Is there a better way to accomplish the following?
/**
* Performs an access check given a user.
*
* @param Cas_Acl_Sid $user The user or SID being checked.
* @param Cas_Acl_Privilege $privilege The privilege to check.
* @return int|null 1 if user access allowed, 2 if group access allowed, false if access is denied, null if access cannot be determined.
*/
public function accessCheck(Cas_Acl_Sid $user, Cas_Acl_Privilege $privilege)
{
$db = Zend_Db_Table_Abstract::getDefaultAdapter();
$usersQuery = $db->select()->from('AccessControlEntries', array('Allowed', new Zend_Db_Expr('1 AS Type')))
->where('Acl = ?', $this->_id)
->where('Sid = ?', $user->GetGuid())
->where('Privilege = ?', $privilege->GetId());
$groupsQuery = $db->select()->from('AccessControlEntries', array('Allowed', new Zend_Db_Expr('2 AS Type')))
->join('GroupMembers', $db->quoteIdentifier(array('GroupMembers', 'Group')) . ' = ' .
$db->quoteIdentifier(array('AccessControlEntries', 'Sid')), array())
->where('Acl = ?', $this->_id)
->where($db->quoteIdentifier(array('GroupMembers', 'User')) . ' = ?', $user->GetGuid())
->where('Privilege = ?', $privilege->GetId());
$query = $db->select()
->union(array($usersQuery, $groupsQuery), Zend_Db_Select::SQL_UNION_ALL)
->order('Type')
->order('Allowed')
->limit(1);
$dbResult = $db->fetchAll($query);
if (!count($dbResult))
{
return null;
}
else {
if ($dbResult[0]['Allowed'])
{
return (int)$dbResult[0]['Type'];
}
else
{
return false;
}
}
}
