Changeset 4871
- Timestamp:
- 09/02/08 17:35:22 (10 months ago)
- Files:
-
- 1 modified
Legend:
- Unmodified
- Added
- Removed
-
branches/1.0/docs/cookbook/en/record-based-retrieval-security-template.txt
r4855 r4871 13 13 14 14 ++ Template 15 <code> 16 15 16 <code type="php"> 17 17 class gsSecurityTemplate extends Doctrine_Template 18 18 { … … 27 27 public function __construct(array $options) 28 28 { 29 if ( !isset($options['conditions']) || empty($options['conditions']) )29 if (!isset($options['conditions']) || empty($options['conditions'])) { 30 30 throw new Doctrine_Exception('Unable to create security template without conditions'); 31 } 31 32 32 33 $this->_options = $options; … … 65 66 $params = $event->getParams(); 66 67 67 if($class == $params['alias']) 68 if($class == $params['alias']) { 68 69 return; 70 } 69 71 70 72 $q = $event->getQuery(); 71 73 72 74 // only apply to the main protected table not chained tables... may break some situations 73 if(!$q->contains('FROM '.$class)) 75 if(!$q->contains('FROM '.$class)) { 74 76 return; 77 } 75 78 76 79 $wheres = array(); … … 79 82 $from = $q->getDqlPart('from'); 80 83 81 foreach($this->_options['conditions'] as $rel_name => $conditions) 82 { 84 foreach ($this->_options['conditions'] as $rel_name => $conditions) { 83 85 $apply = false; 84 foreach($conditions['apply_to'] as $val) 85 { 86 if(in_array($val,self::$_credentials)) 87 { 86 foreach ($conditions['apply_to'] as $val) { 87 if (in_array($val,self::$_credentials)) { 88 88 $apply = true; 89 89 break; … … 91 91 } 92 92 93 if($apply) 94 { 93 if ($apply) { 95 94 $alias = $params['alias']; 96 95 $aliases = array(); 97 96 $aliases[] = $alias; 98 97 99 foreach($conditions['through'] as $key => $table) 100 { 98 foreach ($conditions['through'] as $key => $table) { 101 99 $index = 0; 102 100 $found = false; 103 foreach($from as $index => $val) 104 { 105 if(strpos($val,$table) !== false) 106 { 101 foreach ($from as $index => $val) { 102 if (strpos($val,$table) !== false) { 107 103 $found = true; 108 104 break; … … 111 107 } 112 108 113 if($found) 114 { 109 if ($found) { 115 110 $vals = explode(' ', substr($from[$index],strpos($from[$index],$table))); 116 111 $alias = (count($vals) == 2) ? $vals[1]:$vals[0]; 117 112 $aliases[] = $alias; 118 } 119 else 120 { 113 } else { 121 114 $newalias = strtolower(substr($table,0,3)).self::$_alias_count++; 122 115 $q->leftJoin(end($aliases).'.'.$table.' '.$newalias); … … 130 123 } 131 124 132 if(!empty($wheres)) 125 if(!empty($wheres)) { 133 126 $q->addWhere( '('.implode(' OR ',$wheres).')',$pars); 127 } 134 128 } 135 129 … … 151 145 the box without the indexes - YMMV. 152 146 153 <code >147 <code type="yaml"> 154 148 --- 155 149 Account: … … 236 230 is_active: { type: boolean, default: true } 237 231 238 #-------------------------------------------------------------------------------------239 232 User: 240 233 relations: … … 306 299 307 300 Once you've built your models from the schema, you should see something like the following in your model's setUp function. 308 <code> 309 301 302 <code type="php"> 310 303 $gssecuritytemplate0 = new gsSecurityTemplate(array('conditions' => array('Division' => array( 'through' => array( 0 => 'Division', 1 => 'UserDivision', ), 'field' => 'user_id', 'apply_to' => array( 0 => 'division_manager', ), 'exclude_for' => array( 0 => 'admin', ), ), 'Branch' => array( 'through' => array( 0 => 'Branch', 1 => 'UserBranch', ), 'field' => 'user_id', 'apply_to' => array( 0 => 'branch_manager', ), 'exclude_for' => array( 0 => 'admin', 1 => 'division_manager', 2 => 'district_manager', ), ), 'Salesperson' => array( 'through' => array( 0 => 'Salesperson', 1 => 'UserSalesperson', ), 'field' => 'user_id', 'apply_to' => array( 0 => 'salesperson', ), 'exclude_for' => array( 0 => 'admin', 1 => 'division_manager', 2 => 'district_manager', 3 => 'branch_manager', ), ), 'District' => array( 'through' => array( 0 => 'Branch', 1 => 'District', 2 => 'UserDistrict', ), 'field' => 'user_id', 'apply_to' => array( 0 => 'district_manager', ), 'exclude_for' => array( 0 => 'admin', 1 => 'division_manager', ), )))); 311 304 $this->actAs($gssecuritytemplate0); 312 313 305 </code> 314 306 315 307 The last part you need to use is to provide the template with the running user's credentials and id. In my project's session bootstrapping I have the following ( I use the symfony MVC framework ). 316 <code> 308 309 <code type="php"> 317 310 public function initialize($context, $parameters = null) 318 311 { … … 326 319 This provides the credentials the user was given when they logged in as well as their id. 327 320 328 329 321 ++ User setup 330 322 … … 338 330 339 331 The query below 332 333 <code type="php"> 334 $accounts = Doctrine_Query::create()->from('Account a')->leftJoin('a.Branches b')->where('a.company_name LIKE ?','A%')->execute(); 335 </code> 336 337 produces the resulting sql. 338 340 339 <code> 341 $accounts = Doctrine_Query::create()->from('Account a')->leftJoin('a.Branches b')->where('a.company_name LIKE ?','A%')->execute();342 </code>343 344 produces the resulting sql.345 346 <code>347 </code>348 349 340 SELECT ... FROM accounts a2 LEFT JOIN branches b2 ON a2.branch_id = b2.id LEFT JOIN divisions d2 ON a2.division_id = d2.id LEFT JOIN user_divisions u2 ON d2.id = u2.division_id WHERE a2.company_name LIKE ? AND u2.user_id = ? ORDER BY a2.company_name 350 351 341 <code> 352 342 … … 355 345 returned to choose from. 356 346 357 358 347 ++ Restrictions 359 348
