/**
* Get acl for role
*
* @param Zend_Acl_Role_Interface $role
* @return Zend_Acl
*/
public function getAcl(Zend_Acl_Role_Interface $role)
{
if (isset($this->cache[$role->getRoleId()])) {
return $this->cache[$role->getRoleId()];
}
$acl = new Zend_Acl();
// set resources
$resources = $this->getResources();
foreach (array_keys($resources) as $resource) {
$acl->addResource($resource);
}
// get role parents if possible
$method = self::PARENTS_METHOD;
$parents = NULL;
if (method_exists($role, $method)) {
foreach ($role->{$method}() as $parent) {
$parents[] = $parent;
$acl->addRole($parent);
$this->addRules($acl, $parent);
}
}
// set role
$acl->addRole($role, $parents);
$this->addRules($acl, $role);
return $this->cache[$role->getRoleId()] = $acl;
}
/**
* Add parent to the $role node
*
* @param \Zend_Acl_Role_Interface|string $role
* @param array|\Zend_Acl_Role_Interface|string $parents
* @return $this
* @throws \Zend_Acl_Role_Registry_Exception
*/
public function addParent($role, $parents)
{
try {
if ($role instanceof \Zend_Acl_Role_Interface) {
$roleId = $role->getRoleId();
} else {
$roleId = $role;
$role = $this->get($role);
}
} catch (\Zend_Acl_Role_Registry_Exception $e) {
throw new \Zend_Acl_Role_Registry_Exception("Child Role id '{$roleId}' does not exist");
}
if (!is_array($parents)) {
$parents = [$parents];
}
foreach ($parents as $parent) {
try {
if ($parent instanceof \Zend_Acl_Role_Interface) {
$roleParentId = $parent->getRoleId();
} else {
$roleParentId = $parent;
}
$roleParent = $this->get($roleParentId);
} catch (\Zend_Acl_Role_Registry_Exception $e) {
throw new \Zend_Acl_Role_Registry_Exception("Parent Role id '{$roleParentId}' does not exist");
}
$this->_roles[$roleId]['parents'][$roleParentId] = $roleParent;
$this->_roles[$roleParentId]['children'][$roleId] = $role;
}
return $this;
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param string $privilege
* @return boolean
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
// We need specific objects to check against each other
if (NULL === $role || NULL === $resource) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
if (!$resource instanceof WatcherModel) {
throw new Exception('Resource must be an instance of WatcherModel');
}
switch ($resource->scope) {
case 'user':
return $role->id == $resource->scopeId;
case 'apiId':
if (!$role instanceof \Application\Model\CurrentUserModel || !$role->isApiAuthUser()) {
return FALSE;
}
return $role->apiId == $resource->scopeId;
case 'token':
if (Zend_Auth::getInstance()->hasIdentity() && ($ident = Zend_Auth::getInstance()->getIdentity()) && isset($ident['token'])) {
return $ident['token'] === $resource->scopeId;
}
return false;
case 'organization':
return $role->organizationId === $resource->scopeId;
}
return false;
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param string $privilege
* @return boolean
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
// We need specific objects to check against each other
if (NULL === $role) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
// Get the organization
$orgService = \Application\Service\OrgService::getInstance();
$org = $orgService->load($role->getOrganizationId());
if ($org->getType() != OrgCustomerModel::ORG_TYPE) {
$org = $orgService->getParentByType($org, OrgCustomerModel::ORG_TYPE);
}
if ($org && !is_null($org->getSupplementaryServicesId())) {
// Check if the customer has supplementary services configured
// with application originated SMS option activated
$supplSrv = \Application\Service\SupplServicesService::getInstance();
$services = $supplSrv->load($org->getSupplementaryServicesId());
if ($services && $services->getApplicationOriginatedSms() == SupplServicesModel::ST_ACTIVATED) {
return true;
}
}
throw new Exception('Role must have applicationOriginatedSms activated');
}
/**
* 判断是否有访问某个游戏的条件
*
* @see Zend_Acl_Assert_Interface::assert()
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
if ($this->_request->has('gametype')) {
$roleData = ZtChart_Model_Acl_Loader::getInstance()->getRole($role->getRoleId());
return in_array($this->_request->getParam('gametype'), $roleData['role_gametype']);
}
return true;
}
/**
* Get rules for role
*
* @param Zend_Acl_Role_Interface $role
* @return array
*/
public function getRules(\Zend_Acl_Role_Interface $role)
{
$em = $this->doctrine->getManager();
$queryBuilder = $em->getRepository('Newscoop\\Entity\\Acl\\Rule')->createQueryBuilder('r')->select('r.resource, r.action, r.type')->where('r.role = :role')->setParameter('role', $role->getRoleId());
if (is_a($role, '\\Newscoop\\Entity\\User\\Group')) {
// @fix WOBS-568: ignore deny rules for roles
$queryBuilder->andWhere('r.type = :allow')->setParameter('allow', 'allow');
}
return $queryBuilder->getQuery()->getArrayResult();
}
/**
* Get rules for role
*
* @param Zend_Acl_Role_Interface $role
* @return array
*/
public function getRules(\Zend_Acl_Role_Interface $role)
{
$em = $this->doctrine->getManager();
$repository = $em->getRepository('Newscoop\\Entity\\Acl\\Rule');
$criteria = array('role' => $role->getRoleId());
if (is_a($role, '\\Newscoop\\Entity\\User\\Group')) {
// @fix WOBS-568: ignore deny rules for roles
$criteria['type'] = 'allow';
}
return $repository->findBy($criteria);
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param string $privilege
* @return boolean
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
// We need specific objects to check against each other
if (NULL === $role) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
return $role->isImpersonating();
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param string $privilege
* @return boolean
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
if (!$role instanceof UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
if (!$resource instanceof App_ListFilter) {
throw new Exception('Resource must be an instance of App_ListFilter');
}
$filter = $resource->getOneFilterByFieldName(SimFilterFields::SERVICE_PROVIDER_COMM);
if (!$filter) {
return false;
}
return $filter->getValue() == $role->getOrganizationId();
}
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
if (NULL === $role) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof \Application\Model\UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
$org = $role->getOrganization();
$orgConfig = \Application\Service\OrgService::getInstance()->getOrgConfig($org);
$keyConfig = $this->getKey();
$valueConfig = $this->getValue();
return $orgConfig->getConfig($keyConfig) == $valueConfig;
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param null $privilege
* @return bool
* @throws Exception
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
if (NULL === $role || NULL === $resource) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof \Application\Model\UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
$org = $role->getOrganization();
if (!$org instanceof \Application\Model\Organization\OrgServiceProviderModel) {
throw new Exception('Org must be an instance of OrgServiceProviderModel');
}
return \Application\Service\OrgService::getInstance()->isEnabler($org);
}
/**
* This assertion should receive the actual User objects.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $user
* @param Zend_Acl_Resource_Interface $model
* @param $privilege
* @return bool
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $user = null, Zend_Acl_Resource_Interface $model = null, $privilege = null)
{
if ($user) {
$sessions = $user->getSessionsToChair();
} else {
return false;
}
$request = Zend_Controller_Front::getInstance()->getRequest();
$param = $request->getParam('id') ? $request->getParam('id') : $request->getParam('session_id');
// perform check
if ($param !== null && in_array((int) $param, $sessions, true)) {
return true;
} else {
return false;
}
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param string $privilege
* @return boolean
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
// We need specific objects to check against each other
if (NULL === $role || NULL === $resource) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
$orgId = $role->getOrganizationId();
if (!$resource instanceof SimModel) {
throw new Exception('Resource must be an instance of SimModel');
}
return $orgId === $resource->getServiceProviderCommercialId();
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param string $privilege
* @return boolean
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
if (!$role instanceof UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
if (!$resource instanceof OrgModelAbstract) {
throw new Exception('Resource must be an instance of OrgModelAbstract');
}
$type = $resource->getType();
if (!isset($this->_types[$type])) {
throw new Exception('Resource has an undefined organization type');
}
$org = $role->getOrganization();
$orgType = $org->getType();
return $this->_diff($this->_types[$orgType], $this->_types[$type]);
}
/**
* This assertion should receive the actual Presentation objects.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $user
* @param Zend_Acl_Resource_Interface $model
* @param $privilege
* @return bool
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $user = null, Zend_Acl_Resource_Interface $model = null, $privilege = null)
{
if ($user) {
$presentations = $user->getMyPresentations();
} else {
return false;
}
$request = Zend_Controller_Front::getInstance()->getRequest();
$param = $request->getParam('id') ? $request->getParam('id') : $request->getParam('presentation_id');
$presentation = $model->getPresentationById($param);
// perform check
if ($param !== null && $presentation->isBeforeEditDeadline() && in_array((int) $param, $presentations, true)) {
return true;
} else {
return false;
}
}
/**
* Returns true if and only if the assertion conditions are met
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param null $privilege
* @return bool
* @throws Exception
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
// We need specific objects to check against each other
if (NULL === $role || NULL === $resource) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
$orgId = $role->getOrganizationId();
switch (true) {
case $resource instanceof OrgModelAbstract:
return $orgId === $resource->getParentId();
case $resource instanceof Model\PreBillModel:
return true;
//TODO: we need serviceProviderId from ericsson
return $orgId === $resource->getServiceProvider()->getId();
case $resource instanceof UserModel:
try {
$org = $resource->getOrganization();
if (NULL !== $org) {
return $orgId === $org->getParentId();
}
App::log()->err("User (" . $resource->getId() . ") organization (" . $resource->getOrganizationId() . ") doesn't exist");
return false;
} catch (Exception $e) {
return false;
}
case $resource instanceof Model\CommercialGroupModel:
// customerId is one of service provider customers?
// TODO aggregatorId case?
$org = OrgService::getInstance()->load($resource->getCustomerId());
return $org && $orgId === $org->getParentId();
case $resource instanceof Model\ReportModel:
$params = $resource->getParams();
if (isset($params['orgId']) && !empty($params['orgId'])) {
$org = OrgService::getInstance()->load($params['orgId']);
return $org && $orgId === $org->getParentId();
} else {
return true;
}
}
throw new Exception('Resource must be an instance of OrgModelAbstract or UserModel');
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param string $privilege
* @return boolean
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
// We need specific objects to check against each other
if (NULL === $role) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
if (!$resource instanceof SimModel) {
throw new Exception('Resource must be an instance of SimModel');
}
// Get the organization
$orgService = \Application\Service\OrgService::getInstance();
if ($orgService->getTypeById($role->getOrganizationId()) == OrgServiceProviderModel::ORG_TYPE) {
$org = $orgService->load($resource->customerId);
} else {
$org = $orgService->load($role->getOrganizationId());
}
if ($org->getType() != OrgCustomerModel::ORG_TYPE) {
$org = $orgService->getParentByType($org, OrgCustomerModel::ORG_TYPE);
}
if ($org && !is_null($org->getSupplementaryServicesId())) {
// Check if the customer has supplementary services configured
// with application originated SMS option activated
$supplSrv = \Application\Service\SupplServicesService::getInstance();
try {
if ($orgService->getTypeById($role->getOrganizationId()) == OrgAggregatorModel::ORG_TYPE) {
$services = $supplSrv->load($org->getSupplementaryServicesId(), $org);
} else {
$services = $supplSrv->load($org->getSupplementaryServicesId());
}
} catch (\Exception $e) {
\App::log()->warn($e);
return False;
}
if ($services && $services->advancedSupervision == SupplServicesModel::ST_ACTIVATED) {
return true;
}
}
return false;
}
/**
* This assertion should receive the actual User objects.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $user
* @param Zend_Acl_Resource_Interface $model
* @param $privilege
* @return bool
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $user = null, Zend_Acl_Resource_Interface $model = null, $privilege = null)
{
if ($user) {
$presentations = $user->getMyPresentations();
} else {
return false;
}
$param = Zend_Controller_Front::getInstance()->getRequest()->getParam('id', null);
if (!$param) {
return false;
}
// get presentation_id
$presentation = $model->getResource('presentationsusers')->getItemById($param)->presentation_id;
// perform check
if ($presentation !== null && in_array((int) $presentation, $presentations, true)) {
return true;
} else {
return false;
}
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param null $privilege
* @return bool
* @throws Exception
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
if (NULL === $role || NULL === $resource) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof \Application\Model\UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
$org = $role->getOrganization();
if ($org instanceof \Application\Model\Organization\OrgServiceProviderModel) {
$orgConfigValidator = new App_Acl_Assert_OrgConfig(array('key' => OrgConfigModel::ORG_CONFIG_LTE_ENABLED, 'value' => true));
return $orgConfigValidator->assert($acl, $role, $resource, $privilege);
} else {
if ($org instanceof \Application\Model\Organization\OrgCustomerModel) {
return $org->lteEnabled;
}
}
return false;
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param string $privilege
* @return boolean
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
// We need specific objects to check against each other
if (NULL === $role || NULL === $resource) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof Model\UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
$orgId = $role->getOrganizationId();
switch (true) {
case $resource instanceof OrgModelAbstract:
$parent = OrgService::getInstance()->load($resource->getParentId());
if ($parent) {
return $orgId === $parent->getParentId();
}
return false;
}
throw new Exception('Resource must be an instance of OrgModelAbstract');
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param string $privilege
* @return boolean
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
// We need specific objects to check against each other
if (NULL === $role || NULL === $resource) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
$orgId = $role->getOrganizationId();
$org = Service\OrgService::getInstance()->load($orgId);
if (!$org) {
return false;
}
switch (true) {
case $resource instanceof Model\ServicePackModel:
return $org->getParentId() === $resource->getServiceProvider();
}
throw new Exception('Resource must be an instance of ServicePack');
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param string $privilege
* @return boolean
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
// We need specific objects to check against each other
if (NULL === $role) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
if (!$resource instanceof SimModel) {
throw new Exception('Resource must be a sim');
}
$org = $resource->getCustomer();
if (!$org) {
$org = $role->getOrganization();
if (!$org instanceof OrgCustomerModel) {
return false;
}
}
return $org ? $org->timeAndConsumptionVoucherIsEnabled : false;
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param string $privilege
* @return boolean
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
// We need specific objects to check against each other
if (NULL === $role || NULL === $resource) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
if ($resource instanceof WatcherModel) {
if ($role instanceof \Application\Model\CurrentUserModel && $role->isApiAuthUser()) {
return $role->apiId == $resource->owner;
}
return $role->id === $resource->owner;
}
if ($resource instanceof UserConfigModel) {
return $role->id === $resource->userId;
}
if (!$resource instanceof UserModel) {
throw new Exception('Resource must be an instance of UserModel');
}
return $role->getId() === $resource->getId();
}
/**
* Returns the rules associated with a Resource and a Role, or null if no such rules exist
*
* If either $resource or $role is null, this means that the rules returned are for all Resources or all Roles,
* respectively. Both can be null to return the default rule set for all Resources and all Roles.
*
* If the $create parameter is true, then a rule set is first created and then returned to the caller.
*
* @param Zend_Acl_Resource_Interface $resource
* @param Zend_Acl_Role_Interface $role
* @param boolean $create
* @return array|null
*/
protected function &_getRules(Zend_Acl_Resource_Interface $resource = null, Zend_Acl_Role_Interface $role = null,
$create = false)
{
// create a reference to null
$null = null;
$nullRef =& $null;
// follow $resource
do {
if (null === $resource) {
$visitor =& $this->_rules['allResources'];
break;
}
$resourceId = $resource->getResourceId();
if (!isset($this->_rules['byResourceId'][$resourceId])) {
if (!$create) {
return $nullRef;
}
$this->_rules['byResourceId'][$resourceId] = array();
}
$visitor =& $this->_rules['byResourceId'][$resourceId];
} while (false);
// follow $role
if (null === $role) {
if (!isset($visitor['allRoles'])) {
if (!$create) {
return $nullRef;
}
$visitor['allRoles']['byPrivilegeId'] = array();
}
return $visitor['allRoles'];
}
$roleId = $role->getRoleId();
if (!isset($visitor['byRoleId'][$roleId])) {
if (!$create) {
return $nullRef;
}
$visitor['byRoleId'][$roleId]['byPrivilegeId'] = array();
$visitor['byRoleId'][$roleId]['allPrivileges'] = array('type' => null, 'assert' => null);
}
return $visitor['byRoleId'][$roleId];
}
/**
* Returns true if and only if the Role exists in the registry
*
* The $role parameter can either be a Role or a Role identifier.
*
* @param Zend_Acl_Role_Interface|string $role
* @return boolean
*/
public function has($role)
{
if ($role instanceof Zend_Acl_Role_Interface) {
$roleId = $role->getRoleId();
} else {
$roleId = (string) $role;
}
return isset($this->_roles[$roleId]);
}
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
global $db;
//If asserting is off then return true right away
if (isset($resource->assert) && $resource->assert == false || isset($acl->_entrada_last_query) && isset($acl->_entrada_last_query->assert) && $acl->_entrada_last_query->assert == false) {
return true;
}
if (isset($resource->eform_id)) {
$eform_id = $resource->eform_id;
} else {
if (isset($acl->_entrada_last_query->eform_id)) {
$eform_id = $acl->_entrada_last_query->eform_id;
} else {
//Parse out the user ID and course ID
$resource_id = $resource->getResourceId();
$resource_type = preg_replace('/[0-9]+/', "", $resource_id);
if ($resource_type !== "evaluationform") {
//This only asserts for users authoring evaluation forms.
return false;
}
$eform_id = preg_replace('/[^0-9]+/', "", $resource_id);
}
}
$role_id = $role->getRoleId();
$access_id = preg_replace('/[^0-9]+/', "", $role_id);
$query = "SELECT `user_id` FROM `" . AUTH_DATABASE . "`.`user_access`\n\t\t\t\t\tWHERE `id` = " . $db->qstr($access_id);
$user_id = $db->GetOne($query);
if (!isset($user_id) || !$user_id) {
$role_id = $acl->_entrada_last_query_role->getRoleId();
$access_id = preg_replace('/[^0-9]+/', "", $role_id);
$query = "SELECT `user_id` FROM `" . AUTH_DATABASE . "`.`user_access`\n\t\t\t\t\t\tWHERE `id` = " . $db->qstr($access_id);
$user_id = $db->GetOne($query);
}
$permissions = Models_Evaluation::getFormAuthorPermissions($eform_id);
if ($permissions) {
return true;
} else {
return false;
}
}
/**
* Removes the Role from the registry
*
* The $role parameter can either be a Role or a Role identifier.
*
* @param Zend_Acl_Role_Interface|string $role
* @uses Zend_Acl::removeRole()
* @return Zend_Acl Provides a fluent interface
*/
public function removeRole($role)
{
if ($this->hasCachingAdapter()) {
$this->_checkCaching();
}
$roleId = $role instanceof Zend_Acl_Role_Interface ? $role->getRoleId() : (string) $role;
$this->_setRoleUnloaded($roleId);
$arrRoles = $this->_getAdapter()->removeRole($roleId);
foreach ($arrRoles as $role) {
if ($this->hasRole($role) && $role != $roleId) {
parent::removeRole($role);
}
if ($this->hasRoleLoaded($role)) {
$this->_setRoleUnloaded($role);
}
//Zum Cachen freigeben
if ($this->hasCachingAdapter()) {
$this->_getCachingAdapter()->change($role, null);
}
}
//Zum Cachen freigeben:
if ($this->hasCachingAdapter()) {
$this->_getCachingAdapter()->change($roleId, null);
}
return parent::removeRole($roleId);
}
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
if (ProfileTable::PUBLIC_FLAG_FRIEND == $resource->getPublicFlag()) {
return 'self' === $role->getRoleId() || 'friend' === $role->getRoleId();
}
if (ProfileTable::PUBLIC_FLAG_PRIVATE == $resource->getPublicFlag()) {
return 'self' === $role->getRoleId();
}
return true;
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param string $privilege
* @return boolean
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
// We need specific objects to check against each other
if (NULL === $role || NULL === $resource) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
$orgId = $role->getOrganizationId();
switch (true) {
case $resource instanceof OrgModelAbstract:
return $orgId === $resource->getId();
case $resource instanceof UserModel:
case $resource instanceof TemplateModel:
return $orgId === $resource->getOrganizationId();
case $resource instanceof Async\Model\AsyncResponse:
$cOrgId = \Application\Model\Mapper\OrganizationMapper::cleanOrgId($orgId);
return $orgId === $resource->getOrganizationId() || $cOrgId === $resource->getOrganizationId();
case $resource instanceof Model\TariffPlanLifeCycleModel:
case $resource instanceof Model\TariffPlanServicesModel:
case $resource instanceof Model\RestrictionModel:
case $resource instanceof Model\ServicePackModel:
$orgType = Model\Mapper\OrganizationMapper::getTypeByOrgId($orgId);
switch ($orgType) {
case Model\Organization\OrgServiceProviderModel::ORG_TYPE:
return $orgId === $resource->getServiceProviderId();
case Model\Organization\OrgCustomerModel::ORG_TYPE:
// $spList = Service\ServicePackService::getInstance()->listAll();
// foreach ($spList->getItems() as $sp) {
// if ($sp->getId() === $resource->getId()) {
// return true;
// }
// }
/*
* There is no way to know if only one ServicePack is assigned to a customer,
* only retrieving all servicePacks assigned. It is too much slow. In Ericsson we trust.
*/
return true;
default:
return false;
}
case $resource instanceof Model\SupplServicesModel:
return $orgId === $resource->getServiceProviderId() || $orgId === $resource->getCustomerId();
case $resource instanceof Model\CommercialGroupModel:
case $resource instanceof Model\SupervisionGroupModel:
return $orgId === $resource->getCustomerId();
case $resource instanceof SimModel:
/** @var $resource \Application\Model\SimModel */
return $orgId === $resource->getMasterId() || $orgId === $resource->getServiceProviderCommercialId() || $orgId === $resource->getServiceProviderEnablerId() || $orgId === $resource->getAggregatorId() || $orgId === $resource->getCustomerId() || $orgId === $resource->getEndUserId();
case $resource instanceof Model\ReportModel:
$params = $resource->getParams();
if (isset($params['orgId']) && !empty($params['orgId'])) {
return $orgId === $params['orgId'];
} else {
return true;
}
}
throw new Exception('Resource must be an instance of OrgModelAbstract, UserModel or SimModel');
}
protected function &_getRules($type, $name, Zend_Acl_Role_Interface $role = null, $create = false)
{
// create a reference to null
$null = null;
$nullRef =& $null;
// follow $resource
do {
if (null === $name) {
$visitor =& $this->_rules['all' . $type . 's'];
break;
}
if (!isset($this->_rules['by' . $type . 'Id'][$name])) {
if (!$create) {
return $nullRef;
}
$this->_rules['by' . $type . 'Id'][$name] = array();
}
$visitor =& $this->_rules['by' . $type . 'Id'][$name];
} while (false);
// follow $role
if (null === $role) {
if (!isset($visitor['allRoles'])) {
if (!$create) {
return $nullRef;
}
$visitor['allRoles'] = array();
}
return $visitor['allRoles'];
}
$roleId = $role->getRoleId();
if (!isset($visitor['byRoleId'][$roleId])) {
if (!$create) {
return $nullRef;
}
$visitor['byRoleId'][$roleId] = array();
}
return $visitor['byRoleId'][$roleId];
}
