public function loadDefaultRoles() { /** * Only add the nologin role, as the others should come from the database when it is initialized */ $this->_acl->addRole(new \Zend_Acl_Role('nologin')); }
/** * Action to show all privileges */ public function privilegeAction() { $privileges = array(); foreach ($this->acl->getPrivilegeRoles() as $privilege => $roles) { $privileges[$privilege][$this->_('Privilege')] = $privilege; $privileges[$privilege][$this->_('Allowed')] = $roles[\Zend_Acl::TYPE_ALLOW] ? implode(', ', $roles[\Zend_Acl::TYPE_ALLOW]) : null; $privileges[$privilege][$this->_('Denied')] = $roles[\Zend_Acl::TYPE_DENY] ? implode(', ', $roles[\Zend_Acl::TYPE_DENY]) : null; } // Add unassigned rights to the array too $all_existing = $this->getUsedPrivileges(); $unassigned = array_diff_key($all_existing, $privileges); $nonexistent = array_diff_key($privileges, $all_existing); unset($nonexistent['pr.nologin']); unset($nonexistent['pr.islogin']); ksort($nonexistent); foreach ($unassigned as $privilege => $description) { $privileges[$privilege] = array($this->_('Privilege') => $privilege, $this->_('Allowed') => null, $this->_('Denied') => null); } ksort($privileges); $this->html->h2($this->_('Project privileges')); $this->_showTable($this->_('Privileges'), $privileges, true); // Nonexistent rights are probably left-overs from old installations, this should be cleaned if (!empty($nonexistent)) { $this->_showTable($this->_('Assigned but nonexistent privileges'), $nonexistent, true); } // $this->acl->echoRules(); }
/** * Action to show all privileges */ public function privilegeAction() { $privileges = array(); foreach ($this->acl->getPrivilegeRoles() as $privilege => $roles) { $privileges[$privilege][$this->_('Privilege')] = $privilege; $privileges[$privilege][$this->_('Allowed')] = $roles[\Zend_Acl::TYPE_ALLOW] ? implode(', ', $roles[\Zend_Acl::TYPE_ALLOW]) : null; $privileges[$privilege][$this->_('Denied')] = $roles[\Zend_Acl::TYPE_DENY] ? implode(', ', $roles[\Zend_Acl::TYPE_DENY]) : null; } ksort($privileges); $this->html->h2($this->_('Project privileges')); $this->_showTable($this->_('Privileges'), $privileges, true); // $this->acl->echoRules(); }
/** * Get the privileges for thess parents * * @param array $parents * @return array privilege => setting */ protected function getInheritedPrivileges(array $parents) { if (!$parents) { return array(); } $rolePrivileges = $this->acl->getRolePrivileges(); $inherited = array(); foreach ($parents as $parent) { if (isset($rolePrivileges[$parent])) { $inherited = $inherited + array_flip($rolePrivileges[$parent][\Zend_Acl::TYPE_ALLOW]); $inherited = $inherited + array_flip($rolePrivileges[$parent][\MUtil_Acl::INHERITED][\Zend_Acl::TYPE_ALLOW]); } } // Sneaks in: unset($inherited[""]); return $inherited; }
/** * Returns true if the role of the current user has the given privilege * * @param string $privilege * @return bool */ public function hasPrivilege($privilege) { return !$this->acl || $this->acl->isAllowed($this->getRole(), null, $privilege); }
/** * Set the visibility of the menu item and any sub items in accordance * with the specified user role. * * @param \Zend_Acl $acl * @param string $userRole * @return \Gems_Menu_MenuAbstract (continuation pattern) */ protected function applyAcl(\MUtil_Acl $acl, $userRole) { if ($this->_subItems) { foreach ($this->_subItems as $item) { $allowed = $item->get('allowed', true); if ($allowed && ($privilege = $item->get('privilege'))) { $allowed = $acl->isAllowed($userRole, null, $privilege); } if ($allowed) { $item->applyAcl($acl, $userRole); } else { // As an item can be invisible but allowed, // but not disallowed but visible we need to // set both. $item->set('allowed', false); $item->set('visible', false); $item->setForChildren('allowed', false); $item->setForChildren('visible', false); } } } return $this; }