updated Auth cache to db

SE/se-lib/Api/WfsData.php

@@ -49,9 +49,9 @@ class Api_WfsData extends ApiRouteBase {// TODO: extends Api_WfsBase which exten
 				if (!$userAcl->canExecuteProcesInit($idFiltrProces)) {
 					throw new Api_WfsException("Access Denied for given process");
 				}
-				$userAcl->fetchProcesPerms($idFiltrProces, true);
+				$userAcl->fetchProcesPerms($idFiltrProces);
 			} else {
-				$userAcl->fetchAllPerms(true);
+				$userAcl->fetchAllPerms();
 			}
 			IF(V::get('DBG','',$_GET)){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">$userAcl (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($userAcl);echo'</pre>';}
 

SE/se-lib/Api/WfsServerBase.php

@@ -1295,6 +1295,7 @@ if($DBG){echo 'L.' . __LINE__ . ' $validateConvertedTransactionXsdString:';print
 					[ 'xsd:element', ['name'=>"create_date", 'type'=>"xsd:dateTime"], null ],
 					[ 'xsd:element', ['name'=>"update_author", 'type'=>"xsd:string"], null ],
 					[ 'xsd:element', ['name'=>"updage_date", 'type'=>"xsd:dateTime"], null ],
+					[ 'xsd:element', ['name'=>"verified", 'type'=>"xsd:integer"], null ],
 				] ]
 			] ]
 		]);

SE/se-lib/ApiUser.php

@@ -17,22 +17,19 @@ class ApiUser {
 		else {
 			$login = V::get('PHP_AUTH_USER', '', $_SERVER);
 			$pass = V::get('PHP_AUTH_PW', '', $_SERVER);
+			if (!$login) $this->exitUnauthorized();
 			DBG::simpleLog('auth', "ApiUser::auth - try to log user '{$login}'");
-
-			if (!$login) {
-				$this->exitUnauthorized();
-			}
-
 			try {
 				$ldap = LDAP::getInstance();
 				if ($ldap != null && $ldap->isConnected()) {
-					DBG::simpleLog('auth', "ApiUser::auth - try log in by LDAP '{$login}'");
+					DBG::simpleLog('auth', "ApiUser::auth - try login by LDAP '{$login}'");
 					$this->_user = User::loginByLDAP($login, $pass);
 				} else {
-					DBG::simpleLog('auth', "ApiUser::auth - try log in by DB '{$login}'");
+					DBG::simpleLog('auth', "ApiUser::auth - try login by DB '{$login}'");
 					$this->_user = User::loginByDB($login, $pass);
 				}
 			} catch (Exception $e) {
+				DBG::simpleLog('auth', "ApiUser::auth - failed login '{$login}'");
 				$this->exitUnauthorized();
 			}
 

SE/se-lib/UserAcl.php

@@ -150,10 +150,18 @@ class UserAcl {
 		$_SESSION['UserAcl_cache'][$key] = $value;
 	}
 
-	public function getUrls() {
-		$urls = $this->_cache_read('foundUrls');
-		if (empty($urls)) $urls = array();
-		return $urls;
+	public function getUrls() {// @require _fetchPerms
+		static $_userUrls = null;
+		if (null !== $_userUrls) return $_userUrls;
+		$_userUrls = [];
+		$filterIdProces = $this->getFilterIdProces();
+		$userUrlAction = SchemaFactory::loadDefaultObject('UserUrlAction');
+		$userUrlAction->setIdUser($this->_user_id);
+		$userUrlAction->setIdProcesFilter($filterIdProces);
+		foreach ($userUrlAction->getItems() as $url) {
+			$_userUrls[ $url['ID_URL'] ] = $url['opis'];
+		}
+		return $_userUrls;
 	}
 
 	public function getObjectAcl($sourceName, $objName) {// TODO: rename $sourceName to $prefix (xml namespace - @see Core_AclHelper)
@@ -219,10 +227,7 @@ class UserAcl {
 	 * @param $type - 'All', $procesID
 	 */
 	private function _fetchPerms($type, $force = false) {
-		$db = DB::getDB();
-
 		$procesID = 0;// if 0 - All, alse perms by procesID
-		$foundUrls = array();
 		$foundTbls = array();
 
 		if ($force) {
@@ -231,6 +236,7 @@ class UserAcl {
 
 		$schemaReader = new SchemaReader();
 		if ($type == 'All') {
+			$procesID = 0;// if 0 - All, alse perms by procesID
 			$schemaReader->getAll();
 		} else if (is_numeric($type) && $type > 0) {
 			$procesID = (int)$type;
@@ -296,56 +302,63 @@ class UserAcl {
 
 		$this->setFilterIdProces($procesID);//$this->_cache_save('permsByProcesID', $procesID);
 
-		$sqlIdProcesListSql = $this->getUsedUserProcesIdsSql();
+		$filterIdProces = $this->getFilterIdProces();
 
-		$userAccessForTables = array();
-		$sql = <<<SQL
-		select tpvg.`ID_TABLE`
-			, tpvg.`ID_DATABASE` as `db`
-			, tpvg.`TABLE_NAME` as `name`
-			, tpvg.`TABLE_LABEL` as `label`
-			, tpvg.`TABLE_DESCRIPTION` as `opis`
-		from `CRM_PROCES_idx_TABLE_TO_PROCES_GROUPED_VIEW` as tpvg
-		where tpvg.`ID_PROCES` in({$sqlIdProcesListSql})
-		group by tpvg.`ID_TABLE`
-SQL;
-		//echo'<pre>$userAccessForTables - $sql ';print_r($sql);echo'</pre>';
-		$db = DB::getDB();
-		$res = $db->query($sql);
-		while ($h = $db->fetch_assoc($res)) {
-			$userAccessForTables[$h['ID_TABLE']] = $h;
+		$userConfigStorage = SchemaFactory::loadDefaultObject('UserConfig');// TODO:? UserSession
+		$userConfigStorage->setIdUser($this->_user_id);
+		$userConfigStorage->setIdProcesFilter($filterIdProces);
+		$userConf = $userConfigStorage->getItem(1);// TODO:? session_id() or 'api'
+		DBG::simpleLog('auth', "UserAcl::fetchPerms UserConf: " . str_replace('"', '', json_encode($userConf)));
+		// 'lastLogin' => [ '@type' => 'xsd:dateTime', '@confKey' => 'auth_user_{ID_USER}' ],// TODO: store last login time
+		// 'lastAuthCacheUpdate' => [ '@type' => 'xsd:dateTime', '@confKey' => 'acl_user_{ID_USER}_cache_update' ],
+
+		$userObject = SchemaFactory::loadDefaultObject('UserObject');
+		$userObject->setIdUser($this->_user_id);
+		$userObject->setIdProcesFilter($filterIdProces);
+
+		$userUrlAction = SchemaFactory::loadDefaultObject('UserUrlAction');
+		$userUrlAction->setIdUser($this->_user_id);
+		$userUrlAction->setIdProcesFilter($filterIdProces);
+
+		// DB cache
+		// TODO: session garbage collector. CRM_CONFIG: last_proces_update, user_last_req_date, last_user_acl_cache_update
+		$lastProcesIndexer = DB::getPDO()->fetchValue(" select CONF_VAL from CRM_CONFIG where CONF_KEY = 'tbl_indexer_CRM_PROCES_last_exec_end' ");
+		DBG::simpleLog('auth', "UserAcl::fetchPerms lastProcesIndexer: '{$lastProcesIndexer}'");
+		if ($userConf['lastAuthCacheUpdate'] > $lastProcesIndexer) {
+			DBG::simpleLog('auth', "UserAcl::fetchPerms skip update cache");
+		} else {
+			DBG::simpleLog('auth', "UserAcl::fetchPerms update cache");
+			$userObject->updateCacheFeatures();
+			$userUrlAction->updateCacheFeatures();
+			$userConfigStorage->updateItem([
+				'ID_USER' => $this->_user_id,
+				'ID_PROCES' => $filterIdProces,
+				'lastAuthCacheUpdate' => 'NOW()'
+			]);
 		}
+
+		$userAccessForTables = $userObject->getItems();
+		DBG::simpleLog('auth', "UserAcl::fetchPerms fetched " . count($userAccessForTables) . " tables");
 		DBG::_('DBG_SCH', '1', "userAccessForTables", $userAccessForTables, __CLASS__, __FUNCTION__, __LINE__ );
-		foreach ($userAccessForTables as $idTable => $tableConfig) {
+		foreach ($userAccessForTables as $tableConfig) {
+			unset($tableConfig['ID']);
+			$idTable = $tableConfig['ID_TABLE'];
 			if (!array_key_exists($idTable, $foundTbls)) {
 				$foundTbls[$idTable] = $tableConfig;
 			}
 		}
 
-		$userAccessForUrls = array();
-		$sql = <<<SQL
-		select upvg.`ID_URL`
-			, upvg.`URL_LINK` as `link`
-			, upvg.`URL_LABEL` as `label`
-			, upvg.`URL_DESC` as `opis`
-		from `CRM_PROCES_idx_URL_TO_PROCES_VIEW` as upvg
-		where upvg.`ID_PROCES` in({$sqlIdProcesListSql})
-		group by upvg.`ID_URL`
-SQL;
-		//echo'<pre>$userAccessForUrls - $sql ';print_r($sql);echo'</pre>';
-		$db = DB::getDB();
-		$res = $db->query($sql);
-		while ($h = $db->fetch_assoc($res)) {
-			$userAccessForUrls[$h['ID_URL']] = $h;
-		}
-		//echo'<pre>$userAccessForUrls ';print_r($userAccessForUrls);echo'</pre>';
-		DBG::_('DBG_SCH', '2', "userAccessForUrls", $userAccessForUrls, __CLASS__, __FUNCTION__, __LINE__ );
-		foreach ($userAccessForUrls as $idUrl => $vUrlConfig) {
-			$foundUrls[$idUrl] = $vUrlConfig['opis'];
-		}
-
-		$this->_cache_save('foundUrls', $foundUrls);
 		$this->_cache_save('foundTables', $foundTbls);
+
+		// use cache for UserUrlAction turned OFF @see getUrls()
+		// $userAccessForUrls = $userUrlAction->getItems();
+		// DBG::logAuth($userAccessForUrls, "_fetchPerms \$userAccessForUrls");
+		// DBG::_('DBG_SCH', '2', "userAccessForUrls", $userAccessForUrls, __CLASS__, __FUNCTION__, __LINE__ );
+		// $foundUrls = array();
+		// foreach ($userAccessForUrls as $vUrlConfig) {
+		// 	$foundUrls[$vUrlConfig['ID_URL']] = $vUrlConfig['opis'];
+		// }
+		// $this->_cache_save('foundUrls', $foundUrls);
 	}
 
 	public function setFilterIdProces($procesID) {
@@ -396,7 +409,7 @@ SQL;
 	}
 
 	public function getUsedUserGroupIds() {
-		$idUserGroupList = User::getGroupsIds();
+		$idUserGroupList = User::getGroupsIds();// TODO:? $this->_user_id
 		// TODO: acl filtr by group ids
 		return $idUserGroupList;
 	}
@@ -404,26 +417,24 @@ SQL;
 	public function getUsedUserProcesIdsSql() {
 		$filterIdProces = $this->getFilterIdProces();
 		if ($filterIdProces > 0) {
-			return <<<SQL
+			return "
 				select i.`ID_PROCES`
 					from `CRM_PROCES_idx` i
 					where i.`idx_MAIN_PROCES_INIT_ID`='{$filterIdProces}'
-SQL;
+			";
 		}
 
 		$idUserGroupList = $this->getUsedUserGroupIds();
 		$sqlIdUserGroupList = implode(",", $idUserGroupList);
-		return <<<SQL
+		return "
 			select gi.`ID_PROCES`
 				from `CRM_PROCES_idx_GROUP_to_PROCES` gi
 				where gi.`ID_GROUP` in({$sqlIdUserGroupList})
-SQL;
+		";
 	}
 
 	public function getProcesMaxUpdateDate($idProcesInit) {
-		$maxUpdateDate = null;
-		$db = DB::getDB();
-		$sql = <<<SQL
+		return DB::getPDO()->fetchValue("
 			select max(p.`A_RECORD_UPDATE_DATE`) as max_update_date
 			from `CRM_PROCES` as p
 			where p.`ID` in(
@@ -431,12 +442,7 @@ SQL;
 					from `CRM_PROCES_idx` i
 					where i.`idx_PROCES_INIT_ID`='{$idProcesInit}'
 			)
-SQL;
-		$res = $db->query($sql);
-		if ($r = $db->fetch($res)) {
-			$maxUpdateDate = $r->max_update_date;
-		}
-		return $maxUpdateDate;
+		");
 	}
 
 	/**