Open Journal Systems  3.3.0
RoleDAO.inc.php
1 <?php
2 
16 import('lib.pkp.classes.security.Role');
17 import('lib.pkp.classes.security.UserGroupAssignment');
18 
19 class RoleDAO extends DAO {
21  var $userDao;
22 
26  function __construct() {
27  parent::__construct();
28  $this->userDao = DAORegistry::getDAO('UserDAO');
29  }
30 
35  function newDataObject() {
36  return new Role();
37  }
38 
49  function getUsersByRoleId($roleId = null, $contextId = null, $searchType = null, $search = null, $searchMatch = null, $dbResultRange = null) {
50  $paramArray = array(ASSOC_TYPE_USER, 'interest', IDENTITY_SETTING_GIVENNAME, IDENTITY_SETTING_FAMILYNAME);
51  $paramArray = array_merge($paramArray, $this->userDao->getFetchParameters());
52  if (isset($roleId)) $paramArray[] = (int) $roleId;
53  if (isset($contextId)) $paramArray[] = (int) $contextId;
54  // For security / resource usage reasons, a role or context ID
55  // must be specified. Don't allow calls supplying neither.
56  if ($contextId === null && $roleId === null) return null;
57 
58  $searchSql = '';
59 
60  $searchTypeMap = array(
61  IDENTITY_SETTING_GIVENNAME => 'usgs.setting_value',
62  IDENTITY_SETTING_FAMILYNAME => 'usfs.setting_value',
63  USER_FIELD_USERNAME => 'u.username',
64  USER_FIELD_EMAIL => 'u.email',
65  USER_FIELD_INTERESTS => 'cves.setting_value'
66  );
67 
68  if (!empty($search) && isset($searchTypeMap[$searchType])) {
69  $fieldName = $searchTypeMap[$searchType];
70  switch ($searchMatch) {
71  case 'is':
72  $searchSql = "AND LOWER($fieldName) = LOWER(?)";
73  $paramArray[] = $search;
74  break;
75  case 'contains':
76  $searchSql = "AND LOWER($fieldName) LIKE LOWER(?)";
77  $paramArray[] = '%' . $search . '%';
78  break;
79  case 'startsWith':
80  $searchSql = "AND LOWER($fieldName) LIKE LOWER(?)";
81  $paramArray[] = $search . '%';
82  break;
83  }
84  } elseif (!empty($search)) switch ($searchType) {
85  case USER_FIELD_USERID:
86  $searchSql = 'AND u.user_id=?';
87  $paramArray[] = $search;
88  break;
89  }
90 
91  $searchSql .= ' ' . $this->userDao->getOrderBy(); // FIXME Add "sort field" parameter?
92 
93  $result = $this->retrieveRange(
94  'SELECT DISTINCT u.*,
95  ' . $this->userDao->getFetchColumns() . '
96  FROM users AS u
97  LEFT JOIN user_user_groups uug ON (uug.user_id = u.user_id)
98  LEFT JOIN user_groups ug ON (ug.user_group_id = uug.user_group_id)
99  LEFT JOIN controlled_vocabs cv ON (cv.assoc_type = ? AND cv.assoc_id = u.user_id AND cv.symbolic = ?)
100  LEFT JOIN user_settings usgs ON (usgs.user_id = u.user_id AND usgs.setting_name = ?)
101  LEFT JOIN user_settings usfs ON (usfs.user_id = u.user_id AND usfs.setting_name = ?)
102  LEFT JOIN controlled_vocab_entries cve ON (cve.controlled_vocab_id = cv.controlled_vocab_id)
103  LEFT JOIN controlled_vocab_entry_settings cves ON (cves.controlled_vocab_entry_id = cve.controlled_vocab_entry_id)
104  ' . $this->userDao->getFetchJoins() . '
105  WHERE 1=1' . (isset($roleId) ? ' AND ug.role_id = ?' : '') . (isset($contextId) ? ' AND ug.context_id = ?' : '') . ' ' . $searchSql,
106  $paramArray,
107  $dbResultRange
108  );
109 
110  return new DAOResultFactory($result, $this->userDao, '_returnUserFromRowWithData');
111  }
112 
120  function userHasRole($contextId, $userId, $roleId) {
121  $roleId = is_array($roleId) ? join(',', array_map('intval', $roleId)) : (int) $roleId;
122  $result = $this->retrieve(
123  'SELECT count(*) FROM user_groups ug JOIN user_user_groups uug ON ug.user_group_id = uug.user_group_id
124  WHERE ug.context_id = ? AND uug.user_id = ? AND ug.role_id IN (' . $roleId . ')',
125  array((int) $contextId, (int) $userId)
126  );
127 
128  // > 0 because user could belong to more than one user group with this role
129  $returner = isset($result->fields[0]) && $result->fields[0] > 0 ? true : false;
130 
131  $result->Close();
132  return $returner;
133  }
134 
141  function getByUserId($userId, $contextId = null) {
142  $params = array((int) $userId);
143  if ($contextId !== null) $params[] = (int) $contextId;
144  $result = $this->retrieve(
145  'SELECT DISTINCT ug.role_id
146  FROM user_groups ug
147  JOIN user_user_groups uug ON ug.user_group_id = uug.user_group_id
148  WHERE uug.user_id = ?' . ($contextId !== null ? ' AND ug.context_id = ?' : ''),
149  $params
150  );
151 
152  $roles = array();
153  while ( !$result->EOF ) {
154  $role = $this->newDataObject();
155  $role->setRoleId($result->fields[0]);
156  $roles[] = $role;
157  $result->MoveNext();
158  }
159  $result->Close();
160  return $roles;
161  }
162 
169  function getByUserIdGroupedByContext($userId) {
170  $userGroupDao = DAORegistry::getDAO('UserGroupDAO'); /* @var $userGroupDao UserGroupDAO */
171  $roleDao = DAORegistry::getDAO('RoleDAO'); /* @var $roleDao RoleDAO */
172  $userGroupsFactory = $userGroupDao->getByUserId($userId);
173 
174  $roles = array();
175  while ($userGroup = $userGroupsFactory->next()) {
176  $role = $roleDao->newDataObject();
177  $role->setRoleId($userGroup->getRoleId());
178  $roles[$userGroup->getContextId()][$userGroup->getRoleId()] = $role;
179  }
180 
181  return $roles;
182  }
183 
190  function getForbiddenStages($roleId = null) {
191  $forbiddenStages = array(
192  ROLE_ID_MANAGER => array(
193  // Journal managers should always have all stage selections locked by default.
194  WORKFLOW_STAGE_ID_SUBMISSION, WORKFLOW_STAGE_ID_INTERNAL_REVIEW, WORKFLOW_STAGE_ID_EXTERNAL_REVIEW, WORKFLOW_STAGE_ID_EDITING, WORKFLOW_STAGE_ID_PRODUCTION,
195  ),
196  ROLE_ID_REVIEWER => array(
197  // Reviewer user groups should only have review stage assignments.
198  WORKFLOW_STAGE_ID_SUBMISSION, WORKFLOW_STAGE_ID_EDITING, WORKFLOW_STAGE_ID_PRODUCTION,
199  ),
200  ROLE_ID_READER => array(
201  // Reader user groups should have no stage assignments.
202  WORKFLOW_STAGE_ID_SUBMISSION, WORKFLOW_STAGE_ID_INTERNAL_REVIEW, WORKFLOW_STAGE_ID_EXTERNAL_REVIEW, WORKFLOW_STAGE_ID_EDITING, WORKFLOW_STAGE_ID_PRODUCTION,
203  ),
204  );
205 
206  if ($roleId) {
207  if (isset($forbiddenStages[$roleId])) {
208  return $forbiddenStages[$roleId];
209  } else {
210  return array();
211  }
212  } else {
213  return $forbiddenStages;
214  }
215  }
216 
221  function getAlwaysActiveStages() {
222  $alwaysActiveStages = array(ROLE_ID_MANAGER);
223  return $alwaysActiveStages;
224  }
225 }
226 
227 
DAOResultFactory
Wrapper around ADORecordSet providing "factory" features for generating objects from DAOs.
Definition: DAOResultFactory.inc.php:21
RoleDAO\newDataObject
newDataObject()
Definition: RoleDAO.inc.php:38
DAO\retrieveRange
& retrieveRange($sql, $params=false, $dbResultRange=null, $callHooks=true)
Definition: DAO.inc.php:176
DAORegistry\getDAO
static & getDAO($name, $dbconn=null)
Definition: DAORegistry.inc.php:57
RoleDAO\__construct
__construct()
Definition: RoleDAO.inc.php:29
DAO\retrieve
& retrieve($sql, $params=false, $callHooks=true)
Definition: DAO.inc.php:85
RoleDAO\getByUserId
getByUserId($userId, $contextId=null)
Definition: RoleDAO.inc.php:144
RoleDAO\getForbiddenStages
getForbiddenStages($roleId=null)
Definition: RoleDAO.inc.php:193
RoleDAO\$userDao
$userDao
Definition: RoleDAO.inc.php:24
RoleDAO\getAlwaysActiveStages
getAlwaysActiveStages()
Definition: RoleDAO.inc.php:224
RoleDAO\getByUserIdGroupedByContext
getByUserIdGroupedByContext($userId)
Definition: RoleDAO.inc.php:172
RoleDAO\getUsersByRoleId
getUsersByRoleId($roleId=null, $contextId=null, $searchType=null, $search=null, $searchMatch=null, $dbResultRange=null)
Definition: RoleDAO.inc.php:52
RoleDAO\userHasRole
userHasRole($contextId, $userId, $roleId)
Definition: RoleDAO.inc.php:123
Role
Describes generic PKP user roles within the system and the associated permissions.
Definition: Role.inc.php:27
DAO
Operations for retrieving and modifying objects from a database.
Definition: DAO.inc.php:31
RoleDAO
Operations for retrieving and modifying Role objects.
Definition: RoleDAO.inc.php:19