se/SE/se-lib/ACL.php

<?php

Lib::loadClass('Core_AclHelper');

class ACL {

	public static $REF_TABLE_VERSION = 1;

	/**
	 * Ids List of Proces Init for given tabel (skip filters)
	 */
	public static function getTableProcesInitIds($idTable) {
		$procesInitList = self::getTableProcesInitList($idTable);
		return array_keys($procesInitList);
	}

	/**
	 * List of Proces Init for given table (skip filters)
	 */
	public static function getTableProcesInitList($idTable) {
		$tableProcesInitList = array();
		$sqlIdProcesListSql = <<<SQL
			select tpv.`ID_PROCES`
				from `CRM_PROCES_idx_TABLE_TO_PROCES_VIEW` tpv
				where tpv.`ID_TABLE`='{$idTable}'
SQL;
		$fetchTableProcesInitListSql = <<<SQL
			-- time ~0.07 -- no goto and return
			select p.`ID`, p.`DESC`
			from `CRM_PROCES` p
			where p.`ID` in(
						select i.`idx_PROCES_INIT_ID`
						from `CRM_PROCES_idx` i
						where i.`ID_PROCES` in({$sqlIdProcesListSql})
				)
				and p.`TYPE`='PROCES_INIT'
			order by p.`SORT_PRIO`
SQL;
		/*
			SELECT p.`ID` , p.`DESC`
			FROM `CRM_PROCES` p
			WHERE p.`ID`
			IN (
					SELECT i.`idx_PROCES_INIT_ID`
					FROM `CRM_PROCES_idx` i
					WHERE i.`ID_PROCES`
					IN (
							SELECT tpv.`ID_PROCES`
							FROM `CRM_PROCES_idx_TABLE_TO_PROCES_VIEW` tpv
							WHERE tpv.`ID_TABLE` = '13051'
					)
			)
			AND p.`TYPE` = 'PROCES_INIT'
			order by p.`SORT_PRIO`
		*/
		$fetchTableProcesInitListSql = <<<SQL
			-- time ~0.15s
			select p.`ID`, p.`DESC`
			from `CRM_PROCES` p
			where p.`ID` in(
						select i.`idx_PROCES_INIT_ID`
						from `CRM_PROCES_idx` i
						where i.`ID_PROCES` in({$sqlIdProcesListSql})
					union
						select ig.`idx_PROCES_INIT_ID`
						from `CRM_PROCES_idx` i
							join `CRM_PROCES_idx` ig on(ig.`ID_PROCES`=i.`idx_PROCES_WITH_GROUPS_ID`)
						where i.`ID_PROCES` in({$sqlIdProcesListSql})
				)
				and p.`TYPE`='PROCES_INIT'
			order by p.`SORT_PRIO`
SQL;
		$fetchTableProcesInitListSql = <<<SQL
			-- time ~0.14
			select p.`ID`, p.`DESC`
			from `CRM_PROCES` p
			where p.`ID` in(
					select i.`idx_PROCES_INIT_ID`
					from `CRM_PROCES_idx` i
					where i.`ID_PROCES` in({$sqlIdProcesListSql})
						or i.`ID_PROCES` in(
							select ig.`idx_PROCES_WITH_GROUPS_ID`
							from `CRM_PROCES_idx` ig
							where ig.`ID_PROCES` in({$sqlIdProcesListSql})
						)
				)
				and p.`TYPE`='PROCES_INIT'
			order by p.`SORT_PRIO`
SQL;
		//echo'<pre>$fetchTableProcesInitListSql('.$idTable.') ';print_r($fetchTableProcesInitListSql);echo'</pre>';
		$tableProcesInitList = array();
		$db = DB::getDB();
		$res = $db->query($fetchTableProcesInitListSql);
		while ($r = $db->fetch($res)) {
			$tableProcesInitList[$r->ID] = $r->DESC;
		}
		return $tableProcesInitList;
	}

	public static function getProcesInitMapTreeOnlyIds($ids) {
		$mapTree = array();
		$map = self::getProcesInitMapOnlyIds($ids);
		foreach ($map as $r) {
			if ('PROCES_INIT' == $r->TYPE) {
				$mapTree[$r->ID_PROCES] = array();
			}
		}
		foreach ($map as $r) {
			if ('GOTO_AND_RETURN' == $r->TYPE) {
				$mapTree[$r->idx_MAIN_PROCES_INIT_ID][$r->ID_PROCES] = array();
			}
		}
		foreach ($map as $r) {
			if ('GOTO_AND_RETURN_LVL2' == $r->TYPE) {
				$mapTree[$r->idx_MAIN_PROCES_INIT_ID][$r->idx_GOTO_LVL2_INIT_ID][$r->ID_PROCES] = true;
			}
		}
		return $mapTree;
	}

	public static function getProcesInitMapOnlyIds($ids) {
		$map = array();
		$sqlIds = V::filter($ids, array('V', 'filterPositiveInteger'));
		$sqlIds = implode(',', $sqlIds);
		if (empty($sqlIds)) return $map;
		$sql = <<<SQL
			select i.`ID_PROCES`
				, i.`PARENT_ID`
				, i.`TYPE`
				, i.`idx_PROCES_INIT_ID`
				, i.`idx_MAIN_PROCES_INIT_ID`
				, i.`idx_PROCES_WITH_GROUPS_ID`
				, IF(i.`TYPE`='GOTO_AND_RETURN_LVL2'
					, (select ig.`idx_PROCES_INIT_ID`
						from `CRM_PROCES_idx` ig
						where ig.`ID_PROCES`=i.`PARENT_ID`
						limit 1)
					, 0
				) as idx_GOTO_LVL2_INIT_ID
			from `CRM_PROCES_idx` i
			where i.`ID_PROCES` in({$sqlIds})
				and i.`idx_MAIN_PROCES_INIT_ID` in({$sqlIds})
SQL;
		DBG::_('DBG_MAP', '1', "MAP SQL", $sql, __CLASS__, __FUNCTION__, __LINE__);
		$db = DB::getDB();
		$res = $db->query($sql);
		while ($r = $db->fetch($res)) {
			$map[] = $r;
		}
		//DBG::table("MAP", $map, __CLASS__, __FUNCTION__, __LINE__);
		return $map;
	}

	public static function canGroupViewProces($idGroup, $idProcesInit) {
		$isAllowed = false;
		$idProcesInit = (int)$idProcesInit;
		if (!$idProcesInit) return false;
		$checkProcesAccessSql = <<<SQL
			select count(*) as cnt
				from `CRM_PROCES_idx_GROUP_to_INIT_VIEW` giv
				where giv.`ID_GROUP` = '{$idGroup}'
					and giv.`ID_PROCES_INIT` = '{$idProcesInit}'
SQL;
		$db = DB::getDB();
		$res = $db->query($checkProcesAccessSql);
		if ($r = $db->fetch($res)) {
			if ($r->cnt > 0) {
				$isAllowed = true;
			}
		}
		return $isAllowed;
	}

	public static function getStorageByNamespace($namespace, $forceTblAclInit = false) {
		Lib::loadClass('Core_AclHelper');
		Lib::loadClass('SchemaFactory');
		$ns = Core_AclHelper::parseNamespaceUrl($namespace);
		DBG::log($ns, 'array', "parseNamespaceUrl({$namespace})");
		if ('default_db' == $ns['prefix']) {
			$acl = User::getAcl()->getObjectAcl($ns['prefix'], $ns['name']);
		} else if ('objects' == $ns['prefix']) {
			$acl = SchemaFactory::loadDefaultObject($ns['name']);
		} else if ('default_objects' == $ns['prefix']) {
			$acl = SchemaFactory::loadDefaultObject($ns['name']);
		} else if ('default_db__x3A__' == substr($ns['prefix'], 0, 17)) {
			$rootTableName = strtolower(substr($ns['prefix'], 17));
			$acl = SchemaFactory::loadTableObject($rootTableName, $ns['name']);
		} else {
			throw new HttpException("Not Implemented", 501);
		}
		$acl->init($forceTblAclInit);
		return $acl;
	}

	public static function getAclByNamespace($namespace, $forceTblAclInit = false) {
		return Core_AclHelper::getAclByNamespace($namespace, $forceTblAclInit);
	}

	public static function getAclByTypeName($typeName, $forceTblAclInit = false) {
		return Core_AclHelper::getAclByNamespace(str_replace(':', '/', $typeName), $forceTblAclInit);
	}

	public static function parseNamespaceUrl($namespace) {// returns assoc array: [ 'name', 'url', 'prefix', 'sourceName' ]
		return Core_AclHelper::parseNamespaceUrl($namespace);
	}

	public static function getRefTable($rootObjectNamespace, $childName) { // CRM_REF_CONFIG
		static $cacheRefTables = array();
		DBG::log("DBG get ref table ({$rootObjectNamespace}, {$childName}) ...");
		$cacheKey = "{$rootObjectNamespace}/{$childName}";
		if (array_key_exists($cacheKey, $cacheRefTables)) return $cacheRefTables[$cacheKey];

		$rootAcl = self::getAclByNamespace($rootObjectNamespace);
		$childXsdType = $rootAcl->getXsdFieldType($childName);
		list($typePrefix, $childNamespace) = explode(':', $childXsdType, 2);
		DBG::log(['$childXsdType' => $childXsdType, '$typePrefix' => $typePrefix, '$childNamespace' => $childNamespace], 'array', "DBG get ref table ...");
		switch ($typePrefix) {
			case 'ref_uri': $childAcl = self::getAclByNamespace($childNamespace); break;
			case 'ref': $childAcl = self::getAclByTypeName($childNamespace); break;
			default: throw new Exception("Expected ref type for field '{$childName}' in object '{$rootObjectNamespace}'");
		}

		$refInfo = self::getRefConfig($rootObjectNamespace, $childName, $childNamespace);

		if ('view' === $refInfo['SOURCE']) {
			$refTableName = "CRM__#REF_TABLE__{$refInfo['ID']}_VIEW"; // view created by ACL::generateRefSelectSqlByFlatRelationCache
		} else {
			$refTableName = "CRM__#REF_TABLE__{$refInfo['ID']}";
			if ('WAITING' == $refInfo['A_STATUS']) {
				DB::getPDO()->execSql("
					CREATE TABLE IF NOT EXISTS `{$refTableName}` (
						`PRIMARY_KEY` int(11) NOT NULL
						, `REMOTE_PRIMARY_KEY` int(11) NOT NULL
						, `REMOTE_TYPENAME` varchar(255) NOT NULL DEFAULT ''
						, `A_STATUS` enum('WAITING', 'NORMAL', 'DELETED') NOT NULL DEFAULT 'WAITING'
						, `TRANSACTION_ID` int(11) NOT NULL
						, `A_LAST_ACTION_DATE` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
						, KEY `PRIMARY_KEY` (`PRIMARY_KEY`)
						, KEY `REMOTE_PRIMARY_KEY` (`REMOTE_PRIMARY_KEY`)
					) ENGINE=MyISAM DEFAULT CHARSET=latin2 COMMENT='{$rootObjectNamespace} #REF $childName ({$childNamespace})';
				");
				$refInfo['A_STATUS'] = "NORMAL";
				$refInfo['VERSION'] = self::$REF_TABLE_VERSION;
				$affected = DB::getPDO()->update("CRM_REF_CONFIG", 'ID', $refInfo['ID'], [
					'A_STATUS' => $refInfo['A_STATUS'],
					'VERSION' => $refInfo['VERSION']
				]);
			}
		}

		if ($refInfo['VERSION'] < self::$REF_TABLE_VERSION) throw new Exception("TODO: ref table {$refInfo['ID']} require upgrade - field '{$childName}' in object '{$rootObjectNamespace}'");

		$cacheRefTables[$cacheKey] = $refTableName;
		return $refTableName;
	}
	public static function getRefSource($rootObjectNamespace, $childName) { // CRM_REF_CONFIG
		$refInfo = self::getRefConfig($rootObjectNamespace, $childName);
		return V::get('SOURCE', 'table', $refInfo);
	}
	public static function generateRefSelectSqlByFlatRelationCache($rootObjectNamespace, $childName) { // CRM_REF_CONFIG
		$appInfo = DB::getPDO()->fetchValue("
			select f.appInfo
			from `CRM_#CACHE_ACL_OBJECT_FIELD` f
			where f.objectNamespace = '{$rootObjectNamespace}'
				and f.fieldNamespace = '{$childName}'
		");
		if (!$appInfo) throw new Exception("Missing app:info for field '{$rootObjectNamespace}/{$childName}'");
		$appInfo = @json_decode($appInfo, $assoc = true);
		if (empty($appInfo)) throw new Exception("Empty app:info for field '{$rootObjectNamespace}/{$childName}'");

		DBG::log(['$appInfo'=>$appInfo, '$rootObjectNamespace'=>$rootObjectNamespace, '$childName'=>$childName], 'array', "\$appInfo");
		$rootAcl = self::getAclByNamespace($rootObjectNamespace);
		$childXsdType = $rootAcl->getXsdFieldType($childName);
		list($typePrefix, $childNamespace) = explode(':', $childXsdType, 2);
		switch ($typePrefix) {
			case 'ref_uri': $childAcl = self::getAclByNamespace($childNamespace); break;
			case 'ref': $childAcl = self::getAclByTypeName($childNamespace); break;
			default: throw new Exception("Expected ref type for field '{$childName}' in object '{$rootObjectNamespace}'");
		}

		$lastActionDateField = "NULL"; // , IF(l.A_RECORD_UPDATE_DATE > r.A_RECORD_UPDATE_DATE, l.A_RECORD_UPDATE_DATE, r.A_RECORD_UPDATE_DATE) as A_LAST_ACTION_DATE
		$rootPrimaryKeyField = $rootAcl->getPrimaryKeyField();
		$childPrimaryKeyField = $childAcl->getPrimaryKeyField();
		$rootTableName = $rootAcl->getRootTableName();
		$childTableName = $childAcl->getRootTableName();
		//   '$appInfo' => [
		//     'flat_relation_cache' => [
		//       'source' => [
		//         '@name' => 'ID',
		//         '@xpath' => 'default_db__x3A__CRM_WSKAZNIK:CRM_WSKAZNIK/ID_PROCES',
		//       ),
		//     ),
		//   ),
		//   '$rootObjectNamespace' => 'default_db/CRM_PROCES/PROCES',
		//   '$childName' => 'default_db__x3A__CRM_WSKAZNIK:CRM_WSKAZNIK',

		//   '$appInfo' => [
		//   'flat_relation_cache' => [
		//     'source' => [
		//       '@name' => 'ID',
		//       '@xpath' => 'default_db__x3A__CRM_PROCES:PROCES/PARENT_ID',
		//     ),
		//   ),
		// ),
		// '$rootObjectNamespace' => 'default_db/CRM_PROCES/PROCES',
		// '$childName' => 'default_db__x3A__CRM_PROCES:PROCES',
		$appInfoRootFieldName = null;
		$appInfoChildFieldName = null;
		{
			if (empty($appInfo['flat_relation_cache']['source']['@name'])) throw new Exception("Missing flat_relation_cache/source/@name");
			if (empty($appInfo['flat_relation_cache']['source']['@xpath'])) throw new Exception("Missing flat_relation_cache/source/@xpath");
			$appInfoName = $appInfo['flat_relation_cache']['source']['@name'];
			$appInfoXpath = $appInfo['flat_relation_cache']['source']['@xpath'];
			// $rootNs = $rootAcl->getNamespace()
			if ("{$childName}/" === substr($appInfoXpath, 0, strlen("{$childName}/"))) {
				$appInfoRootFieldName = substr($appInfoXpath, strlen("{$childName}/"));
				$appInfoChildFieldName = $appInfoName;
			} else {
				throw new Exception("TODO parse flat_relation_cache");
			}
		}
		if (!$appInfoRootFieldName || !$appInfoChildFieldName) throw new Exception("Error Processing flat_relation_cache");
		$sql = "
			select l.{$rootPrimaryKeyField} as PRIMARY_KEY
					, r.{$childPrimaryKeyField} as REMOTE_PRIMARY_KEY
					, '' as REMOTE_TYPENAME
					, 'WAITING' as A_STATUS
					, 0 as TRANSACTION_ID
					, {$lastActionDateField} as A_LAST_ACTION_DATE
			from `{$rootTableName}` l
				join `{$childTableName}` r on(r.{$appInfoRootFieldName} = l.{$appInfoChildFieldName})
		";
		DBG::log($sql, 'sql', "generateRefSelectSqlByFlatRelationCache");
		return $sql;
	}
	public static function setRefSource($rootObjectNamespace, $childName, $source, $viewSelectSql = null) { // CRM_REF_CONFIG
		if (!in_array($source, ['view', 'table'])) throw new Exception("Wrong param source - expected 'table' or 'view'");
		if ('view' === $source && !$viewSelectSql) throw new Exception("Missing create view sql");
		$refInfo = self::getRefConfig($rootObjectNamespace, $childName);
		if ($source != $refInfo['SOURCE']) {
			if ('view' === $source) {
				$refTableName = "CRM__#REF_TABLE__{$refInfo['ID']}_VIEW";
				DB::getPDO()->execSql(" CREATE OR REPLACE DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `{$refTableName}` AS {$viewSelectSql} ");
			}
			$affected = DB::getPDO()->update("CRM_REF_CONFIG", 'ID', $refInfo['ID'], [
				'SOURCE' => $source,
			]);
		}
	}
	public static function getRefConfig($rootObjectNamespace, $childName, $childNamespace = null) { // CRM_REF_CONFIG
		if (!$childNamespace) {
			$rootAcl = self::getAclByNamespace($rootObjectNamespace);
			$childXsdType = $rootAcl->getXsdFieldType($childName);
			list($typePrefix, $childNamespace) = explode(':', $childXsdType, 2);
			DBG::log(['$childXsdType' => $childXsdType, '$typePrefix' => $typePrefix, '$childNamespace' => $childNamespace], 'array', "DBG get ref table ...");
			switch ($typePrefix) {
				case 'ref_uri': $childAcl = self::getAclByNamespace($childNamespace); break;
				case 'ref': $childAcl = self::getAclByTypeName($childNamespace); break;
				default: throw new Exception("Expected ref type for field '{$childName}' in object '{$rootObjectNamespace}'");
			}
		}
		$refInfo = [];// define $refInfo = [ ID, A_STATUS, VERSION ]
		try {// check that ref config table exists
			$sqlRootTableNs = DB::getPDO()->quote($rootObjectNamespace, PDO::PARAM_STR);
			$sqlChildName = DB::getPDO()->quote($childName, PDO::PARAM_STR);
			$sqlChildNamespace = DB::getPDO()->quote($childNamespace, PDO::PARAM_STR);
			$refInfo = DB::getPDO()->fetchFirst("
				select c.ID, c.A_STATUS, c.VERSION, c.SOURCE
				from `CRM_REF_CONFIG` c
				where c.ROOT_OBJECT_NS = {$sqlRootTableNs}
					and c.CHILD_NAME = {$sqlChildName}
					and c.CHILD_NS = {$sqlChildNamespace}
			");
		} catch (Exception $e) {
			DB::getPDO()->execSql("
				CREATE TABLE IF NOT EXISTS `CRM_REF_CONFIG` (
					`ID` INT NOT NULL AUTO_INCREMENT
					, `ROOT_OBJECT_NS` VARCHAR(255) NOT NULL
					, `CHILD_NAME` VARCHAR(255) NOT NULL
					, `CHILD_NS` VARCHAR(255) NOT NULL
					, `A_STATUS` enum('WAITING', 'NORMAL', 'DELETED') NOT NULL DEFAULT 'WAITING'
					, `VERSION` int(11) NOT NULL DEFAULT 0
					, `A_LAST_ACTION_DATE` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
					, PRIMARY KEY (`ID`)
				) ENGINE = MyISAM DEFAULT CHARSET=latin2;
			");
			try {
				DB::getPDO()->execSql(" ALTER TABLE `CRM_REF_CONFIG` ADD `SOURCE` enum('table', 'view') not null default 'table' ");
			} catch (Exception $e) {
				DBG::log($e);
			}
		}
		if (empty($refInfo)) {
			$refInfo = [ 'ID' => 0, 'A_STATUS' => 'WAITING', 'VERSION' => 0, 'SOURCE' => 'table' ];
			$refInfo['ID'] = DB::getPDO()->insert("CRM_REF_CONFIG", [
				'ROOT_OBJECT_NS' => $rootObjectNamespace,
				'CHILD_NAME' => $childName,
				'CHILD_NS' => $childNamespace
			]);
		}
		if (!$refInfo['ID']) throw new Exception("Ref table not found in ref config table for field '{$childName}' in object '{$rootObjectNamespace}'");
		return $refInfo;
	}

	public static function getInstanceId($namespace) { // CRM_INSTANCE_CONFIG
		$conf = self::getInstanceConfig($namespace);
		return $conf['id'];
	}
	public static function getInstanceConfig($namespace) { // CRM_INSTANCE_CONFIG
		try {
			$conf = self::fetchInstanceConfig($namespace);
		} catch (Exception $e) {
			DB::getPDO()->execSql("
	      create table if not exists `CRM_INSTANCE_CONFIG` (
	        `id` int(11) not null AUTO_INCREMENT,
	        `namespace` varchar(255) NOT NULL DEFAULT '',
	        `rootNamespace` varchar(255) NOT NULL DEFAULT '',
	        `idInstanceBase` int(11) NOT NULL DEFAULT 0,
					`_createdAt` datetime NOT NULL,
	        UNIQUE KEY `namespace` (`namespace`),
	        KEY `rootNamespace` (`rootNamespace`),
					PRIMARY KEY (`id`)
	      ) ENGINE=MyISAM  DEFAULT CHARSET=latin2
	    ");
			// TODO:?: `_tableInstalled` tinyint(1) not null default 0,
			$conf = self::fetchInstanceConfig($namespace);
		}
		if (!$conf) {
			$id = DB::getPDO()->insert("CRM_INSTANCE_CONFIG", [
				'namespace' => $namespace,
				'rootNamespace' => self::getRootNamespace($namespace),
				'_createdAt' => 'NOW()',
			]);
			$conf = self::fetchInstanceConfig($namespace);
		}
		if (!$conf) throw new Exception("Instance not found in config table '{$namespace}'");
		return $conf;
	}
	public static function fetchInstanceConfig($namespace) {
		return DB::getPDO()->fetchFirst("
			select c.*
			from `CRM_INSTANCE_CONFIG` c
			where c.namespace = '{$namespace}'
		");
	}
	public static function getRootNamespace($namespace) { // TODO: works only for relative urls! - mv to Acl->getRootNamespace
		Lib::loadClass('SchemaFactory');
		try {
			$objectItem = SchemaFactory::loadDefaultObject('SystemObject')->getItem($namespace);
		} catch (Exception $e) {
			throw new Exception("Object not installed '{$namespace}'");
		}
		if (!$objectItem['isStructInstalled']) throw new Exception("Object structure not installed '{$namespace}'");

		if ($objectItem['idDatabase'] != DB::getPDO()->getZasobId()) throw new Exception("Only default_db supported"); // TODO: support more Sources

		return "default_db/{$objectItem['_rootTableName']}";
	}
	public static function getNamespaceSiblings($namespace) {
		return array_map(function ($row) {
			return $row['namespace'];
		}, DB::getPDO()->fetchAll("
			select s.namespace
			from CRM_INSTANCE_CONFIG c
				join CRM_INSTANCE_CONFIG s on ( s.rootNamespace = c.rootNamespace and s.namespace != c.rootNamespace )
			where c.namespace = :namespace
		", [
			'namespace' => $namespace
		]));
	}
	public static function getFeatureNamespaces($namespace, $pk) {
		$instanceTable = self::getInstanceTable($namespace);
		return array_map(function ($row) {
			return $row['namespace'];
		}, DB::getPDO()->fetchAll("
			select c.namespace
			from `{$instanceTable}` i
				join `CRM_INSTANCE_CONFIG` c on ( c.id = i.idInstance )
			where i.pk = :pk
		", [
			'pk' => $pk,
		]));
	}
	public static function getInstanceTable($namespace) {
		$conf = self::getInstanceConfig($namespace);
		if (!empty($conf['idInstanceBase'])) return "CRM__#INSTANCE_TABLE__{$conf['idInstanceBase']}";

		$rootNs = $conf['rootNamespace'];
		$rootConf = self::getInstanceConfig($rootNs);
		$instanceTableName = "CRM__#INSTANCE_TABLE__{$rootConf['id']}";
		if (!empty($rootConf['idInstance'])) {
			$affected = DB::getPDO()->update("CRM_INSTANCE_CONFIG", 'rootNamespace', $rootNs, [
				'idInstanceBase' => $rootConf['id']
			]);
			return $instanceTableName;
		}

		// TODO: fetch primaryKeyType - TODO: store primaryKey and primaryKeyType in SystemObject item
		$pkType = 'int';
		DB::getPDO()->exec("
			CREATE TABLE IF NOT EXISTS `{$instanceTableName}` (
				`pk` int(11) NOT NULL COMMENT 'primary key'
				, `idInstance` int(11) NOT NULL
				, `_createdAt` datetime NOT NULL
				, KEY `pk` (`pk`)
				, KEY `idInstance` (`idInstance`)
			) ENGINE=MyISAM DEFAULT CHARSET=latin2 COMMENT='{$rootNs} #INSTANCE';
		");
		$affected = DB::getPDO()->update("CRM_INSTANCE_CONFIG", 'rootNamespace', $rootNs, [
			'idInstanceBase' => $rootConf['id']
		]);
		return $instanceTableName;
	}

	// @params $from - ( ACL | tableName | namespace | etc... - only ACL)
	public static function query($from, $prefix = 't') {
		Lib::loadClass('AclQueryBuilder');
		$query = new AclQueryBuilder();
		$query->from($from, $prefix);
		return $query;
	}

	/**
	 * @param mixed $object - Core_AclBase or string - namespace
	 * @return Core_AclFields
	 */
	public static function getObjectFields($object) {
		// TODO: try to get structure from `CRM_#CACHE_ACL_OBJECT_FIELD`
		// if ($object is instance Core_AclBase) {
		//   if ($object->isStructInstalled) then get structure from `CRM_#CACHE_ACL_OBJECT_FIELD` and put into Core_AclFields
		//   else get from $object->getFields() and put into Core_AclFields
	}

	public static function canUserReadObject($idUser, $aclOrIdZasob) {
		throw new Exception("TODO: canUserReadObjec({$idUser}, {$aclOrIdZasob})");
	}
	public static function canUserCreateObject($idUser, $aclOrIdZasob) {
		throw new Exception("TODO: canUserCreateObjec({$idUser}, {$aclOrIdZasob})");
	}
	public static function canUserWriteObject($idUser, $aclOrIdZasob) {
		throw new Exception("TODO: canUserWriteObjec({$idUser}, {$aclOrIdZasob})");
	}
	public static function canUserReadObjectField($idUser, $aclOrIdZasob, $fieldNameOrXPath) {
		throw new Exception("TODO: canUserReadObjectFiel({$idUser}, {$aclOrIdZasob}, {$fieldNameOrXPath})");
	}
	public static function canUserCreateObjectField($idUser, $aclOrIdZasob, $fieldNameOrXPath) {
		throw new Exception("TODO: canUserCreateObjectFiel({$idUser}, {$aclOrIdZasob}, {$fieldNameOrXPath})");
	}
	public static function canUserWriteObjectField($idUser, $aclOrIdZasob, $fieldNameOrXPath) {
		throw new Exception("TODO: canUserWriteObjectFiel({$idUser}, {$aclOrIdZasob}, {$fieldNameOrXPath})");
	}
	// TODO: replace below:
	// AclBase->canCreateField
	// AclBase->canReadField
	// AclBase->canReadObjectField
	// AclBase->canWriteField
	// AclBase->canWriteObjectField
	// AclBase->canWriteRecord
	// AclBase->canReadRecord
}