Author Topic: CRM/ACL/BAO/ACL.PHP & civicrm_acl_role (Read 1132 times)

witerat · April 07, 2009, 04:31:29 am

I'm looking at the permissionClause method which appears to create a clause that refers to a table or view civicrm_acl_role from the second mapping in $t.
see the second inner join in excerpt below.

I'm left wonder if this method is actually used since I can't find evidence of a such a view or table.

Code: [Select]

        /* Query for permissions granted to all contacts through an ACL group */
        $query[] = "SELECT      {$t['ACL']}.*, 0 as override
                    FROM        {$t['ACL']}
                    
                    INNER JOIN  {$t['ACLEntityRole']}
                            ON  ({$t['ACL']}.entity_table = '{$t['ACLRole']}'
                            AND     {$t['ACL']}.entity_id = 
                                    {$t['ACLEntityRole']}.acl_role_id)
                                    
                    INNER JOIN  {$t['ACLRole']}
                            ON      {$t['ACL']}.entity_id = 
                                    {$t['ACLRole']}.id
                    
                    WHERE       {$t['ACLEntityRole']}.entity_table =
                                    '{$t['Domain']}'
                            AND {$t['ACLRole']}.is_active      = 1
                            AND ($where)";

Donald Lobo · April 07, 2009, 08:13:17 am

we execute that query and store the result in civicrm_acl_cache. Not sure what you mean by "can't find evidence of a such a view or table."

lobo

witerat · April 07, 2009, 01:47:29 pm

the key ACLRole is mapped to 'civicrm_acl_role'. this value is hard coded in the initialization $t. So in the second inner join {$t['ACLRole']} expands to civicrm_acl_role.

My search for evidence of a database entity named civicrm_acl_role included civicrm.mysql and google.

dharmatech · April 08, 2009, 09:37:37 am

The string 'civicrm_acl_role' is inserted into the entity_table column of civicrm_acl in sql/civicrm_generated.mysql, sql/civicrm_sample.mysql and sql/civicrm_acl.mysql. As such one would expect to find a table named civicrm_acl_role but that does not seem to be present. Is there somewhere non-obvious that such a table is created?

-- Walt

Donald Lobo · April 08, 2009, 02:59:45 pm

ok sorry, to clarify: there used to be a table called civicrm_acl_role which was basically a name/value table

in some 1.x release we consolidated all name/value tables into civicrm_option_group / civicrm_option_value and inherited a lot of the names etc

lobo

witerat · April 08, 2009, 09:17:45 pm

Thanks Don,
That explains what I'm seeing but still it suggests CRM_ACL_BAO_ACL::permissionClause(...) is stale or would result table not found(civicrm_acl_role) exceptions. Here's what I'm seeing. Sorry for the length, second lines at either end have the highlights.

Code: [Select]

<?php

/*
 +--------------------------------------------------------------------+
 | CiviCRM version 2.1                                                |
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC (c) 2004-2008                                |
 +--------------------------------------------------------------------+
 | This file is a part of CiviCRM.                                    |
 |                                                                    |
 | CiviCRM is free software; you can copy, modify, and distribute it  |
 | under the terms of the GNU Affero General Public License           |
 | Version 3, 19 November 2007.                                       |
 |                                                                    |
 | CiviCRM is distributed in the hope that it will be useful, but     |
 | WITHOUT ANY WARRANTY; without even the implied warranty of         |
 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
 | See the GNU Affero General Public License for more details.        |
 |                                                                    |
 | You should have received a copy of the GNU Affero General Public   |
 | License along with this program; if not, contact CiviCRM LLC       |
 | at info[AT]civicrm[DOT]org. If you have questions about the        |
 | GNU Affero General Public License or the licensing of CiviCRM,     |
 | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
 +--------------------------------------------------------------------+
*/

/**
 *
 * @package CRM
 * @copyright CiviCRM LLC (c) 2004-2007
 * $Id$
 *
 */

require_once 'CRM/ACL/DAO/ACL.php';

/**
 *  Access Control List
 */
class CRM_ACL_BAO_ACL extends CRM_ACL_DAO_ACL {
    static $_entityTable = null;
    static $_objectTable = null;
    static $_operation   = null;

    static $_fieldKeys   = null
;
    static function entityTable( ) {
        if ( ! self::$_entityTable ) {
            self::$_entityTable = array(
                                        'civicrm_contact'      => ts( 'Contact'       ),
                                        'civicrm_acl_role'    => ts( 'ACL Role'     ), );
        }
        return self::$_entityTable;
    }

    static function objectTable( ) {
        if ( ! self::$_objectTable ) {
            self::$_objectTable = array(
                                        'civicrm_contact'      => ts( 'Contact'       ),
                                        'civicrm_group'        => ts( 'Group'         ),
                                        'civicrm_saved_search' => ts( 'Contact Group' ),
                                        'civicrm_admin'        => ts( 'Administer'    ),
                                        'civicrm_admin'        => ts( 'Import'        ) );
        }
        return self::$_objectTable;
    }

    static function operation( ) {
        if ( ! self::$_operation ) {
            self::$_operation = array(
                                      'View'   => ts( 'View'   ),
                                      'Edit'   => ts( 'Edit'   ),
                                      );
        }
        return self::$_operation;
    }

    /**
     * Construct a WHERE clause to handle permissions to $object_*
     *
     * @param array ref $tables -   Any tables that may be needed in the FROM
     * @param string $operation -   The operation being attempted
     * @param string $object_table -    The table of the object in question
     * @param int $object_id    -   The ID of the object in question
     * @param int $acl_id   -       If it's a grant/revoke operation, the ACL ID
     * @param boolean $acl_role -  For grant operations, this flag determines if we're granting a single acl (false) or an entire group.
     * @return string           -   The WHERE clause, or 0 on failure
     * @access public
     * @static
     */
    public static function permissionClause(&$tables, $operation,
                                            $object_table = null, $object_id = null, 
                                            $acl_id = null, $acl_role = false) 
    {
        $dao =& new CRM_ACL_DAO_ACL;
        
        $t = array(
            'ACL'           => self::getTableName(),
            'ACLRole'      => 'civicrm_acl_role',
            'ACLEntityRole' => CRM_ACL_DAO_EntityRole::getTableName(),

CiviCRM Community Forums (archive)

News:

Author Topic: CRM/ACL/BAO/ACL.PHP & civicrm_acl_role (Read 1132 times)

witerat

CRM/ACL/BAO/ACL.PHP & civicrm_acl_role

Donald Lobo

Re: CRM/ACL/BAO/ACL.PHP & civicrm_acl_role

witerat

Re: CRM/ACL/BAO/ACL.PHP & civicrm_acl_role

dharmatech

Re: CRM/ACL/BAO/ACL.PHP & civicrm_acl_role

Donald Lobo

Re: CRM/ACL/BAO/ACL.PHP & civicrm_acl_role

witerat

Re: CRM/ACL/BAO/ACL.PHP & civicrm_acl_role