fixed AntAcl perms by Read/Write group and Owner

SE/se-lib/AclQueryFeatures.php

@@ -270,17 +270,17 @@ class AclQueryFeatures {
 	public function parseSpecialFilterAccess() {
 		$userLogin = User::getLogin();
 		$usrAclGroups = User::getLdapGroupsNames();
-		DBG::log(['login'=>$userLogin, 'groups'=>$usrAclGroups, 'hasFieldWrite'=>$this->_acl->hasField('A_ADM_COMPANY'), 'hasFieldRead'=>$this->_acl->hasField('A_CLASSIFIED'), 'acl'=>$this->_acl], 'array', "parse SpecialFilter Access");
+		DBG::log(['ns'=>$this->_acl->getNamespace(), 'login'=>$userLogin, 'hasWriteField'=>$this->_acl->hasWriteGroupField(), 'hasReadField'=>$this->_acl->hasReadGroupField(), 'hasOwnerField'=>$this->_acl->hasOwnerField(), 'groups'=>$usrAclGroups], 'array', "parse SpecialFilter Access");
 		$orWhere = [];
-		if ($this->_acl->hasField('A_ADM_COMPANY')) {
+		if ($this->_acl->hasWriteGroupField()) {
 			$orWhere[] = ['A_ADM_COMPANY', '=', ''];// TODO: allow empty for everyone?
 			foreach ($usrAclGroups as $group) $orWhere[] = ['A_ADM_COMPANY', '=', $group];
 		}
-		if ($this->_acl->hasField('A_CLASSIFIED')) {
+		if ($this->_acl->hasReadGroupField()) {
 			$orWhere[] = ['A_CLASSIFIED', '=', ''];// TODO: allow empty for everyone?
 			foreach ($usrAclGroups as $group) $orWhere[] = ['A_CLASSIFIED', '=', $group];
 		}
-		if (!empty($orWhere) && $this->_acl->hasField('L_APPOITMENT_USER')) {
+		if (!empty($orWhere) && $this->_acl->hasOwnerField()) {
 			$orWhere[] = ['L_APPOITMENT_USER', '=', $userLogin];
 		}
 		return (!empty($orWhere)) ? [null, 'or', $orWhere] : null;

SE/se-lib/AntAclBase.php

@@ -17,6 +17,9 @@ class AntAclBase extends Core_AclBase {
 		$this->_rootNamespace = '';
 		$this->_primaryKey = '';
 		$this->_fields = [];
+		$this->_hasWriteGroupField = false; // TODO: from cache
+		$this->_hasReadGroupField = false; // TODO: from cache
+		$this->_hasOwnerField = false; // TODO: from cache
 		$this->_xsdRestrictions = [];
 		$this->_zasobyInfoFetched = false;
 	}
@@ -602,6 +605,9 @@ class AntAclBase extends Core_AclBase {
 		$acl->_rootNamespace = str_replace('__x3A__', '/', $conf['nsPrefix']);
 		$acl->_fields = $conf['field']; // TODO: lazyLoading - use getFields() in all functions - TODO: use ACL::getObjectFields
 		$acl->_primaryKey = (!empty($conf['primaryKey'])) ? $conf['primaryKey'] : 'ID'; // $conf['primaryKey'];
+		$acl->_hasWriteGroupField = $conf['hasWriteGroupField'];
+		$acl->_hasReadGroupField = $conf['hasReadGroupField'];
+		$acl->_hasOwnerField = $conf['hasOwnerField'];
 
 		$_cache[$idZasob] = $acl;
 		return $_cache[$idZasob];
@@ -766,4 +772,8 @@ class AntAclBase extends Core_AclBase {
 		}
 	}
 
+	public function hasWriteGroupField() { return $this->_hasWriteGroupField; }
+	public function hasReadGroupField() { return $this->_hasReadGroupField; }
+	public function hasOwnerField() { return $this->_hasOwnerField; }
+
 }

SE/se-lib/Core/AclBase.php

@@ -38,6 +38,20 @@ class Core_AclBase {
     }
     return false;
   }
+  // TODO: has remote Access object - query by ref tables
+  public function hasWriteGroupField() { // @return boolean
+    // 'A_ADM_COMPANY'
+    return false;
+  }
+  public function hasReadGroupField() { // @return boolean
+    // 'A_CLASSIFIED'
+    return false;
+  }
+  public function hasOwnerField() { // @return boolean
+    // 'L_APPOITMENT_USER'
+    return false;
+  }
+
   public function getFields() {// @returns array - $this->_fields // TODO: mved to getFieldListByIdZasob
     /*
       $field = array();

SE/se-lib/TableAcl.php

@@ -2042,4 +2042,8 @@ class TableAcl extends Core_AclBase {
 		return array_key_exists($fieldName, $this->_types);
   }
 
+	public function hasWriteGroupField() { return $this->hasField('A_ADM_COMPANY'); }
+	public function hasReadGroupField() { return $this->hasField('A_CLASSIFIED'); }
+	public function hasOwnerField() { return $this->hasField('L_APPOITMENT_USER'); }
+
 }