public function indexAction()
{
$this->_addHeadTitle("Permissions");
$this->view->permissions = AclPermission::findAll();
$this->view->resources = AclResource::findAll();
$this->view->roles = AclRole::findAll();
}
public function __construct($auserid = "")
{
// do not proceed if no user is defined
if (isEmptyString($auserid)) {
return;
}
$conn = Doctrine_Manager::connection();
// initialize the array of available groups
$this->availableGroups = array();
// the available actions
// get the groups from the database for the specified user
$groups = $conn->fetchAll("SELECT groupid FROM aclusergroup WHERE userid = '" . $auserid . "'");
// get the resources from the database
$resources = $conn->fetchAll("SELECT id FROM aclresource");
// get the permissions for the specified user
// TODO: HM - Remove the need for the c_aclpermission view
$permissions = $conn->fetchAll("SELECT `p`.`groupid` AS `groupid`, LOWER(`re`.`name`) AS `resource`, `p`.`create` AS `create`, `p`.`edit` AS `edit`, `p`.`export` AS `export`,`p`.`approve` AS `approve`, `p`.`view` AS `view`, `p`.`delete` AS `delete`, `p`.`list` AS `list`, p.flag as `flag` FROM ((`aclpermission` `p` JOIN `aclresource` `re`) LEFT JOIN `aclusergroup` `ur` ON ((`p`.`groupid` = `ur`.`groupid`))) WHERE ((`p`.`resourceid` = `re`.`id`) AND ur.userid = '" . $auserid . "')");
// add the groups to the ACL
foreach ($groups as $value) {
$group = new AclGroup();
// load the details of the user group
$group->populate($value['groupid']);
$this->addRole($group);
// add the group to the array of available groups
$this->availableGroups[] = $group;
}
// add the resources to the ACL, the name of the resource and its parent are what are used as identifiers for the resource in the ACL
foreach ($resources as $value) {
$ares = new AclResource();
$ares->populate($value['id']);
$this->add($ares);
}
// process the permissions for all the actions
$allactions = self::getActions();
// add the permissions to the ACL
foreach ($permissions as $value) {
foreach ($allactions as $theaction) {
if ($value[$theaction] == '1') {
// the name of the resource is used as a key while the id of the group is used as a key
$this->allow($value['groupid'], $value['resource'], $theaction);
}
}
}
}
/**
* Automatically setup roles, resources and setup permissions by
* given user
* @param User $user
*/
public function __construct($user)
{
if (!$user) {
throw new Exception("There is a error on Roles and permissions");
}
$this->user = $user;
$this->isAdmin = $user['AclRole']['name'] == "administrator" ? true : false;
$this->_addRoles(AclRole::findAll());
$this->_addResources(AclResource::findAll());
$this->_addPermissions();
}
public function editroleAction()
{
$id = $this->_request->getParam("id");
$data = AclRole::findById($id);
$roleResources = App_Utils::toList($data['AclPermission']['AclResource'], "id", "description");
$form = new Form_AclRoleEdit();
$form->description->setValue($data['description']);
$form->resources->setMultiOptions($roleResources);
$form->resources_available->setMultiOptions(App_Utils::toList(AclResource::findAll(array('exclude' => array_keys($roleResources))), 'id', 'description'));
$form->name->setValue($data['name']);
$form->aclrole_id->setValue($id);
$form->populate($data);
$options = array('title' => "Edit role", 'url' => "/acl/edit_role/format/json/subaction/submit", 'button' => "Edit", 'success' => array("button" => array("title" => "Close", "action" => "close"), "redirect" => "/acl/index", "message" => "Role {$form->name->getValue} modified correctly"), 'model' => array("class" => "AclRole", "method" => "edit"));
$this->ajaxFormProcessor($form, $options);
}
/**
* Refresh user permissions
* @param array $user
*/
public function updatePermissions($user = null)
{
// remove all resources
$this->removeAll();
// set a new user if necessary
if (!empty($user)) {
$this->user = $user;
}
$this->_addResources(AclResource::findAll());
$this->_addPermissions();
}
/**
* Add a resource
*
* @param AclResource $resource
* @return Acl
*/
public function addResource(AclResource $resource)
{
$this->resources[$resource->getName()] = $resource;
return $this;
}