added support for xlink in TableAjax

SE/se-lib/Core/AclBase.php

@@ -2,6 +2,7 @@
 
 Lib::loadClass('Api_WfsNs');
 Lib::loadClass('Api_WfsException');
+Lib::loadClass('User');
 
 // TODO: replace every methods using $idZasob to use $fieldName
 /* TODO: fetch ACL from acl tables:
@@ -35,14 +36,14 @@ class Core_AclBase {
   }
   public function getFieldLabel($fieldName) {
     foreach ($this->getFields() as $field) {
-      if ($fieldName != $field['name']) continue;
+      if ($fieldName != V::get('name', '', $field)) continue;
       return V::get('label', $fieldName, $field);
     }
     return $fieldName;
 	}
   public function getFieldOpis($fieldName) {
     foreach ($this->getFields() as $field) {
-      if ($fieldName != $field['name']) continue;
+      if ($fieldName != V::get('name', '', $field)) continue;
       return V::get('opis', $fieldName, $field);
     }
     return $fieldName;
@@ -74,11 +75,116 @@ class Core_AclBase {
   public function canReadObjectField($fieldName, $record) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
   public function canWriteField($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
   public function canWriteObjectField($fieldName, $record) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
+  public function canWriteRecord($record) {// TODO: AclHelper?
+		$record = (array)$record;
+		$dbgArr = array();
+		$dbgArr['record_owner'] = (isset($record['L_APPOITMENT_USER']))? $record['L_APPOITMENT_USER'] : '';
+		$dbgArr['record_write'] = (isset($record['A_ADM_COMPANY']))? $record['A_ADM_COMPANY'] : '';
+		$dbgArr['record_read'] = (isset($record['A_CLASSIFIED']))? $record['A_CLASSIFIED'] : '';
+		$dbgArr['user_groups'] = User::getLdapGroupsNames();
+		if(V::get('DBG_ACL', '', $_REQUEST) > 2){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">dbgArr (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($dbgArr);echo'</pre>';}
+
+		if ($dbgArr['record_owner'] && $dbgArr['record_owner'] == User::getLogin()) {
+			if(V::get('DBG_ACL', '', $_REQUEST) > 2){echo '<p>true - is record owner</p>';}
+			return true;
+		}
+
+		if ($dbgArr['record_write']) {
+			if (in_array($dbgArr['record_write'], $dbgArr['user_groups'])) {
+				if(V::get('DBG_ACL', '', $_REQUEST) > 2){echo '<p>true - has group write</p>';}
+				return true;
+			}
+		} else {
+			if(V::get('DBG_ACL', '', $_REQUEST) > 2){echo '<p>true - group write not set</p>';}
+			return true;
+		}
+
+		return false;
+	}
+	public function canReadRecord($record) {// TODO: AclHelper?
+		$record = (array)$record;
+		$dbgArr = array();
+		$dbgArr['record_owner'] = (isset($record['L_APPOITMENT_USER']))? $record['L_APPOITMENT_USER'] : '';
+		$dbgArr['record_write'] = (isset($record['A_ADM_COMPANY']))? $record['A_ADM_COMPANY'] : '';
+		$dbgArr['record_read'] = (isset($record['A_CLASSIFIED']))? $record['A_CLASSIFIED'] : '';
+		$dbgArr['user_groups'] = User::getLdapGroupsNames();
+		if(V::get('DBG_ACL', '', $_REQUEST) > 2){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">record('.$record['ID'].') (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($dbgArr);echo'</pre>';}
+
+		if ($dbgArr['record_owner'] && $dbgArr['record_owner'] == User::getLogin()) {
+			if(V::get('DBG_ACL', '', $_REQUEST) > 2){echo '<p>true - is record owner</p>';}
+			return true;
+		}
+
+		if ($dbgArr['record_read']) {
+			if (in_array($dbgArr['record_read'], $dbgArr['user_groups'])) {
+				if(V::get('DBG_ACL', '', $_REQUEST) > 2){echo '<p>true - has group read</p>';}
+				return true;
+			}
+		} else {
+			if(V::get('DBG_ACL', '', $_REQUEST) > 2){echo '<p>true - group read not set</p>';}
+			return true;
+		}
+
+		return false;
+	}
+
+  public function showFormItem($taskPerm, $fieldID, $fName, $fValue, $params = array(), $record = null) {
+    $fields = $this->getFields();
+    $fieldName = null;
+    if (!empty($fields[$fieldID]) && !empty($fields[$fieldID]['name'])) $fieldName = $fields[$fieldID]['name'];
+    if (!$fieldName || !$this->canReadField($fieldName)) {
+      return '<div style="padding-top:7px" title="Brak dostępu do odczytu tego pola">*****</div>';
+    }
+    if ($record && !$this->canReadObjectField($fieldName, $record)) {
+      return '<div style="padding-top:7px" title="Brak dostępu do odczytu tego pola">*****</div>';
+    }
+    // echo '<pre style="padding-top:7px">';print_r($fValue);echo'</pre>';// TODO: RMME TEST
+    $out = '<div style="padding-top:7px">';
+    $xsdTypeEx = explode(':', $this->getXsdFieldType($fieldName));
+    if ('ref' == $xsdTypeEx[0] || 'alias_ref' == $xsdTypeEx[0]) {
+      if (!empty($fValue)) {
+        if (is_array($fValue)) {
+          foreach ($fValue as $val) {
+            if (!empty($val['xlink'])) {
+              // p5_objects:AccessOwner.4517
+              $typeNameEx = explode(':', $val['xlink']);
+              $link = Api_WfsNs::getNsUri($xsdTypeEx[1]) . '#' . $typeNameEx[1];
+              if (!preg_match('/^([a-zA-Z0-9_]+)\:([a-zA-Z0-9_]+)\.([0-9]+)$/', $val['xlink'], $matches)) {
+                $out .= "Wrong xlink format <!-- ({$val['xlink']}) -->";
+              } else {
+                // [0] => p5_objects:File.46
+                // [1] => p5_objects
+                // [2] => File
+                // [3] => 46
+                $nsPrefixRemote = $matches[1];
+                $typeRemote = $matches[2];
+                $idRemote = $matches[3];
+                // TODO: validate nsPrefix and type with xsdFieldType
+                $editLink = Request::getPathUri() . 'index.php?_route=ViewTableAjax&namespace=' . $nsPrefixRemote . '/' . $typeRemote . '#EDIT/' . $idRemote;
+                $out .= '<a href="' . $editLink . '">' . $link . '</a><br>';
+              }
+            } else {
+              // TODO: BUG missing xlink
+            }
+          }
+        } else if (is_scalar($fValue)) {
+          $out .= $fValue;
+        } else {
+          $out .= '???';
+        }
+      }
+    } else {
+      $out .= $fValue;
+    }
+    $out .= '</div>';
+    return $out;
+  }
 
   public function getRawLabel($posLimit = 20) { return substr($this->getName(), 0, $posLimit); }
 
   public function getItems($params = array()) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }// TODO: use ParseOgcQuery
   public function getTotal($params = array()) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }// TODO: use ParseOgcQuery
+  public function getItem($primaryKey) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
   public function addItem($todoItem) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
   public function updateItem($itemPatch) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
   public function getGeomFieldType($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }

SE/se-lib/Core/AclHelper.php

@@ -139,16 +139,7 @@ class Core_AclHelper {// Helper class for Acl
 		}
 
 		if ('ADMIN_USERS' == $acl->getName()) {// TODO: mv to table gui xml
-			$isAllowedoReadUserLogin = false;
-			if ($acl->canReadRecord($record)) {
-				$idFieldUserLogin = $acl->getFieldIdByName('ADM_ACCOUNT');
-				if ($idFieldUserLogin) {
-					if ($acl->isAllowed($idFieldUserLogin, 'R', $record)) {
-						$isAllowedoReadUserLogin = true;
-					}
-				}
-			}
-			if ($isAllowedoReadUserLogin) {
+			if ($acl->canReadRecord($record) && $acl->canReadObjectField('ADM_ACCOUNT', $record)) {
 				$rowFunc = new stdClass();
 				$rowFunc->ico = 'glyphicon glyphicon-user';
 				$rowFunc->href = 'index.php?_route=Users&_task=userGroups&usrLogin=' . $record->ADM_ACCOUNT;

SE/se-lib/Route/ViewTableAjax.php

@@ -275,7 +275,7 @@ class Route_ViewTableAjax extends RouteBase {
 
 		$primaryKeyField = $acl->getPrimaryKeyField();
 		$primaryKey = V::get('primaryKey', 0, $args, 'int');
-		if (empty($primaryKey)) throw new HttpException("Wrong param id!", 400);
+		if (empty($primaryKey)) throw new HttpException("Bad Request - missing primaryKey!", 400);
 
 		$item = $acl->getItem($primaryKey);
 		if (!$item) throw new HttpException("Item not exists!", 404);

SE/se-lib/Schema/AccessGroupStorageAcl.php

@@ -32,6 +32,13 @@ class Schema_AccessGroupStorageAcl extends Core_AclBase {// Read only class
   public function canWriteField($fieldName) { return false; }
   public function canWriteObjectField($fieldName, $record) { return false; }
 
+  public function getTotal($params = array()) {
+    return count($this->getItems($params));
+  }
+  public function getItem($primaryKey) {
+    $items = $this->getItems(['primaryKey'=>$primaryKey]);
+    return (!empty($items[$primaryKey])) ? $items[$primaryKey] : null;
+  }
   public function getItems($params = array()) {
     $DBG = V::get('DBG_DS', 0, $_GET, 'int');
     if($DBG>2){echo 'C.'.get_class($this).' L.' . __LINE__ . " getItems \$params:";print_r($params);echo "\n";}
@@ -45,7 +52,7 @@ class Schema_AccessGroupStorageAcl extends Core_AclBase {// Read only class
     foreach ($userLdapGroups as $vLdapGroup) {
       $allowGroup = false;
       if ('workgroup' == $vLdapGroup->cn) {
-        $items[1] = ['id'=>0, 'name'=>$vLdapGroup->name, 'uid'=>$vLdapGroup->cn];
+        $items[1] = ['id'=>'0', 'name'=>$vLdapGroup->name, 'uid'=>$vLdapGroup->cn];
       } else {
         $cnTest = str_replace('-', '_', $vLdapGroup->cn);
         $cnTest = explode('_', $cnTest);

SE/se-lib/Schema/AccessOwnerStorageAcl.php

@@ -30,6 +30,13 @@ class Schema_AccessOwnerStorageAcl extends Core_AclBase {
   public function canWriteField($fieldName) { return false; }
   public function canWriteObjectField($fieldName, $record) { return false; }
 
+  public function getTotal($params = array()) {
+    return count($this->getItems($params));
+  }
+  public function getItem($primaryKey) {
+    $items = $this->getItems(['primaryKey'=>$primaryKey]);
+    return (!empty($items[$primaryKey])) ? $items[$primaryKey] : null;
+  }
   public function getItems($params = array()) {
     $DBG = V::get('DBG_DS', 0, $_GET, 'int');
     if($DBG>2){echo 'C.'.get_class($this).' L.' . __LINE__ . " getItems \$params:";print_r($params);echo "\n";}

SE/se-lib/Schema/FileStorageAcl.php

@@ -141,6 +141,10 @@ class Schema_FileStorageAcl extends Core_AclBase {
     ");
   }
 
+  public function getItem($primaryKey) {
+    $items = $this->getItems(['primaryKey'=>$primaryKey]);
+    return (!empty($items[$primaryKey])) ? $items[$primaryKey] : null;
+  }
   public function getItems($params = array()) {// TODO: use ParseOgcQuery
     $sqlLimit = V::get('limit', 10000, $params);
     $sqlOffset = V::get('limitstart', 0, $params);

SE/se-lib/Schema/TestPermsStorageAcl.php

@@ -87,6 +87,10 @@ class Schema_TestPermsStorageAcl extends Core_AclBase {
     if($DBG>2){echo 'C.'.get_class($this).' L.' . __LINE__ . " getTotal \$params:";print_r($params);echo "\n";}
     return $this->parentAcl->getTotal($params);
   }
+  public function getItem($primaryKey) {
+    $items = $this->getItems(['primaryKey'=>$primaryKey]);
+    return (!empty($items[$primaryKey])) ? $items[$primaryKey] : null;
+  }
   public function getItems($params = array()) {// TODO: use ParseOgcQuery
     $DBG = V::get('DBG_DS', 0, $_GET, 'int');
     if($DBG>2){echo 'C.'.get_class($this).' L.' . __LINE__ . " getItems \$params:";print_r($params);echo "\n";}

SE/se-lib/TableAcl.php

@@ -222,63 +222,6 @@ class TableAcl extends Core_AclBase {
 		return false;
 	}
 
-	/**
-	 *
-	 */
-	public function canWriteRecord($record) {
-		$record = (array)$record;
-		$dbgArr = array();
-		$dbgArr['record_owner'] = (isset($record['L_APPOITMENT_USER']))? $record['L_APPOITMENT_USER'] : '';
-		$dbgArr['record_write'] = (isset($record['A_ADM_COMPANY']))? $record['A_ADM_COMPANY'] : '';
-		$dbgArr['record_read'] = (isset($record['A_CLASSIFIED']))? $record['A_CLASSIFIED'] : '';
-		$dbgArr['user_groups'] = User::getLdapGroupsNames();
-		if(V::get('DBG_ACL', '', $_REQUEST) > 2){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">dbgArr (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($dbgArr);echo'</pre>';}
-
-		if ($dbgArr['record_owner'] && $dbgArr['record_owner'] == User::getLogin()) {
-			if(V::get('DBG_ACL', '', $_REQUEST) > 2){echo '<p>true - is record owner</p>';}
-			return true;
-		}
-
-		if ($dbgArr['record_write']) {
-			if (in_array($dbgArr['record_write'], $dbgArr['user_groups'])) {
-				if(V::get('DBG_ACL', '', $_REQUEST) > 2){echo '<p>true - has group write</p>';}
-				return true;
-			}
-		} else {
-			if(V::get('DBG_ACL', '', $_REQUEST) > 2){echo '<p>true - group write not set</p>';}
-			return true;
-		}
-
-		return false;
-	}
-
-	public function canReadRecord($record) {
-		$record = (array)$record;
-		$dbgArr = array();
-		$dbgArr['record_owner'] = (isset($record['L_APPOITMENT_USER']))? $record['L_APPOITMENT_USER'] : '';
-		$dbgArr['record_write'] = (isset($record['A_ADM_COMPANY']))? $record['A_ADM_COMPANY'] : '';
-		$dbgArr['record_read'] = (isset($record['A_CLASSIFIED']))? $record['A_CLASSIFIED'] : '';
-		$dbgArr['user_groups'] = User::getLdapGroupsNames();
-		if(V::get('DBG_ACL', '', $_REQUEST) > 2){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">record('.$record['ID'].') (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($dbgArr);echo'</pre>';}
-
-		if ($dbgArr['record_owner'] && $dbgArr['record_owner'] == User::getLogin()) {
-			if(V::get('DBG_ACL', '', $_REQUEST) > 2){echo '<p>true - is record owner</p>';}
-			return true;
-		}
-
-		if ($dbgArr['record_read']) {
-			if (in_array($dbgArr['record_read'], $dbgArr['user_groups'])) {
-				if(V::get('DBG_ACL', '', $_REQUEST) > 2){echo '<p>true - has group read</p>';}
-				return true;
-			}
-		} else {
-			if(V::get('DBG_ACL', '', $_REQUEST) > 2){echo '<p>true - group read not set</p>';}
-			return true;
-		}
-
-		return false;
-	}
-
 	/**
 	 * @param $taskPerm - 'C', 'W', 'R'
 	 */
@@ -1408,9 +1351,9 @@ class TableAcl extends Core_AclBase {
 		return $item;
 	}
 
-	public function getItem($id) {
+	public function getItem($primaryKey) {
 		$ds = $this->getDataSource();
-		return $ds->getItem($id);
+		return $ds->getItem($primaryKey);
 	}
 
 	public function getItems($params = array()) {// TODO: use ParseOgcQuery

SE/se-lib/TableAjax.php

@@ -1030,6 +1030,24 @@ var p5UI_TableAjax_generateFunctionNode = function(funObj, rowPK, props) {
 						}
 					}(fldName, fieldProps));
 					break;
+				case "ref":
+					fieldWidget = (function(fldName, fieldProps) {
+						var _fieldName = fldName,
+								_fieldProps = fieldProps;
+						// console.log('FieldWidget: generate function to render field('+_fieldName+') fieldProps: ', fieldProps);
+						return function(val, fieldPK, row) {
+							// console.log('FieldWidget: pk('+fieldPK+') run function to render field('+_fieldName+') with value: ', val, ', fieldProps: ', fieldProps);
+							return _.map(val, function(v) {
+								if (!v || !v.xlink) return '';
+								var idRemote = v.xlink.split('.').pop()
+								var nsRemote = v.xlink.split(':').pop().split('.').shift()
+								var seLink = '<?= Request::getPathUri(); ?>index.php?_route=ViewTableAjax&namespace=' + fieldProps.xsdRefNsPrefix + '/' + nsRemote + '#EDIT/' + idRemote;
+								var wfsLink = fieldProps.xsdRefUri + '#' + fieldProps.xsdRefType + '.' + idRemote;
+								return '<a href="' + seLink + '" title="' + wfsLink + '">' + v.xlink + '</a>';
+							}).join(' ');
+						}
+					}(fldName, fieldProps));
+					break;
 			}
 			_fieldWidgets[fldName] = fieldWidget;
 		};
@@ -4059,20 +4077,20 @@ function <?php echo $jsToogleFiltrProcesuFunctionName; ?>(n) {
 			exit;
 		}
 
-		if (!$this->_acl->isAllowed($fieldID, 'R', $row)) {
+		if (!$this->_acl->canReadObjectField($fieldName, $row)) {
 			if ($DBG) echo " R not allowed\n";
 		} else {
 			if ($DBG) echo " R allowed\n";
 		}
 
-		if (!$this->_acl->isAllowed($fieldID, 'W', $row)) {
+		if (!$this->_acl->canWriteObjectField($fieldName, $row)) {
 			if ($DBG) echo " W not allowed\n";
 		} else {
 			if ($DBG) echo " W allowed\n";
 		}
 
 		$fieldVal = '';
-		if ($this->_acl->isAllowed($fieldID, 'R', $row)) {
+		if ($this->_acl->canReadObjectField($fieldName, $row)) {
 			$fieldVal = V::get($fieldName, $fieldVal, $row);
 		} else {
 			$fieldVal = '*****';
@@ -4122,13 +4140,12 @@ function <?php echo $jsToogleFiltrProcesuFunctionName; ?>(n) {
 			<strong title="<?php echo "[{$fieldID}] {$fieldName}"; ?>"><?php echo "{$vCol['label']}"; ?></strong>
 			<?php if (!empty($vCol['opis'])) : ?>
 				<em><?php echo $vCol['opis']; ?></em>
-				<?php $perms = $this->_acl->getFieldPerms($fieldID); UI::hotKeyDBG($perms); ?>
 			<?php endif; ?>
 		</label>
 		<?php
-			if (!$this->_acl->isAllowed($fieldID, 'W', $row)) {
+			if (!$this->_acl->canWriteObjectField($fieldName, $row)) {
 				// TODO: hide Zapisz btn on frontend side
-				if (!$this->_acl->isAllowed($fieldID, 'R', $row)) {
+				if (!$this->_acl->canReadObjectField($fieldName, $row)) {
 					UI::alert('warning', "Brak uprawnień do odczytu i zapisu");
 				} else {
 					echo '<p style="margin-top:16px">' . $fieldVal . '</p>';
@@ -4195,7 +4212,7 @@ function <?php echo $jsToogleFiltrProcesuFunctionName; ?>(n) {
 		$DBG = ('1' == V::get('DBG', '', $_REQUEST));
 		$acl = $this->_acl;
 
-		$record = $acl->getItem($id);
+		$record = (array)$acl->getItem($id);
 		if (!$acl->canWriteRecord($record) && !$acl->hasPermSuperWrite()) {
 			UI::alert('danger', "Brak dostępu do rekordu");// TODO: more info - reason
 			return;
@@ -4215,7 +4232,7 @@ function <?php echo $jsToogleFiltrProcesuFunctionName; ?>(n) {
 		foreach ($fieldsList as $kID => $field) {
 			$cols[$kID] = '';
 
-			if ($this->_acl->isAllowed($kID, 'R', $record)) {
+			if ($this->_acl->canReadObjectField($field['name'], $record)) {
 				$cols[$kID] = V::get($field['name'], '', $record);
 			} else {
 				$cols[$kID] = '*****';
@@ -4238,7 +4255,7 @@ function <?php echo $jsToogleFiltrProcesuFunctionName; ?>(n) {
 					if($DBG){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">Typespecial('.$vColID.') (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($typeSpecial);echo'</pre>';}
 					$colValue = V::get($vCol['name'], '', $record);
 					if($DBG){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">V::get('.$vCol['name'].', "", $record) (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($colValue);echo'</pre>';}
-					$specialValues = $typeSpecial->getEditSelectedValuesByIds($this->_zasobID, $record->ID, $vCol['name'], $colValue);
+					$specialValues = $typeSpecial->getEditSelectedValuesByIds($this->_zasobID, $record['ID'], $vCol['name'], $colValue);
 					if($DBG){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">Typespecial('.$vColID.') specialValues (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($specialValues);echo'</pre>';}
 					if (!empty($specialValues)) {
 						$tsValues[$vColID] = implode('<br>', $specialValues);
@@ -4248,20 +4265,19 @@ function <?php echo $jsToogleFiltrProcesuFunctionName; ?>(n) {
 		}
 		if($DBG){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">tsValues (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($tsValues);echo'</pre>';}
 
-		$rowFunctionsOut = $this->_showRowFunctions($record->ID, array('edit', 'cp'), true);
+		$rowFunctionsOut = $this->_showRowFunctions($record['ID'], array('edit', 'cp'), true);
 
 		?>
 		<div class="container AjaxFrmHorizontalEdit" style="max-width:940px">
 		<form class="form-horizontal" action="" method="post" id="EDIT_FRM_<?php echo $this->_htmlID; ?>">
 			<fieldset>
-				<legend>Edycja rekordu Nr <?php echo $record->ID; ?><span class="pull-right valign-btns-bottom"><?php echo $rowFunctionsOut; ?></span></legend>
+				<legend>Edycja rekordu Nr <?php echo $record['ID']; ?><span class="pull-right valign-btns-bottom"><?php echo $rowFunctionsOut; ?></span></legend>
 
 				<?php $tabindex = 0; foreach ($fieldsList as $kID => $vCol) : ?>
 					<?php if ($acl->canWriteObjectField($vCol['name'], $record)) : ?>
 						<div class="form-group">
 							<label class="col-xs-12 col-sm-3 col-md-2 control-label" for="<?php echo "f{$kID}"; ?>"><?php echo $vCol['label']; ?>
 								<i class="glyphicon glyphicon-info-sign frm-help" data-toggle="popover" data-trigger="hover" title="" data-content="<?php echo htmlspecialchars($vCol['opis']); ?>" data-original-title="<?php echo "[{$kID}] {$vCol['name']}"; ?>"></i>
-								<?php $perms = $acl->getFieldPerms($kID); UI::hotKeyDBG($perms); ?>
 							</label>
 							<div class="col-xs-12 col-sm-9 col-md-10">
 								<?php
@@ -4277,7 +4293,6 @@ function <?php echo $jsToogleFiltrProcesuFunctionName; ?>(n) {
 						<div class="form-group">
 							<label class="col-xs-12 col-sm-3 col-md-2 control-label" for="<?php echo "f{$kID}"; ?>"><?php echo $vCol['label']; ?>
 								<i class="glyphicon glyphicon-info-sign frm-help" data-toggle="popover" data-trigger="hover" title="" data-content="<?php echo htmlspecialchars($vCol['opis']); ?>" data-original-title="<?php echo "[{$kID}] {$vCol['name']}"; ?>"></i>
-								<?php $perms = $acl->getFieldPerms($kID); UI::hotKeyDBG($perms); ?>
 							</label>
 							<div class="col-xs-12 col-sm-9 col-md-10">
 								<p style="margin-top:5px;">
@@ -4285,8 +4300,8 @@ function <?php echo $jsToogleFiltrProcesuFunctionName; ?>(n) {
 									//echo $acl->showFormItem('R', $kID, "f{$kID}", $cols[$kID], array('appendBack'=>true), $record);
 									if (!empty($tsValues[$kID])) {
 										echo $tsValues[$kID];
-									} else if (!empty($record->{$vCol['name']})) {
-										echo $record->{$vCol['name']};
+									} else if (!empty($record[ $vCol['name'] ])) {
+										echo $record[ $vCol['name'] ];
 									}
 								?>
 								</p>
@@ -4347,7 +4362,7 @@ jQuery(document).ready(function(){
 					notify.type = '';
 			}
 			jQuery.notify(notify.msg, notify.type);
-			var alertType = ('error' == notify.type) ? 'danger' : notify.type;
+			var alertType = ('error' == data.type) ? 'danger' : data.type;
 			outMsg = '<div class="alert alert-' + alertType + '">' + notify.msg + '</div>';
 			return outMsg;
 		}
@@ -4505,11 +4520,10 @@ jQuery(document).ready(function(){
 
 
 				<?php $tabindex = 0; foreach ($fieldsList as $kID => $vCol) : ?>
-					<?php if ($this->_acl->isAllowed($kID, 'C')) : ?>
+					<?php if ($this->_acl->canCreateField($vCol['name'])) : ?>
 						<div class="form-group">
 							<label class="col-xs-12 col-sm-3 col-md-2 control-label" for="<?php echo "f{$kID}"; ?>"><?php echo $vCol['label']; ?>
 								<i class="glyphicon glyphicon-info-sign frm-help" data-toggle="popover" data-trigger="hover" title="" data-content="<?php echo htmlspecialchars($vCol['opis']); ?>" data-original-title="<?php echo "[{$kID}] {$vCol['name']}"; ?>"></i>
-								<?php $perms = $this->_acl->getFieldPerms($kID); UI::hotKeyDBG($perms); ?>
 							</label>
 							<div class="col-xs-12 col-sm-9 col-md-10">
 								<?php
@@ -4756,11 +4770,11 @@ jQuery(document).ready(function(){
 				// if ($row->{$fieldName} == 'N/S;') continue;
 				$changeItem = array();
 				$changeItem['fieldName'] = $fieldName;
-				$changeItem['acl_read'] = $acl->isAllowed($fldId, 'R', $record);
+				$changeItem['acl_read'] = $acl->canReadObjectField($fieldName, $record);
 				if ($changeItem['acl_read']) {
 					$changeItem['value'] = $row->{$fieldName};
 				}
-				if ('the_geom' == $fieldName && $acl->isAllowed($fldId, 'W', $record)) {
+				if ('the_geom' == $fieldName && $acl->canWriteObjectField($fieldName, $record)) {
 					$sourceName = $acl->getSourceName();
 					if ('default_db' == $sourceName) {
 						$typeName = $acl->getName();
@@ -5737,7 +5751,7 @@ jQuery(document).ready(function(){
 		if($DBG){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">fld('.$fldName.') (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($fldID);echo'</pre>';}
 
 		$item = $this->_acl->getItem($id);
-		if (!$this->_acl->isAllowed($fldID, 'R', $item)) {
+		if (!$this->_acl->canReadObjectField($fldIName, $item)) {
 			$jsonData->msg = 'Brak dostępu';
 			echo json_encode($jsonData);
 			exit;
@@ -5833,6 +5847,26 @@ jQuery(document).ready(function(){
 			} else {// typespecial - no type
 				$columnConfig->type = 'special';
 			}
+			$columnConfig->xsdType = $acl->getXsdFieldType($col);
+			if ($columnConfig->xsdType) {
+				$ex = explode(":", $columnConfig->xsdType);
+				switch ($ex[0]) {
+					case 'ref':
+					case 'alias_ref':
+						if (3 != count($ex)) throw new HttpException("Schema Error for field({$col}) xsdType({$columnConfig->xsdType})", 500);
+						$columnConfig->type = 'ref';
+						$columnConfig->xsdRefUri = Api_WfsNs::getNsUri($ex[1]);
+						$columnConfig->xsdRefType = $ex[2];
+						$columnConfig->xsdRefNsPrefix = $ex[1];
+						break;
+					case 'xsd':
+						switch ($ex[1]) {
+							case 'string': $columnConfig->type = 'string'; break;
+							case 'ind': $columnConfig->type = 'number'; break;
+						}
+						break;
+				}
+			}
 
 			$typeSpecial = Typespecial::getInstance($fieldID, $col);
 			if ($typeSpecial) {
@@ -6043,8 +6077,7 @@ jQuery(document).ready(function(){
 			throw new HttpException("Brak dostępu do rekordu", 403);
 		}
 
-		$theGeomFieldId = $this->_acl->getFieldIdByName($geomFieldName);
-		if (!$this->_acl->isAllowed($theGeomFieldId, 'W', $record)) {
+		if (!$this->_acl->canWriteObjectField($geomFieldName, $record)) {
 			throw new HttpException("Brak dostępu do zapisu dla pola {$geomFieldName}", 403);
 		}