 --- a/addons/userrights/userrightsprofile.class.inc.php +++ b/addons/userrights/userrightsprofile.class.inc.php @@ -405,12 +405,6 @@ class UserRightsProfile extends UserRightsAddOnAPI { } - - protected $m_aAdmins = array(); // id -> bool, true if the user has the well-known admin profile - protected $m_aPortalUsers = array(); // id -> bool, true if the user has the well-known portal user profile - - protected $m_aProfiles; // id -> object - protected $m_aUserProfiles = array(); // userid,profileid -> object protected $m_aUserOrgs = array(); // userid -> array of orgid // Built on demand, could be optimized if necessary (doing a query for each attribute that needs to be read) @@ -458,114 +452,64 @@ class UserRightsProfile extends UserRightsAddOnAPI return $this->m_aUserOrgs[$iUser]; } - /** - * Read and cache profiles of the given user - */ - protected function GetUserProfiles($iUser) - { - if (!array_key_exists($iUser, $this->m_aUserProfiles)) - { - $oSearch = new DBObjectSearch('URP_UserProfile'); - $oSearch->AllowAllData(); - $oCondition = new BinaryExpression(new FieldExpression('userid'), '=', new VariableExpression('userid')); - $oSearch->AddConditionExpression($oCondition); - - $this->m_aUserProfiles[$iUser] = array(); - $oUserProfileSet = new DBObjectSet($oSearch, array(), array('userid' => $iUser)); - while ($oUserProfile = $oUserProfileSet->Fetch()) - { - $this->m_aUserProfiles[$iUser][$oUserProfile->Get('profileid')] = $oUserProfile; - } - } - return $this->m_aUserProfiles[$iUser]; - - } - public function ResetCache() { // Loaded by Load cache - $this->m_aProfiles = null; - $this->m_aUserProfiles = array(); $this->m_aUserOrgs = array(); - $this->m_aAdmins = array(); - $this->m_aPortalUsers = array(); - // Cache $this->m_aObjectActionGrants = array(); } public function LoadCache() { - if (!is_null($this->m_aProfiles)) return; - // Could be loaded in a shared memory (?) - - $oKPI = new ExecutionKPI(); - - if (self::HasSharing()) + static $bSharedObjectInitialized = false; + if (!$bSharedObjectInitialized) { - SharedObject::InitSharedClassProperties(); + $bSharedObjectInitialized = true; + if (self::HasSharing()) + { + SharedObject::InitSharedClassProperties(); + } } - - $oProfileSet = new DBObjectSet(DBObjectSearch::FromOQL_AllData("SELECT URP_Profiles")); - $this->m_aProfiles = array(); - while ($oProfile = $oProfileSet->Fetch()) - { - $this->m_aProfiles[$oProfile->GetKey()] = $oProfile; - } - - $oKPI->ComputeAndReport('Load of user management cache (excepted Action Grants)'); - -/* - echo "
\n";
-		print_r($this->m_aProfiles);
-		print_r($this->m_aUserProfiles);
-		print_r($this->m_aUserOrgs);
-		echo "
\n"; -exit; -*/ - return true; } + /** + * @param $oUser User + * @return array + */ public function IsAdministrator($oUser) { - //$this->LoadCache(); - $iUser = $oUser->GetKey(); - if (!array_key_exists($iUser, $this->m_aAdmins)) - { - $bIsAdmin = false; - foreach($this->GetUserProfiles($iUser) as $oUserProfile) - { - if ($oUserProfile->Get('profile') == ADMIN_PROFILE_NAME) - { - $bIsAdmin = true; - break; - } - } - $this->m_aAdmins[$iUser] = $bIsAdmin; - } - return $this->m_aAdmins[$iUser]; + // UserRights caches the list for us + return UserRights::HasProfile(ADMIN_PROFILE_NAME, $oUser); } + /** + * @param $oUser User + * @return array + */ public function IsPortalUser($oUser) { - //$this->LoadCache(); - $iUser = $oUser->GetKey(); - if (!array_key_exists($iUser, $this->m_aPortalUsers)) - { - $bIsPortalUser = false; - foreach($this->GetUserProfiles($iUser) as $oUserProfile) - { - if ($oUserProfile->Get('profile') == PORTAL_PROFILE_NAME) - { - $bIsPortalUser = true; - break; - } + // UserRights caches the list for us + return UserRights::HasProfile(PORTAL_PROFILE_NAME, $oUser); } - $this->m_aPortalUsers[$iUser] = $bIsPortalUser; + /** + * @param $oUser User + * @return bool + */ + public function ListProfiles($oUser) + { + $aRet = array(); + $oSearch = new DBObjectSearch('URP_UserProfile'); + $oSearch->AllowAllData(); + $oSearch->Addcondition('userid', $oUser->GetKey(), '='); + $oProfiles = new DBObjectSet($oSearch); + while ($oUserProfile = $oProfiles->Fetch()) + { + $aRet[$oUserProfile->Get('profileid')] = $oUserProfile->Get('profileid_friendlyname'); } - return $this->m_aPortalUsers[$iUser]; + return $aRet; } public function GetSelectFilter($oUser, $sClass, $aSettings = array()) @@ -621,8 +565,8 @@ exit; $sAction = self::$m_aActionCodes[$iActionCode]; $bStatus = null; - $aAttributes = array(); - foreach($this->GetUserProfiles($iUser) as $iProfile => $oProfile) + // Call the API of UserRights because it caches the list for us + foreach(UserRights::ListProfiles($oUser) as $iProfile => $oProfile) { $bGrant = $this->GetProfileActionGrant($iProfile, $sClass, $sAction); if (!is_null($bGrant)) @@ -645,12 +589,11 @@ exit; $aRes = array( 'permission' => $iPermission, -// 'attributes' => $aAttributes, ); $this->m_aObjectActionGrants[$iUser][$sClass][$iActionCode] = $aRes; return $aRes; } - + public function IsActionAllowed($oUser, $sClass, $iActionCode, $oInstanceSet = null) { $this->LoadCache(); @@ -752,7 +695,8 @@ exit; // Note: The object set is ignored because it was interesting to optimize for huge data sets // and acceptable to consider only the root class of the object set $bStatus = null; - foreach($this->GetUserProfiles($iUser) as $iProfile => $oProfile) + // Call the API of UserRights because it caches the list for us + foreach(UserRights::ListProfiles($oUser) as $iProfile => $oProfile) { $bGrant = $this->GetClassStimulusGrant($iProfile, $sClass, $sStimulusCode); if (!is_null($bGrant)) diff --git a/application/loginwebpage.class.inc.php b/application/loginwebpage.class.inc.php index e4da6f18a..35adab008 100644 --- a/application/loginwebpage.class.inc.php +++ b/application/loginwebpage.class.inc.php @@ -418,18 +418,10 @@ EOF static function ResetSession() { - if (isset($_SESSION['login_mode'])) - { - $sPreviousLoginMode = $_SESSION['login_mode']; - } - else - { - $sPreviousLoginMode = ''; - } // Unset all of the session variables. unset($_SESSION['auth_user']); unset($_SESSION['login_mode']); - unset($_SESSION['profile_list']); + UserRights::_ResetSessionCache(); // If it's desired to kill the session, also delete the session cookie. // Note: This will destroy the session, and not just the session data! } @@ -655,6 +647,7 @@ EOF $_SESSION['auth_user'] = $sAuthUser; $_SESSION['login_mode'] = $sLoginMode; + UserRights::_InitSessionCache(); } } } @@ -872,7 +865,7 @@ EOF $aAllowedPortals[] = array( 'id' => $sPortalId, 'label' => $oDispatcher->GetLabel(), - 'url' => $oDispatcher->GetUrl(), + 'url' => $oDispatcher->GetUrl(), ); } } diff --git a/application/portaldispatcher.class.inc.php b/application/portaldispatcher.class.inc.php index b56da6b68..ce71cfec2 100644 --- a/application/portaldispatcher.class.inc.php +++ b/application/portaldispatcher.class.inc.php @@ -13,20 +13,7 @@ class PortalDispatcher public function IsUserAllowed() { $bRet = true; - if (array_key_exists('profile_list', $_SESSION)) - { - $aProfiles = $_SESSION['profile_list']; - } - else - { - $oUser = UserRights::GetUserObject(); - $oSet = $oUser->Get('profile_list'); - while(($oLnkUserProfile = $oSet->Fetch()) !== null) - { - $aProfiles[] = $oLnkUserProfile->Get('profileid_friendlyname'); - } - $_SESSION['profile_list'] = $aProfiles; - } + $aProfiles = UserRights::ListProfiles(); foreach($this->aData['deny'] as $sDeniedProfile) { diff --git a/core/userrights.class.inc.php b/core/userrights.class.inc.php index 787969c9d..a65752fe1 100644 --- a/core/userrights.class.inc.php +++ b/core/userrights.class.inc.php @@ -67,6 +67,18 @@ abstract class UserRightsAddOnAPI abstract public function IsPortalUser($oUser); abstract public function FlushPrivileges(); + + /** + * Default behavior for addons that do not support profiles + * + * @param $oUser User + * @return array + */ + public function ListProfiles($oUser) + { + return array(); + } + /** * ... */ @@ -821,7 +833,6 @@ class UserRights } } - public static function IsActionAllowed($sClass, $iActionCode, /*dbObjectSet*/ $oInstanceSet = null, $oUser = null) { // When initializing, we need to let everything pass trough @@ -929,7 +940,7 @@ class UserRights return self::$m_oAddOn->IsActionAllowedOnAttribute($oUser, $sClass, $sAttCode, $iActionCode, $oInstanceSet); } - static $m_aAdmins = array(); + protected static $m_aAdmins = array(); public static function IsAdministrator($oUser = null) { if (!self::CheckLogin()) return false; @@ -946,7 +957,7 @@ class UserRights return self::$m_aAdmins[$iUser]; } - static $m_aPortalUsers = array(); + protected static $m_aPortalUsers = array(); public static function IsPortalUser($oUser = null) { if (!self::CheckLogin()) return false; @@ -963,6 +974,39 @@ class UserRights return self::$m_aPortalUsers[$iUser]; } + public static function ListProfiles($oUser = null) + { + if (is_null($oUser)) + { + $oUser = self::$m_oUser; + } + if ($oUser->GetKey() == self::$m_oUser->GetKey()) + { + // Data about the current user can be found into the session data + if (array_key_exists('profile_list', $_SESSION)) + { + $aProfiles = $_SESSION['profile_list']; + } + } + + if (!isset($aProfiles)) + { + $aProfiles = self::$m_oAddOn->ListProfiles($oUser); + } + return $aProfiles; + } + + /** + * @param $sProfileName Profile name to search for + * @param $oUser User|null + * @return bool + */ + public static function HasProfile($sProfileName, $oUser = null) + { + $bRet = in_array($sProfileName, self::ListProfiles($oUser)); + return $bRet; + } + /** * Reset cached data * @param Bool Reset admin cache as well @@ -975,7 +1019,9 @@ class UserRights if ($bResetAdminCache) { self::$m_aAdmins = array(); + self::$m_aPortalUsers = array(); } + self::_ResetSessionCache(); return self::$m_oAddOn->FlushPrivileges(); } @@ -1033,6 +1079,17 @@ class UserRights { return self::$m_oAddOn->MakeSelectFilter($sClass, $aAllowedOrgs, $aSettings, $sAttCode); } + + public static function _InitSessionCache() + { + // Cache data about the current user into the session + $_SESSION['profile_list'] = self::ListProfiles(); + } + + public static function _ResetSessionCache() + { + unset($_SESSION['profile_list']); + } } /**