System user, basically encapsulates a MidgardPerson.

It does not provide a way to manipulate accounts, instead, this is an abstraction used in the ACL system.

You must not create these objects directly. Instead, use the factory method midcom::get('auth')->get_user($id), where $id is any valid constructor argument for a midcom_db_person.

package midcom

 Methods

__construct (mixed $id)

The constructor retrieves the user identified by its name from the database and prepares the object for operation.

The class relies on the Midgard Framework to ensure the uniqueness of a user.

The class is only intended to operate with users and groups, and should not be used in normal operations regarding persons.

Parameters

$id

mixedThis is either a Midgard Person ID or GUID, a midcom_user ID or an already instantiated midgard_person.

delete ()

Deletes the current user account and the person record.

Returns

booleanIndicating success.

get_first_group_guid ()

Small helper to get the GUID of the user's first group.

This is used mainly to populate the owner field during DBa object create calls

Returns

mixedGUID of the first group found or false

get_per_class_privileges (object $object)

Returns the specific per class global privilege set assigned to this user, taking all parent groups into account.

If the class specified is unknown, an empty array is returned.

Parameters

$object

object&$object The object for which we should look up privileges for. This is passed by-reference.

Returns

ArrayArray keys are the privilege names, the values are the Privilege states (ALLOW/DENY).

get_privileges ()

Returns the complete privilege set assigned to this user, taking all parent groups into account.

Returns

ArrayArray keys are the privilege names, the values are the Privilege states (ALLOW/DENY).

get_storage ()

This function will return a MidCOM DBA level storage object for the current user.

Be aware that depending on ACL information, the retrieval of the user may fail.

Returns

\midcom_db_personThe user which is associated with this record or false if the object cannot be accessed.

is_in_group (mixed $group)

Checks whether a user is a member of the given group.

The group argument may be one of the following (checked in this order of precedence):

  1. A valid group object (subclass of midcom_core_group)
  2. A group string identifier, matching the regex ^group:
  3. A valid midcom group name

Parameters

$group

mixedGroup to check against, this can be either a midcom_core_group object or a group string identifier.

Returns

booleanIndicating membership state.

is_online ()

This is a shortcut for the method midcom_services_auth_sessionmgr::is_user_online().

The documentation at that function takes priority over the copy here.

Checks the online state of the user. You require the privilege midcom:isonline for the storage object you are going to check. The privilege is not granted by default, to allow users full control over their privacy.

'unknown' is returned in cases where you have insufficient permissions.

see \midcom_services_auth_sessionmgr::is_user_online()

Returns

stringOne of 'online', 'offline' or 'unknown', indicating the current online state.

list_all_memberships ()

Retrieves a list of groups for which this user is a member, both directly and indirectly.

There is no hierarchy in the resultset, it is just a plain listing.

Returns

ArrayA list of midcom_core_group objects in which the current user is a member, or false on failure.

list_memberships ()

Retrieves a list of groups for which this user is an immediate member.

Returns

ArrayA list of midcom_core_group objects in which the current user is a member, or false on failure.

_load (mixed $id)

Helper function that will look up a user in the Midgard Database and assign the object to the $storage member.

Parameters

$id

mixedThis is either a Midgard Person ID or GUID, a midcom_user ID or an already instantiated midgard_person.

Returns

booleanIndicating success.

_load_all_groups ()

Loads the complete group hierarchy the user is a member in.

_load_direct_groups ()

Loads all groups the user is a direct member and assigns them to the _direct_groups member.

_load_from_string ($id, $person_class)

Parameters

$id

$person_class

_load_privileges ()

Load the privileges from the database.

This uses the inheritance chains loaded by _load_all_groups().

_merge_privileges (array $privileges)

Merge privileges helper.

It loads the privileges of the given object and loads all "SELF" assignee privileges into the class.

Parameters

$privileges

arrayA list of privilege records, see mRFC 15 for details.

 Properties

 

string $guid

The GUID identifying this user, made directly available for easier linking.
 

string $id

The identification string used to internally identify the user uniquely in the system.

This is usually some kind of user:$guid string combination.

 

string $name

The full name of the current user.

Built from the first and last name of the user record, falling back to the username if both are unset. It is to be considered read-only.

 

string $rname

The full reversed name of the current user.

Built from the first and last name of the user record, falling back to the username if both are unset. It is to be considered read-only.

 

integer $scope

The scope value, which must be set during the _load callback, indicates the "depth" of the group in the inheritance tree.

This is used during privilege merging in the content privilege code, which needs a way to determine the proper ordering. All persons currently use the magic value -1.

The variable is considered to be read-only.

 

string $username

Username of the current user, it is to be considered read-only.
 

\midgard_person $_storage

The storage object on which we are based.

This is no MidCOM DBA layer object since it must not do any Access Control for the internal system to work. The instance may not be accessed from the outside.

Access to this member is restricted to the ACL user/group core. In case you need a real Storage object for this group, call get_storage() instead.

 

Array $_all_groups

Lists all groups in which a user is a member, both directly and indirectly.

There is no hierarchy, just a plain listing of midcom_core_group objects. It is to be considered read-only.

The array is indexed by the group identifiers, which are used to perform in_group checks.

It is loaded on demand.

 

Array $_direct_groups

Lists all groups in which a user is an immediate member.

It is to be considered read-only.

The array is indexed by the group identifiers, which are used to perform in_group checks.

It is loaded on demand.

 

array $_inheritance_chains

This array lists all groups the user is a member in ordered by their inheritance chain.

The first element in the array is always the top-level group, while the last one is always a member of $_direct_groups. This is therefore a multilevel array and is indexed by the direct group id's (midcom_core_group id's, not Midgard IDs!) of the direct groups. The values are group identifiers as well, which can be resolved by either get_group or using the all_groups listing.

This member is populated with $_all_groups.

 

Array $_per_class_privileges

List of all privileges assigned to that user based on the class he is accessing.

It is to be considered read-only.

This is a multi level array. It holds regular privilege name/state arrays indexed by the name of the class (or subtype thereof) for which they should apply.

It is loaded on demand.

 

Array $_privileges

List of all privileges assigned to that user.

It is to be considered read-only.

Array keys are the privilege names, the values are the Privilege states (ALLOW/DENY).

It is loaded on demand.