1 no warnings qw(redefine);
11 my $right = $args{'Right'};
14 "SELECT ACL.id, ACL.ObjectType, ACL.ObjectId " .
15 "FROM ACL, Principals, CachedGroupMembers WHERE ";
17 if ( $self->CurrentUser->UserObj->FirstAttribute('DisableSuperUser') && $self->CurrentUser->UserObj->FirstAttribute('DisableSuperUser')->Content ) {
18 # Only find rights with the name $right
19 $query .= " (ACL.RightName = '$right') ";
21 # Only find superuser or rights with the name $right
22 $query .= " (ACL.RightName = 'SuperUser' OR ACL.RightName = '$right') ";
25 # Never find disabled groups.
26 $query .= "AND Principals.id = ACL.PrincipalId "
27 . "AND Principals.PrincipalType = 'Group' "
28 . "AND Principals.Disabled = 0 "
30 # See if the principal is a member of the group recursively or _is the rightholder_
31 # never find recursively disabled group members
32 # also, check to see if the right is being granted _directly_ to this principal,
33 # as is the case when we want to look up group rights
34 . "AND CachedGroupMembers.GroupId = ACL.PrincipalId "
35 . "AND CachedGroupMembers.GroupId = Principals.id "
36 . "AND CachedGroupMembers.MemberId = ". $self->Id ." "
37 . "AND CachedGroupMembers.Disabled = 0 ";
40 foreach my $obj ( @{ $args{'EquivObjects'} } ) {
41 my $type = ref( $obj ) || $obj;
42 my $clause = "ACL.ObjectType = '$type'";
44 if ( ref($obj) && UNIVERSAL::can($obj, 'id') && $obj->id ) {
45 $clause .= " AND ACL.ObjectId = ". $obj->id;
48 push @clauses, "($clause)";
51 $query .= " AND (". join( ' OR ', @clauses ) .")";
54 $self->_Handle->ApplyLimits( \$query, 1 );
55 my ($hit, $obj, $id) = $self->_Handle->FetchResult( $query );
56 return (0) unless $hit;
58 $obj .= "-$id" if $id;
70 my $right = $args{'Right'};
74 "FROM ACL, Groups, Principals, CachedGroupMembers WHERE ";
76 if ( $self->CurrentUser->UserObj->FirstAttribute('DisableSuperUser') && $self->CurrentUser->UserObj->FirstAttribute('DisableSuperUser')->Content ) {
77 # Only find rights with the name $right
78 $query .= " (ACL.RightName = '$right') ";
80 # Only find superuser or rights with the name $right
81 $query .= " (ACL.RightName = 'SuperUser' OR ACL.RightName = '$right') ";
84 # Never find disabled things
85 $query .= "AND Principals.Disabled = 0 "
86 . "AND CachedGroupMembers.Disabled = 0 "
88 # We always grant rights to Groups
89 . "AND Principals.id = Groups.id "
90 . "AND Principals.PrincipalType = 'Group' "
92 # See if the principal is a member of the group recursively or _is the rightholder_
93 # never find recursively disabled group members
94 # also, check to see if the right is being granted _directly_ to this principal,
95 # as is the case when we want to look up group rights
96 . "AND Principals.id = CachedGroupMembers.GroupId "
97 . "AND CachedGroupMembers.MemberId = ". $self->Id ." "
98 . "AND ACL.PrincipalType = Groups.Type ";
100 my (@object_clauses);
101 foreach my $obj ( @{ $args{'EquivObjects'} } ) {
102 my $type = ref($obj)? ref($obj): $obj;
104 $id = $obj->id if ref($obj) && UNIVERSAL::can($obj, 'id') && $obj->id;
106 my $object_clause = "ACL.ObjectType = '$type'";
107 $object_clause .= " AND ACL.ObjectId = $id" if $id;
108 push @object_clauses, "($object_clause)";
110 # find ACLs that are related to our objects only
111 $query .= " AND (". join( ' OR ', @object_clauses ) .")";
113 # because of mysql bug in versions up to 5.0.45 we do one query per object
114 # each query should be faster on any DB as it uses indexes more effective
115 foreach my $obj ( @{ $args{'EquivObjects'} } ) {
116 my $type = ref($obj)? ref($obj): $obj;
118 $id = $obj->id if ref($obj) && UNIVERSAL::can($obj, 'id') && $obj->id;
121 $tmp .= " AND Groups.Domain = '$type-Role'";
122 # XXX: Groups.Instance is VARCHAR in DB, we should quote value
123 # if we want mysql 4.0 use indexes here. we MUST convert that
124 # field to integer and drop this quotes.
125 $tmp .= " AND Groups.Instance = '$id'" if $id;
127 $self->_Handle->ApplyLimits( \$tmp, 1 );
128 my ($hit) = $self->_Handle->FetchResult( $tmp );