protected function processForm()
{
foreach ($this->request->acl as $key => $value) {
// If key has an underscore, then we are creating a new permission
if (1 == preg_match('/([\\w]+)_(.*)/', $key, $matches)) {
list($action, $uri) = array_slice($matches, 1, 2);
$params = $this->context->routing->parse(Qubit::pathInfo($uri));
$resource = $params['_sf_route']->resource;
if (QubitAcl::INHERIT != $value && isset(QubitAcl::$ACTIONS[$action])) {
$aclPermission = new QubitAclPermission();
$aclPermission->action = $action;
$aclPermission->grantDeny = QubitAcl::GRANT == $value ? 1 : 0;
switch ($resource->className) {
case 'QubitTaxonomy':
// Taxonomy specific rules
$aclPermission->objectId = QubitTerm::ROOT_ID;
$aclPermission->setTaxonomy($resource);
break;
default:
$aclPermission->objectId = $resource->id;
}
$this->resource->aclPermissions[] = $aclPermission;
}
} else {
if (null !== ($aclPermission = QubitAclPermission::getById($key))) {
if ($value == QubitAcl::INHERIT) {
$aclPermission->delete();
} else {
$aclPermission->grantDeny = QubitAcl::GRANT == $value ? 1 : 0;
$this->resource->aclPermissions[] = $aclPermission;
}
}
}
}
}
public function execute($request)
{
parent::execute($request);
$this->permissions = array();
if (null != $this->resource->id) {
// Get term permissions for this group
$criteria = new Criteria();
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$criteria->add(QubitAclPermission::GROUP_ID, $this->resource->id);
$c1 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c2 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitTerm');
$c1->addOr($c2);
$criteria->add($c1);
$criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS);
$criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID);
if (0 < count($permissions = QubitAclPermission::get($criteria))) {
$this->permissions = $permissions;
}
}
// List of actions without create or translate
$this->basicActions = QubitAcl::$ACTIONS;
unset($this->basicActions['read']);
unset($this->basicActions['translate']);
if ($request->isMethod('post')) {
$this->form->bind($request->getPostParameters());
if ($this->form->isValid()) {
$this->processForm();
$this->redirect(array($this->resource, 'module' => 'aclGroup', 'action' => 'indexTermAcl'));
}
}
}
public function execute($request)
{
parent::execute($request);
// Always include root actor permissions
$this->actors = array(QubitActor::ROOT_ID => null);
// Get actor permissions for this resource
$criteria = new Criteria();
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$criteria->add(QubitAclPermission::GROUP_ID, $this->resource->id);
$c1 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c2 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitActor');
$c1->addOr($c2);
$criteria->add($c1);
if (null !== ($permissions = QubitAclPermission::get($criteria))) {
foreach ($permissions as $p) {
$this->actors[$p->objectId][$p->action] = $p;
}
}
// List of actions without translate
$this->basicActions = QubitAcl::$ACTIONS;
unset($this->basicActions['translate']);
if ($request->isMethod('post')) {
$this->form->bind($request->getPostParameters());
if ($this->form->isValid()) {
$this->processForm();
$this->redirect(array($this->resource, 'module' => 'aclGroup', 'action' => 'indexActorAcl'));
}
}
}
public function execute($request)
{
$this->resource = $this->getRoute()->resource;
// Except for administrators, only allow users to see their own profile
if (!$this->context->user->hasCredential('administrator')) {
if ($this->resource->id != $this->context->user->getAttribute('user_id')) {
$this->redirect('admin/secure');
}
}
// Get user's groups
$this->userGroups = array();
if (0 < count($aclUserGroups = $this->resource->aclUserGroups)) {
foreach ($aclUserGroups as $aclUserGroup) {
$this->userGroups[] = $aclUserGroup->groupId;
}
} else {
// User is *always* part of authenticated group
$this->userGroups = array(QubitAclGroup::AUTHENTICATED_ID);
}
// Table width
$this->tableCols = count($this->userGroups) + 3;
// Get access control permissions
$criteria = new Criteria();
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$c1 = $criteria->getNewCriterion(QubitAclPermission::USER_ID, $this->resource->id);
// Add group criteria
if (1 == count($this->userGroups)) {
$c2 = $criteria->getNewCriterion(QubitAclPermission::GROUP_ID, $this->userGroups[0]);
} else {
$c2 = $criteria->getNewCriterion(QubitAclPermission::GROUP_ID, $this->userGroups, Criteria::IN);
}
$c1->addOr($c2);
// Add info object criteria
$c3 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitInformationObject');
$c4 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c3->addOr($c4);
$c1->addAnd($c3);
$criteria->add($c1);
// Sort
$criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS);
$criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID);
$criteria->addAscendingOrderByColumn(QubitAclPermission::USER_ID);
$criteria->addAscendingOrderByColumn(QubitAclPermission::GROUP_ID);
// Add user as final "group"
$this->userGroups[] = $this->resource->username;
// Build ACL
$this->acl = array();
if (0 < count($permissions = QubitAclPermission::get($criteria))) {
foreach ($permissions as $item) {
// In this context permissions for all objects (null) and root actor
// object are equivalent
$objectId = QubitInformationObject::ROOT_ID != $item->objectId ? $item->objectId : null;
// Use username as "group" for permissions specific to user
$groupKey = null !== $item->groupId ? $item->groupId : $this->resource->username;
$this->acl[$item->getConstants(array('name' => 'repositoryId'))][$objectId][$item->action][$groupKey] = $item;
}
}
}
public function execute($request)
{
$this->group = QubitAclGroup::getById($this->request->id);
$this->forward404Unless($this->group);
$this->groups = array();
foreach ($this->group->ancestors->andSelf()->orderBy('lft') as $group) {
if (QubitAclGroup::ROOT_ID < $group->id) {
$this->groups[] = $group->id;
}
}
// Table width
$this->tableCols = count($this->groups) + 3;
// Get access control permissions
$criteria = new Criteria();
if (1 == count($this->groups)) {
$criteria->add(QubitAclPermission::GROUP_ID, $this->groups[0]);
} else {
$criteria->add(QubitAclPermission::GROUP_ID, $this->groups, Criteria::IN);
}
// Add term criteria
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$c1 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitTerm');
$c2 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c3 = $criteria->getNewCriterion(QubitAclPermission::ACTION, 'createTerm');
$c1->addOr($c2);
$c1->addOr($c3);
$criteria->add($c1);
// Sort
$criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS);
$criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID);
$criteria->addAscendingOrderByColumn(QubitAclPermission::GROUP_ID);
// Build ACL
$this->acl = array();
if (0 < count($permissions = QubitAclPermission::get($criteria))) {
foreach ($permissions as $permission) {
if ('createTerm' != $permission->action) {
$taxonomyId = $permission->getConstants(array('name' => 'taxonomyId'));
$action = $permission->action;
} else {
// In this context permissions for all objects (null) and root object
// are equivalent
$taxonomyId = QubitTaxonomy::ROOT_ID != $permission->objectId ? $permission->objectId : null;
$action = 'create';
}
$this->acl[$taxonomyId][$action][$permission->groupId] = $permission;
}
}
}
public function execute($request)
{
parent::execute($request);
// Build separate list of permissions by repository and by object
$this->repositories = array();
$this->informationObjects = array();
$this->root = array();
if (null != $this->resource->id) {
// Get info object permissions for this resource
$criteria = new Criteria();
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$criteria->add(QubitAclPermission::GROUP_ID, $this->resource->id);
$c1 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c2 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitInformationObject');
$c1->addOr($c2);
$criteria->add($c1);
$criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS);
$criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID);
if (0 < count($permissions = QubitAclPermission::get($criteria))) {
foreach ($permissions as $p) {
if (null != ($repoId = $p->getConstants(array('name' => 'repositoryId')))) {
$this->repositories[$repoId][$p->action] = $p;
} else {
if (null != $p->objectId && QubitInformationObject::ROOT_ID != $p->objectId) {
$this->informationObjects[$p->objectId][$p->action] = $p;
} else {
$this->root[$p->action] = $p;
}
}
}
}
}
// List of actions without translate
$this->basicActions = QubitInformationObjectAcl::$ACTIONS;
unset($this->basicActions['translate']);
if ($request->isMethod('post')) {
$this->form->bind($request->getPostParameters());
if ($this->form->isValid()) {
$this->processForm();
$this->redirect(array($this->resource, 'module' => 'aclGroup', 'action' => 'indexInformationObjectAcl'));
}
}
}
public function execute($request)
{
$this->group = QubitAclGroup::getById($request->id);
if (!isset($this->group)) {
$this->forward404();
}
$criteria = new Criteria();
$criteria->add(QubitAclPermission::GROUP_ID, $this->group->id);
$criteria->add(QubitAclPermission::ACTION, 'translate');
$criteria->add(QubitAclPermission::GRANT_DENY, 1);
$this->translate = 'No';
if (null !== QubitAclPermission::getOne($criteria)) {
$this->translate = 'Yes';
}
// Require administrator credentials
if (!QubitAcl::check($this->group, 'read')) {
$this->redirect('admin/secure');
}
}
public function execute($request)
{
$this->group = QubitAclGroup::getById($request->id);
$this->forward404Unless($this->group);
// Check authorization
if (!QubitAcl::check($this->group, 'read')) {
$this->redirect('admin/secure');
}
// Add roles
$this->roles = array();
foreach ($this->group->ancestors->andSelf()->orderBy('lft') as $group) {
// Omit ROOT group
if (1 < $group->id) {
$this->roles[] = $group->id;
}
}
// Table width
$this->tableCols = count($this->roles) + 3;
// Get permissions for this group and parents
$criteria = new Criteria();
$criteria->add(QubitAclPermission::GROUP_ID, $this->roles, Criteria::IN);
// Add actor criteria
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$c1 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitActor');
$c2 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c1->addOr($c2);
$criteria->add($c1);
// Build ACL
$this->acl = array();
if (0 < count($permissions = QubitAclPermission::get($criteria))) {
foreach ($permissions as $permission) {
// In this context permissions for all objects (null) and root actor
// object are equivalent
$objectId = QubitActor::ROOT_ID != $permission->objectId ? $permission->objectId : null;
$this->acl[$objectId][$permission->action][$permission->groupId] = $permission;
}
}
}
/**
* Get a list of user permissions by action and class of resource
*
* @param myUser $user - user session
* @param string $action - requested ACL action
* @param string $class - resource class
*
* @return QubitQuery list of QubitAclPermissions
*/
public static function getUserPermissionsByAction($user, $class, $action)
{
// Get user's groups
if ($user->isAuthenticated()) {
foreach ($user->listGroups() as $group) {
$userGroupIds[] = $group->id;
}
} else {
$userGroupIds = array(QubitAclGroup::ANONYMOUS_ID);
}
// Find relevant rules
$criteria = new Criteria();
$c1 = $criteria->getNewCriterion(QubitAclPermission::ACTION, $action);
$c2 = $criteria->getNewCriterion(QubitAclPermission::ACTION, null, Criteria::ISNULL);
$c1->addOr($c2);
// Find by group/user
$c3 = $criteria->getNewCriterion(QubitAclPermission::GROUP_ID, $userGroupIds, Criteria::IN);
if ($user->isAuthenticated()) {
$c4 = $criteria->getNewCriterion(QubitAclPermission::USER_ID, $user->getUserID());
$c3->addOr($c4);
}
$c1->addAnd($c3);
// Find by object type
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$c4 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c5 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, $class);
$c4->addOr($c5);
// Final conjunction
$c1->addAnd($c4);
$criteria->add($c1);
return QubitAclPermission::get($criteria);
}
public static function getaclPermissionsById($id, array $options = array())
{
$criteria = new Criteria();
self::addaclPermissionsCriteriaById($criteria, $id);
return QubitAclPermission::get($criteria, $options);
}
protected function processField($field)
{
switch ($name = $field->getName()) {
case 'password':
if (0 < strlen(trim($this->form->getValue('password')))) {
$this->resource->setPassword($this->form->getValue('password'));
}
break;
case 'confirmPassword':
// Don't do anything for confirmPassword
break;
case 'groups':
$newGroupIds = $formGroupIds = array();
if (null != ($groups = $this->form->getValue('groups'))) {
foreach ($groups as $item) {
$newGroupIds[$item] = $formGroupIds[$item] = $item;
}
} else {
$newGroupIds = $formGroupIds = array();
}
// Don't re-add existing groups + delete exiting groups that are no longer
// in groups list
foreach ($this->resource->aclUserGroups as $item) {
if (in_array($item->groupId, $formGroupIds)) {
unset($newGroupIds[$item->groupId]);
} else {
$item->delete();
}
}
foreach ($newGroupIds as $item) {
$userGroup = new QubitAclUserGroup();
$userGroup->groupId = $item;
$this->resource->aclUserGroups[] = $userGroup;
}
break;
case 'translate':
$languages = $this->form->getValue('translate');
$criteria = new Criteria();
$criteria->add(QubitAclPermission::USER_ID, $this->resource->id);
$criteria->addAnd(QubitAclPermission::USER_ID, null, Criteria::ISNOTNULL);
$criteria->add(QubitAclPermission::ACTION, 'translate');
if (null === ($permission = QubitAclPermission::getOne($criteria))) {
$permission = new QubitAclPermission();
$permission->userId = $this->resource->id;
$permission->action = 'translate';
$permission->grantDeny = 1;
$permission->conditional = 'in_array(%p[language], %k[languages])';
} else {
if (!is_array($languages)) {
// If $languages is not an array, then remove the translate permission
$permission->delete();
}
}
if (is_array($languages)) {
$permission->setConstants(array('languages' => $languages));
$permission->save();
}
break;
default:
$this->resource[$name] = $this->form->getValue($name);
}
}
/**
* Process form fields
*
* @param $field mixed symfony form widget
* @return void
*/
protected function processField($field)
{
switch ($name = $field->getName()) {
case 'translate':
$criteria = new Criteria();
$criteria->add(QubitAclPermission::GROUP_ID, $this->group->id);
$criteria->add(QubitAclPermission::ACTION, 'translate');
$translatePermission = QubitAclPermission::getOne($criteria);
if (1 == $this->form->getValue($name)) {
if (null === $translatePermission) {
$translatePermission = new QubitAclPermission();
$translatePermission->action = 'translate';
$translatePermission->grantDeny = 1;
} else {
$translatePermission->grantDeny = 1;
}
$this->group->aclPermissions[] = $translatePermission;
} else {
if (null !== $translatePermission) {
$translatePermission->delete();
}
}
break;
default:
$this->group[$name] = $this->form->getValue($name);
}
}
