se/SE/se-lib/Core/AclBase.php

<?php

Lib::loadClass('Api_WfsNs');
Lib::loadClass('Api_WfsException');

// TODO: replace every methods using $idZasob to use $fieldName
/* TODO: fetch ACL from acl tables:
@example for TestPerms [13051]:
  SELECT * FROM  `CRM_PROCES_idx_TABLE_TO_PROCES_PERMS_VIEW` WHERE  `ID_TABLE` =13051; -- fetch id proces to $csvIdProces
  SELECT * FROM  `CRM_PROCES_idx_USER_to_PROCES_VIEW` WHERE  `ADM_ACCOUNT` = '{$userLogin}' and `ID_PROCES` in({$csvIdProces});
*/
class Core_AclBase {

  public function getSourceName() { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function getName() { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function getRootTableName() { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function getXsdFieldType($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  // TODO: get more xsd restrictions like minOccurs, maxOccurs, nillable and restrictions

  public function getID() { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }// TODO: Legacy
  public function init($force = false) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function isInitialized() { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function getFields() {// @returns array - $this->_fields // TODO: mved to getFieldListByIdZasob
    /*
      $field = array();
  		$field['name'] = $name;
  		$field['perms'] = '';
  		$field['opis'] = $opis;
  		$field['sort_prio'] = $sort_prio;
  		$field['label'] = $label;
  		$this->_fields[$fieldID] = $field;
    */
    throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501);
  }
  public function getFieldListByIdZasob() { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }// TODO: RMME - one field list function
  public function getRealFieldListByIdZasob() { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }// TODO: RMME - one field list function
  public function getVirtualFieldListByIdZasob() { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }// TODO: RMME - one field list function
  // TODO: public function getFieldList(); // @retuns array of field names

  public function isIntegerField($fieldName) { return ('xsd:integer' == $this->getXsdFieldType($fieldName)); }
  public function isDecimalField($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function isGeomField($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function isDateField($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function isDateTimeField($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function isStringField($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function isTextField($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function isBinaryField($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function isEnumerationField($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function getEnumerations($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function getFieldType($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }

  public function getFieldIdByName($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }// TODO: legacy
  public function isAllowed($idZasob, $taskPerm, $record = null) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }// TODO: legacy
  public function hasFieldPerm($idZasob, $taskPerm) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }// TODO: legacy

  // TODO: replace isAllowed, hasFieldPerm, getFieldIdByName
  public function canCreateField($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function canReadField($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function canReadObjectField($fieldName, $record) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function canWriteField($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function canWriteObjectField($fieldName, $record) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function hasCreatePerms() {
		foreach ($this->getFieldListByIdZasob() as $fieldName) {// TODO: use getFieldList
			if ($this->canCreateField($fieldName)) return true;
		}
		return false;
	}

  public function getRawLabel($posLimit = 20) { return substr($this->getName(), 0, $posLimit); }

  public function getItems($params = array()) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function addItem($todoItem) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function updateItem($itemPatch) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function getGeomFieldType($fieldName) { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function getPrimaryKeyField() { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }
  public function getAttributesFromZasoby() { throw new HttpException("Acl function " . __FUNCTION__ . " Not implemented", 501); }

  public function validateDeleteXml($action) {// @returns action tags, throws Exceptions
    $DBG = V::get('DBG_XML', 0, $_GET, 'int');
    if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " Delete action \$action:";print_r($action);echo "\n";}
    if (empty($action['tags'])) throw new Exception("Error Processing Delete Request - wrong Delete tag format");
    if ('open' != $action['tags'][0]['type']) throw new Exception("Error Processing Delete Request - wrong Delete tag format");
    if ('Filter' != $action['tags'][0]['tag']) throw new Exception("Error Processing Delete Request - wrong Delete tag format");
    $filterLvl = $action['tags'][0]['level'];
    array_shift($action['tags']);// remove first openig tag Filter
    array_pop($action['tags']);// remove last closing tag Filter
    if (empty($action['tags'])) throw new Exception("Error Processing Delete Request - missing FeatureId in Delete tag");
    $action['Filter'] = array();
    $featureName = $this->getName();
    foreach ($action['tags'] as $idx => $tag) {
      if ($tag['level'] <= $filterLvl) throw new Exception("Error Processing Delete Request - wrong Delete tag format Delete/Filter/{$tag['tag']}[{$idx}]");
      if ('FeatureId' != $tag['tag']) throw new Exception("Error Processing Delete Request - wrong Delete tag format - expected 'FeatureId' but '{$tag['tag']}' found");
      if (empty($tag['attributes'])) throw new Exception("Error Processing Delete Request - missing attributes in Delete/Filter/FeatureId[{$idx}]");
      if (empty($tag['attributes']['fid'])) throw new Exception("Error Processing Delete Request - missing @fid attribute in Delete/Filter/FeatureId[{$idx}]");
      $idFeature = $tag['attributes']['fid'];
      if ("{$featureName}." != substr($idFeature, 0, strlen("{$featureName}."))) throw new Exception("Error Processing Delete Request - wrong typeName in Delete/Filter/FeatureId[{$idx}]/@fid");
      $idFeature = substr($idFeature, strlen("{$featureName}."));
      if (!$this->checkPrimaryKeyFormat($idFeature)) throw new Exception("Error Processing Delete Request - wrong primary key format in Delete/Filter/FeatureId[{$idx}]/@fid");
      $action['Filter'][] = $idFeature;
    }
    $action['fields'] = array();
    $action['fields']['the_geom'] = array();
    $action['fields']['the_geom'][] = array('type'=>'complete', 'value'=>'NULL');
    if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " Delete action validate return \$action:";print_r($action);echo "\n";}

    return $action;
  }

  public function validateUpdateXml($action) {// @returns action tags, throws Exceptions
    $DBG = V::get('DBG_XML', 0, $_GET, 'int');
    // split Update tag to Property and Filter
    $fieldsLvl = $action['tags'][0]['level'];
    $totalTags = count($action['tags']);
    $tagsToSplice = array();// args for splice(offset, length to remove, new values)
    for ($i = 0, $cnt = $totalTags, $lastIdxToSplice = 0; $i < $cnt; $i++) {
      $tag = $action['tags'][$i];
      if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " Insert to flat fields loop({$i}) \$lastIdxToSplice({$lastIdxToSplice}) \$tag('{$tag['tag']}', '{$tag['type']}', '{$tag['level']}')"."\n";}
      if ($fieldsLvl == $tag['level'] && 'complete' == $tag['type']) {// field - flat value
      } else if ($fieldsLvl == $tag['level'] && 'open' == $tag['type']) {// field - nested - start
        $lastIdxToSplice = $i;
        $tagsToSplice[$lastIdxToSplice] = $tag;
        $tagsToSplice[$lastIdxToSplice]['action'] = 'Insert -- TODO: L.' . __LINE__;
        $tagsToSplice[$lastIdxToSplice]['tags'] = array();
        $tagsToSplice[$lastIdxToSplice]['tags'][] = $tag;
      } else if (null !== $lastIdxToSplice && $fieldsLvl == $tag['level'] && 'close' == $tag['type']) {// field - nested - end
        $tagsToSplice[$lastIdxToSplice]['tags'][] = $tag;
        $lastIdxToSplice = null;
      } else if (null !== $lastIdxToSplice) {
        $tagsToSplice[$lastIdxToSplice]['tags'][] = $tag;
      } else {
        if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " BUG: Update to flat fields loop({$i}) \$tag('{$tag['tag']}', '{$tag['type']}', '{$tag['level']}')"."\n";}
        throw new Exception("Error Processing Update Request at Update tag for type '{$action['typeName']}'");
      }
    }

    if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . ' TODO: FIX $action:';print_r($action);echo "\n";}
    if (empty($tagsToSplice)) throw new Exception("Error Processing Update Request - missing Property or Filter tags");
    if (!empty($tagsToSplice)) {// Update
      // if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " Insert to flat fields \$tagsToSplice:";print_r($tagsToSplice);echo "\n";}
      $tagsToSplice = array_reverse($tagsToSplice, $preserve_keys = true);
      foreach ($tagsToSplice as $offset => $childTag) {
        $toRemove = count($childTag['tags']);
        array_pop($childTag['tags']);// remove last closing tag
        $tag = array_shift($childTag['tags']);
        $childTag['typeName'] = $action['typeName'];
        $childTag['action'] = 'Update -- TODO L.' . __LINE__;
        array_splice($action['tags'], $offset, $toRemove, array($childTag));
      }
      // if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " Insert to flat fields \$action:";print_r($action);echo "\n";}
    }
    if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " Update action after first split \$action:";print_r($action);echo "\n";}
    if (count($action['tags']) < 2) throw new Exception("Error Processing Update Request - missing Property or Filter tags");
    $filterTag = array_pop($action['tags']);
    $action['Filter'] = $this->validateUpdateFilterTag($filterTag);
    if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " Update action after validate Filter \$action['Filter']:";print_r($action['Filter']);echo "\n";}
    $action['fields'] = $this->validateUpdatePropertyTags($action['tags']);
    if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " Update action after validate Property \$action['fields']:";print_r($action['fields']);echo "\n";}
    foreach ($action['fields'] as $fieldName => $propertyTag) {
      if (!$this->canWriteField($fieldName)) throw new Api_WfsException("Access Denied to Update field '{$fieldName}' in object '{$action['typeName']}'", __LINE__, null, 'MissingFieldPermWrite', 'request');
      $value = $propertyTag['value'];
      $this->validateFieldRestrictions($fieldName, $value);
    }

    return $action;
  }

  public function validateUpdateFilterTag($filterTag) {// @returns Filter tag (feature id), throws Exceptions
    // TODO: allow ogc filter for update multiple rows
    $DBG = V::get('DBG_XML', 0, $_GET, 'int');
    if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " Update validateUpdateFilterTag \$filterTag:";print_r($filterTag);echo "\n";}
    if ('Filter' != $filterTag['tag']) throw new Exception("Error Processing Update Request - missing Filter tag");
    $idFeature = null;
    if (empty($filterTag['tags'])) throw new Exception("Error Processing Update Request - wrong Filter tag format");
    if ('FeatureId' != $filterTag['tags'][0]['tag']) throw new Exception("Error Processing Update Request - wrong Filter tag format");
    if (empty($filterTag['tags'][0]['attributes']['fid'])) throw new Exception("Error Processing Update Request - missing Filter tag @fid");
    $idFeature = $filterTag['tags'][0]['attributes']['fid'];
    $featureName = $this->getName();
    if ("{$featureName}." != substr($idFeature, 0, strlen("{$featureName}."))) throw new Exception("Error Processing Update Request - wrong typeName in Filter/@fid");
    $idFeature = substr($idFeature, strlen("{$featureName}."));
    if (!$this->checkPrimaryKeyFormat($idFeature)) throw new Exception("Error Processing Update Request - wrong primary key format in Filter/@fid");
    return $idFeature;
  }

  public function checkPrimaryKeyFormat($idFeature) {// @returns bool
    return ((string)$idFeature === (string)intval($idFeature));
  }

  public function validateUpdatePropertyTags($tags) {// @returns Property tags (fields), throws Exceptions
    $DBG = V::get('DBG_XML', 0, $_GET, 'int');
    $fields = array();
    if($DBG>3){echo 'C.'.get_class($this).' L.' . __LINE__ . " Update validateUpdatePropertyTags \$fields:";print_r($tags);echo "\n";}
    foreach ($tags as $idx => $tag) {
      if ('Property' != $tag['tag']) throw new Exception("Error Processing Update Request - tag '{$tag['tag']}' is not allowed in Update tag");
      if (count($tag['tags']) < 2) throw new Exception("Error Processing Update Request - wrong format in Update/Property[{$idx}]");
      $tagName = array_shift($tag['tags']);
      if ('Name' != $tagName['tag']) throw new Exception("Error Processing Update Request - missing Name tag in Update/Property[{$idx}]");
      if (empty($tagName['value'])) throw new Exception("Error Processing Update Request - empty field name in Update/Property[{$idx}]");
      if (false !== strpos($tagName['value'], '/')) throw new Exception("Error Processing Update Request - xpath in Update/Property[{$idx}] field name not implemented", 501);
      // TODO: check field name as xpath, eg. File/content
      $fieldName = $tagName['value'];

      $tagValue = array_shift($tag['tags']);
      $fieldType = $this->getXsdFieldType($fieldName);
      if ('Value' != $tagValue['tag']) throw new Exception("Error Processing Update Request - missing Value tag in Update/Property[{$idx}]");
      if ('open' == $tagValue['type']) {
        array_pop($tag['tags']);
        $tagValue['tags'] = $tag['tags'];
        if (empty($tagValue['tags'])) throw new Exception("Error Processing Update Request - wrong Value tag format in Update/Property[{$idx}]");
        if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " F.".__FUNCTION__." validate fields loop({$idx}) loop({$fieldName}) \$fieldType({$fieldType})"."\n";}
        if ('gml:' == substr($fieldType, 0, 4)) {
          $tagValue['value'] = $this->convertGmlTagsToWkt($fieldType, $tagValue['tags']);
        } else {
          // TODO: return $fields[$fieldName][] = array('type'=>'open', 'typeName'=>$fieldType, 'tags'=>...
          throw new Exception("Error Processing Update Request - wrong Value tag format for field '{$fieldName}' (Update/Property[{$idx}])");
        }
      } else if ('complete' == $tagValue['type']) {
        if (!empty($tag['tags'])) throw new Exception("Error Processing Update Request - wrong Value tag format in Update/Property[{$idx}]");
      } else throw new Exception("Error Processing Update Request - missing Value tag in Update/Property[{$idx}]");

      $value = V::get('value', '', $tagValue);
      $fields[$fieldName][] = array('type'=>'complete', 'value'=>$value);
    }
    return $fields;
  }

  public function validateInsertXml($action) {// @returns action tag, throws Exceptions
    $DBG = V::get('DBG_XML', 0, $_GET, 'int');
    // if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " TODO: F.".__FUNCTION__." \$action:";print_r($action);echo "\n";}
    // split Insert tags by first level fields - nested structures like gml (the_geom)
    $fieldsLvl = $action['tags'][0]['level'];
    $totalTags = count($action['tags']);
    $tagsToSplice = array();// args for splice(offset, length to remove, new values)
    for ($i = 0, $cnt = $totalTags, $lastIdxToSplice = 0; $i < $cnt; $i++) {
      $tag = $action['tags'][$i];
      if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " Insert to flat fields loop({$i}) \$lastIdxToSplice({$lastIdxToSplice}) \$tag('{$tag['tag']}', '{$tag['type']}', '{$tag['level']}')"."\n";}
      if ($fieldsLvl == $tag['level'] && 'complete' == $tag['type']) {// field - flat value
      } else if ($fieldsLvl == $tag['level'] && 'open' == $tag['type']) {// field - nested - start
        $lastIdxToSplice = $i;
        $tagsToSplice[$lastIdxToSplice] = $tag;
        $tagsToSplice[$lastIdxToSplice]['action'] = 'Insert';
        $tagsToSplice[$lastIdxToSplice]['tags'] = array();
        $tagsToSplice[$lastIdxToSplice]['tags'][] = $tag;
      } else if (null !== $lastIdxToSplice && $fieldsLvl == $tag['level'] && 'close' == $tag['type']) {// field - nested - end
        $tagsToSplice[$lastIdxToSplice]['tags'][] = $tag;
        $lastIdxToSplice = null;
      } else if (null !== $lastIdxToSplice) {
        $tagsToSplice[$lastIdxToSplice]['tags'][] = $tag;
      } else {
        if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " BUG: Insert to flat fields loop({$i}) \$tag('{$tag['tag']}', '{$tag['type']}', '{$tag['level']}')"."\n";}
        throw new Exception("Error Processing Request at Insert tag for type '{$action['typeName']}'");
      }
    }

    // if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . ' TODO: FIX $action:';print_r($action);echo "\n";}
    if (!empty($tagsToSplice)) {// Insert deep object
      // if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " Insert to flat fields \$tagsToSplice:";print_r($tagsToSplice);echo "\n";}
      $tagsToSplice = array_reverse($tagsToSplice, $preserve_keys = true);
      foreach ($tagsToSplice as $offset => $childTag) {
        $toRemove = count($childTag['tags']);
        array_pop($childTag['tags']);// remove last closing tag
        $tag = array_shift($childTag['tags']);
        $childTag['action'] = 'Insert';
        {// TODO: duplicate code - get prefix for typeName
          $typeName = $tag['tag'];
          if (false === strpos($typeName, ':')) {
            $nsType = V::get('xmlns', '', $tag['attributes']);
            if (!$nsType) throw new Exception("Error Processing Request - Missing object namespace '{$tag['tag']}'");
            $prefix = Api_WfsNs::getNsPrefix($nsType);
            if (!$prefix) {
              if ($typeName == substr(rtrim($nsType, '/'), -1 * strlen($typeName))) {// typeName may be added to ns uri
                $nsBaseForType = substr(rtrim($nsType, '/'), 0, -1 * strlen($typeName) - 1);
                $prefix = Api_WfsNs::getNsPrefix($nsBaseForType);
              }
            }
            if (!$prefix) throw new Exception("Error Processing Request - Unrecognized namespace uri '{$nsType}' for object '{$tag['tag']}'");
            $typeName = "{$prefix}:{$typeName}";
          }
          $childTag['typeName'] = $typeName;
        }
        array_splice($action['tags'], $offset, $toRemove, array($childTag));
        $action['isDeepObject'] = true;
      }
      // if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " Insert to flat fields \$action:";print_r($action);echo "\n";}
    }

    // TODO: validate sequence order from schema - needed?

    // validate fields
    $action['fields'] = array();
    foreach ($action['tags'] as $idx => $tag) {
      $fieldName = $tag['tag'];
      if (false !== strpos($fieldName, ':')) $fieldName = substr($fieldName, strpos($fieldName, ':') + 1);
      if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " F.".__FUNCTION__." validate fields loop({$idx}) \$fieldName:";print_r($fieldName);echo "\n";}
      $field = array();
      $field['tag'] = $tag['tag'];
      $field['type'] = $tag['type'];
      if (!empty($tag['typeName'])) $field['typeName'] = $tag['typeName'];
      if (!empty($tag['action'])) $field['action'] = $tag['action'];
      if (!empty($tag['value']) || '0' === $tag['value'] || 0 === $tag['value']) $field['value'] = $tag['value'];
      if (!empty($tag['tags'])) $field['tags'] = $tag['tags'];
      $action['fields'][$fieldName][] = $field;
    }
    if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " F.".__FUNCTION__." validate fields loop({$idx}) \$action['fields']:";print_r($action['fields']);echo "\n";}
    foreach ($action['fields'] as $fieldName => $childFields) {
      foreach ($childFields as $idx => $field) {
        // TODO: validate minOccurs, maxOccurs
      }
    }
    $fieldPK = $this->getPrimaryKeyField();
    foreach ($action['fields'] as $fieldName => $childFields) {
      if ($fieldName == $fieldPK) continue;
      foreach ($childFields as $idx => $field) {
        if (!$this->canCreateField($fieldName)) throw new Api_WfsException("Access Denied to Create field '{$fieldName}' in object '{$action['typeName']}'", __LINE__, null, 'MissingFieldPermCreate', 'request');
        if ('open' == $field['type']) {
          $fieldType = $this->getXsdFieldType($fieldName);
          if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " F.".__FUNCTION__." validate fields loop({$idx}) loop({$fieldName}) \$fieldType({$fieldType})"."\n";}
          if ('gml:' == substr($fieldType, 0, 4)) {
            $action['fields'][$fieldName][$idx]['value'] = $this->convertGmlTagsToWkt($fieldType, $field['tags']);
            unset($action['fields'][$fieldName][$idx]['tags']);
            unset($action['fields'][$fieldName][$idx]['typeName']);
            unset($action['fields'][$fieldName][$idx]['action']);
            $action['fields'][$fieldName][$idx]['type'] = 'complete';
          } else if ('p5_objects:' == substr($fieldType, 0, 11)) {
            // TODO: read value recursive? (like geom?)
          } else if ('ref:p5_objects:' == substr($fieldType, 0, 15)) {
            // TODO: read value recursive? - validate recursive
          }
        }
        $this->validateFieldRestrictions($fieldName, $value);
      }
    }
    // TODO: validate nillable

    // TODO: validate recursive fields with type 'p5_objects:*' (without 'value')
    foreach ($action['fields'] as $fieldName => $childFields) {
      foreach ($childFields as $idx => $field) {
        if ('open' == $field['type']) {
          $fieldType = $this->getXsdFieldType($fieldName);
          if ('ref:p5_objects:' == substr($fieldType, 0, 15)) {
            if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " F.".__FUNCTION__." TODO: -------> validateInsertXml(\$field) \$field:";print_r($field);echo "\n";}
            $acl = $this->getAclFromTypeName(substr($fieldType, 4));
            $action['fields'][$fieldName][$idx] = $acl->validateInsertXml($field);
          }
        }
      }
    }

    if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " F.".__FUNCTION__." return ============ \$action:";print_r($action);echo "\n";}
    return $action;
  }

  public function validateFieldRestrictions($fieldName, $value) {// @returns null, throws Exceptions
    // TODO: restrictions
  }

  public function checkFieldRestrictions($fieldName, $value) {// @returns array of error msgs
    // TODO: restrictions
  }

  // like Api_WfsGeomTypeConverter::convertGmlCoordinatesToWkt($gmlCoordinates) where $gmlCoordinates is from converted wfs request
  public function convertGmlTagsToWkt($fieldType, $tags) {
    $DBG = V::get('DBG_XML', 0, $_GET, 'int');
    if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " TODO: F.".__FUNCTION__." \$fieldType({$fieldType}) \$tags:";print_r($tags);echo "\n";}

    $cs = ','; $ts = ' '; $value = null; $wktType = null;
    if ('gml:LineStringPropertyType' == $fieldType) {
      // <gml:LineString srsName="EPSG:4326">
      //   <gml:coordinates cs="," ts=" ">18.25240580856418049,54.48879768607960017 18.27014261382555915,54.46219247818753217</gml:coordinates>
      // </gml:LineString>
      if (3 != count($tags)) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:LineString'");
      if ('gml:LineString' !== $tags[0]['tag']) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:LineString'");
      if ('open' !== $tags[0]['type']) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:LineString'");
      if (empty($tags[1]['attributes']['cs'])) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:LineString'");
      if (empty($tags[1]['attributes']['ts'])) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:LineString'");
      if (empty($tags[1]['value'])) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:LineString'");
      $cs = $tags[1]['attributes']['cs'];
      $ts = $tags[1]['attributes']['ts'];
      $value = $tags[1]['value'];
      $wktType = 'LINESTRING';
    } else if ('gml:PointPropertyType' == $fieldType) {
      // <gml:Point srsDimension="1" srsName="http://www.opengis.net/gml/srs/epsg.xml#3857">
      //  <gml:coordinates decimal="." cs="," ts=" ">-33.7291,-56.3353820</gml:coordinates>
      // </gml:Point>
      // TODO: @decimal
      if (3 != count($tags)) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:Point'");
      if ('gml:Point' !== $tags[0]['tag']) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:Point'");
      if ('open' !== $tags[0]['type']) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:Point'");
      if (empty($tags[1]['attributes']['cs'])) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:Point'");
      if (empty($tags[1]['attributes']['ts'])) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:Point'");
      if (empty($tags[1]['value'])) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:Point'");
      $cs = $tags[1]['attributes']['cs'];
      $ts = $tags[1]['attributes']['ts'];
      $value = $tags[1]['value'];
      $wktType = 'POINT';
    } else if ('gml:PolygonPropertyType' == $fieldType) {
      if (7 != count($tags)) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:Polygon'");
      if ('gml:Polygon' !== $tags[0]['tag']) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:Polygon'");
      if ('open' !== $tags[0]['type']) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:Polygon'");
      if ('gml:outerBoundaryIs' !== $tags[1]['tag']) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:Polygon'");
      if ('gml:LinearRing' !== $tags[2]['tag']) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:Polygon'");
      if ('gml:coordinates' !== $tags[3]['tag']) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:Polygon'");
      if (empty($tags[3]['attributes']['cs'])) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:Polygon'");
      if (empty($tags[3]['attributes']['ts'])) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:Polygon'");
      if (empty($tags[3]['value'])) throw new Exception("#L".__LINE__." Error Processing Request - expected type 'gml:Polygon'");
      $cs = $tags[3]['attributes']['cs'];
      $ts = $tags[3]['attributes']['ts'];
      $value = $tags[3]['value'];
      $wktType = 'POLYGON';
    } else {
      throw new Exception("Error Processing Request - type '{$fieldType}' not supported");
    }

    if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " TODO: F.".__FUNCTION__." \$fieldType({$fieldType}) TODO \$value:";print_r($value);echo "\n";}
    return self::convertGmlCoordsToWkt($wktType, $value, ['cs'=>$cs, 'ts'=>$ts]);
  }

  /**
   * @param $wktType: 'POLYGON', 'POINT', 'LINESTRING'
   * @param $params: array(decimal="." cs="," ts="whitespace")
   * decimal - decimal separator (default '.')
   * cs - coordinate values separator (default ',')
   * ts - tuple separator (a single space by default)
   *
   * @example:
   * <gml:coordinates cs="," ts=" ">18.25240580856418049,54.48879768607960017 18.27014261382555915,54.46219247818753217</gml:coordinates>
   * Core_AclBase::convertGmlCoordsToWkt('18.25240580856418049,54.48879768607960017 18.27014261382555915,54.46219247818753217', ['cs'=>',', 'ts'=>' '])
   */
  public static function convertGmlCoordsToWkt($wktType, $coords, $params = array()) {
    $cs = V::get('cs', ',', $params);
    $decimal = V::get('decimal', '.', $params);
    $ts = V::get('ts', ' ', $params);

    $gmlNumber = '(\-?\d+\\' . $decimal . '?\d*)';
    $gmlPoint = '(' . $gmlNumber . $cs . $gmlNumber . ')';
    $gmlPoints = $gmlPoint . '(' . $ts . $gmlPoint . ')+';
    switch ($wktType) {
      case 'POINT': $regex = '/^' . "{$gmlPoint}" . '$/'; break;
      case 'LINESTRING': $regex = '/^' . "{$gmlPoints}" . '$/'; break;
      case 'POLYGON': $regex = '/^' . "{$gmlPoints}" . '$/'; break;
      default: throw new Exception("Unsupported geometry type '{$wktType}'");
    }
    if (!preg_match($regex, $coords, $matches)) {
      throw new Exception("Wrong coordinates format for type '{$wktType}'");
    }

    $wkt = $coords;
    $wkt = str_replace(array($cs, $ts), array('#cs#', '#ts#'), $wkt);
    $wkt = str_replace(array('#cs#', '#ts#'), array(' ', ','), $wkt);
    if ('POLYGON' == $wktType) $wkt = "({$wkt})";// POINT(1 1), LINESTRING(0 0,1 1,2 2), POLYGON((0 0,10 0,10 10,0 10,0 0))
    return "{$wktType}({$wkt})";
  }

  public function getAclFromTypeName($typeName) {// TODO: mv to another class, duplicate from Api_WfsServerBase::getAclFromTypeName($typeName)
		$typeEx = explode(':', $typeName);
		if (2 != count($typeEx)) throw new Exception("Could not get acl for '{$typeName}' - syntax error");
		if ('p5_' != substr($typeEx[0], 0, 3)) throw new Exception("Could not get acl for '{$typeName}' - prefix error");
		$sourceName = substr($typeEx[0], 3);
		$objName = $typeEx[1];
		$acl = User::getAcl()->getObjectAcl($sourceName, $objName);
		if (!$acl) throw new Exception("Could not get acl for '{$typeName}'");
		$forceTblAclInit = 0;//('1' == V::get('_force', '', $_GET));
		$acl->init($forceTblAclInit);
		return $acl;
	}

  public function insertXml($action) {// @param $action = [ 'typeName' => '*:*', 'fields'=>[ `name`=>[`fld`, `fld`, ...], ... ] ]
    $DBG = V::get('DBG_XML', 0, $_GET, 'int');
    if (empty($action['typeName'])) throw new Exception("Error Processing Request - missing typeName", 500);
    if (empty($action['fields'])) throw new Exception("Error Processing Request - missing fields for type '{$action['typeName']}'", 500);
    {// Insert with primaryKey -> Update
      $fieldPK = $this->getPrimaryKeyField();
      if (array_key_exists($fieldPK, $action['fields'])) {
        $pk = $action['fields'][$fieldPK][0]['value'];
        $action['Filter'] = $pk;
        $affected = $this->updateXml($action);
        return ($affected >= 0) ? $pk : -1;
      }
    }
    $sqlInsert = array();
    $sqlChildInsert = array();
    foreach ($action['fields'] as $fieldName => $childFields) {
      foreach ($childFields as $idx => $field) {
        if ('complete' == $field['type']) {
          $sqlInsert[$fieldName][$idx] = $field['value'];
        } else if ('open' == $field['type']) {
          $childAcl = $this->getAclFromTypeName($field['typeName']);// TODO: or $fieldType = $this->getXsdFieldType($fieldName);// TODO: ref:p5_objects:File
          $sqlChildInsert[$fieldName][$idx] = $childAcl->insertXml($field);
        } else throw new Exception("Error Processing Request - BUG Unrecognized type '{$field['type']}'", 500);
      }
    }
    if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " F.".__FUNCTION__." \$sqlInsert:";print_r($sqlInsert);echo "\n";}
    if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " F.".__FUNCTION__." \$sqlChildInsert:";print_r($sqlChildInsert);echo "\n";}

    $sqlObj = array();
    foreach ($sqlInsert as $fieldName => $childFields) {
      $value = $childFields[0];
      // foreach ($childFields as $idx => $value) // TODO: check maxOcures
      if ($this->isGeomField($fieldName)) $value = "GeomFromText('{$value}')";
      $sqlObj["{$fieldName}"] = $value;
    }
    if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " F.".__FUNCTION__." addItem(\$sqlObj) \$sqlObj:";print_r($sqlObj);echo "\n";}
    $insertedId = $this->addItem($sqlObj);

    foreach ($sqlChildInsert as $fieldName => $childFields) {
      foreach ($childFields as $idx => $childInsertedId) {
        $childAcl = $this->getAclFromTypeName($action['fields'][$fieldName][$idx]['typeName']);// TODO: or $fieldType = $this->getXsdFieldType($fieldName);// TODO: ref:p5_objects:File
        // $this->_insertRef($this->getRootTableName(), $childAcl->getRootTableName(), $insertedId, $childInsertedId);
        $this->_insertRef($fieldName, $insertedId, $childInsertedId);
      }
    }

    return $insertedId;
  }

  public function _insertRef($childName, $pk, $childPk) {// TODO: $idTransaction
    $refTable = $this->createRefTable($childName);
    $sqlPk = DB::getPDO()->quote($pk, PDO::PARAM_STR);
    $sqlChildPk = DB::getPDO()->quote($childPk, PDO::PARAM_STR);
    DB::getPDO()->exec("
      insert into `{$refTable}` (`PRIMARY_KEY`, `REMOTE_PRIMARY_KEY`)
      values ({$sqlPk}, {$sqlChildPk})
    ");
  }

  public function createRefTable($childName) {// TODO: $idTransaction
    static $cacheRefTables = array();
    $objectName = $this->getName();
    $refTable = "{$objectName}__#REF__{$childName}";
    if (in_array($refTable, $cacheRefTables)) return $refTable;
    DB::getPDO()->exec("
      CREATE TABLE IF NOT EXISTS `{$refTable}` (
        `PRIMARY_KEY` int(11) NOT NULL,
        `REMOTE_PRIMARY_KEY` int(11) NOT NULL,
        -- TODO `TRANACTION_ID` int(11) NOT NULL
        KEY `PRIMARY_KEY` (`PRIMARY_KEY`),
        KEY `REMOTE_PRIMARY_KEY` (`REMOTE_PRIMARY_KEY`)
      ) ENGINE=MyISAM DEFAULT CHARSET=latin2;
    ");
    $cacheRefTables[] = $refTable;
    return $refTable;
  }

  public function updateXml($action) {// @param $action = [ 'typeName' => '*:*', 'Filter'=>int, 'fields'=>[ `name`=>[`fld`, `fld`, ...], ... ] ]
    $DBG = V::get('DBG_XML', 0, $_GET, 'int');
    if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " updateXml action \$action:";print_r($action);echo "\n";}
    if (empty($action['typeName'])) throw new Exception("Error Processing Request - missing typeName", 500);
    if (empty($action['Filter'])) throw new Exception("Error Processing Request - missing Filter for type '{$action['typeName']}'", 500);
    if (!$this->checkPrimaryKeyFormat($action['Filter'])) throw new Exception("Error Processing Request - wrong Filter format for type '{$action['typeName']}'", 501);
    if (empty($action['fields'])) throw new Exception("Error Processing Request - missing Property for type '{$action['typeName']}'", 500);
    // TODO: check acl user to update record ID = $action['Filter']
    $itemPatch = array();
    foreach ($action['fields'] as $fieldName => $childFields) {
      foreach ($childFields as $idx => $field) {
        if ('complete' != $field['type']) continue;// skip child nodes, REF
        $value = $field['value'];
        if ($this->isGeomField($fieldName)) $value = "GeomFromText('{$value}')";
        $itemPatch[$fieldName] = $value;
      }
    }
    $itemPatch[$this->getPrimaryKeyField()] = $action['Filter'];
    if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " updateXml action \$itemPatch:";print_r($itemPatch);echo "\n";}
    $affected = $this->updateItem($itemPatch);
    // TODO: update/insert child nodes, REF
    return $affected;
  }

  public function deleteXml($action) {// @param $action = [ 'typeName' => '*:*', 'Filter'=>[int, ...], 'fields'=>[ `name`=>[`fld`, `fld`, ...], ... ] ]
    $DBG = V::get('DBG_XML', 0, $_GET, 'int');
    if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " updateXml action \$action:";print_r($action);echo "\n";}
    if (empty($action['typeName'])) throw new Exception("Error Processing Request - missing typeName", 500);
    if (!is_array($action['Filter']) || empty($action['Filter'])) throw new Exception("Error Processing Request - missing Filter for type '{$action['typeName']}'", 500);
    foreach ($action['Filter'] as $fid) {
      if (!$this->checkPrimaryKeyFormat($fid)) throw new Exception("Error Processing Request - wrong Filter format for type '{$action['typeName']}'", 501);
    }
    if (empty($action['fields'])) throw new Exception("Error Processing Request - missing Property for type '{$action['typeName']}'", 500);
    // TODO: check acl user to update record ID = $action['Filter']
    $itemPatch = array();
    foreach ($action['fields'] as $fieldName => $childFields) {
      foreach ($childFields as $idx => $field) {
        if ('complete' != $field['type']) continue;// skip child nodes, REF
        $value = $field['value'];
        if ($this->isGeomField($fieldName)) $value = "GeomFromText('{$value}')";
        $itemPatch[$fieldName] = $value;
      }
    }
    $fieldPK = $this->getPrimaryKeyField();
    $deleted = 0;
    foreach ($action['Filter'] as $fid) {
      $itemPatch[$fieldPK] = $fid;
      if($DBG){echo 'C.'.get_class($this).' L.' . __LINE__ . " updateXml action \$itemPatch:";print_r($itemPatch);echo "\n";}
      $affected = $this->updateItem($itemPatch);
      if ($affected >= 0) $deleted += 1;
    }
    // TODO: update/insert child nodes, REF
    return $deleted;
  }

  public static function getAclByNamespace($namespace, $forceTblAclInit) {
		$userAcl = User::getAcl();
		$userAcl->fetchGroups();
		if ('http' != substr($namespace, 0, 4)) $namespace = Api_WfsNs::getBaseWfsUri() . '/' . $namespace;//Request::getHostUri() . '/' . $namespace;

		$baseNsUri = Api_WfsNs::getBaseWfsUri();
		if ("{$baseNsUri}/" == substr($namespace, 0, strlen($baseNsUri) + 1)) {
			$schemaNs = substr($namespace, strlen($baseNsUri) + 1);
			$ns = explode('/', $schemaNs);// "http://biuro.biall-net.pl/wfs/  default_db/{$nazwa_tabeli}/{$nazwa_obj}
			$sourceName = array_shift($ns);// remove first element - source name
			if ('default_db' == $sourceName || 'p5_default_db' == $sourceName) {
				$sourceName = 'default_db';
				$objName = $ns[0];
				if (1 == count($ns)) {
					$acl = $userAcl->getObjectAcl($sourceName, $objName);
					if (!$acl) throw new Exception("Could not get acl for '{$schemaNs}'");
					$acl->init($forceTblAclInit);
					return $acl;
				}
				else throw new Exception("Nieznany namespace default_db: '{$schemaNs}'", 501);
			}
			else if ('default_objects' == $sourceName || 'SystemObjects' == $sourceName || 'p5_objects' == $sourceName) {
				$sourceName = 'objects';
				$objName = $ns[0];
				if (1 == count($ns)) {
					$acl = $userAcl->getObjectAcl($sourceName, $objName);
					if (!$acl) throw new Exception("Could not get acl for '{$schemaNs}'");
					$acl->init($forceTblAclInit);
					return $acl;
				}
				else throw new Exception("Nieznany namespace SystemObjects: '{$schemaNs}'", 501);
			}
			else if ('zasob_' == substr($sourceName, 0, 6)) {
				$dbName = substr($sourceName, 6);
				throw new Exception("TODO db[{$dbName}] namespace '{$schemaNs}'", 501);
			}
			else throw new Exception("Nieznany namespace '{$schemaNs}'", 501);
		}
		else throw new HttpException("Zasoby zewnętrzenj systemu nie są jeszcze zaimplementowane", 501);

		throw new HttpException("TODO L.".__LINE__." ns({$namespace})", 501);
	}

}