/** * Get acl for role * * @param Zend_Acl_Role_Interface $role * @return Zend_Acl */ public function getAcl(Zend_Acl_Role_Interface $role) { if (isset($this->cache[$role->getRoleId()])) { return $this->cache[$role->getRoleId()]; } $acl = new Zend_Acl(); // set resources $resources = $this->getResources(); foreach (array_keys($resources) as $resource) { $acl->addResource($resource); } // get role parents if possible $method = self::PARENTS_METHOD; $parents = NULL; if (method_exists($role, $method)) { foreach ($role->{$method}() as $parent) { $parents[] = $parent; $acl->addRole($parent); $this->addRules($acl, $parent); } } // set role $acl->addRole($role, $parents); $this->addRules($acl, $role); return $this->cache[$role->getRoleId()] = $acl; }
/** * Add parent to the $role node * * @param \Zend_Acl_Role_Interface|string $role * @param array|\Zend_Acl_Role_Interface|string $parents * @return $this * @throws \Zend_Acl_Role_Registry_Exception */ public function addParent($role, $parents) { try { if ($role instanceof \Zend_Acl_Role_Interface) { $roleId = $role->getRoleId(); } else { $roleId = $role; $role = $this->get($role); } } catch (\Zend_Acl_Role_Registry_Exception $e) { throw new \Zend_Acl_Role_Registry_Exception("Child Role id '{$roleId}' does not exist"); } if (!is_array($parents)) { $parents = [$parents]; } foreach ($parents as $parent) { try { if ($parent instanceof \Zend_Acl_Role_Interface) { $roleParentId = $parent->getRoleId(); } else { $roleParentId = $parent; } $roleParent = $this->get($roleParentId); } catch (\Zend_Acl_Role_Registry_Exception $e) { throw new \Zend_Acl_Role_Registry_Exception("Parent Role id '{$roleParentId}' does not exist"); } $this->_roles[$roleId]['parents'][$roleParentId] = $roleParent; $this->_roles[$roleParentId]['children'][$roleId] = $role; } return $this; }
/** * 判断是否有访问某个游戏的条件 * * @see Zend_Acl_Assert_Interface::assert() */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { if ($this->_request->has('gametype')) { $roleData = ZtChart_Model_Acl_Loader::getInstance()->getRole($role->getRoleId()); return in_array($this->_request->getParam('gametype'), $roleData['role_gametype']); } return true; }
/** * Get rules for role * * @param Zend_Acl_Role_Interface $role * @return array */ public function getRules(\Zend_Acl_Role_Interface $role) { $em = $this->doctrine->getManager(); $queryBuilder = $em->getRepository('Newscoop\\Entity\\Acl\\Rule')->createQueryBuilder('r')->select('r.resource, r.action, r.type')->where('r.role = :role')->setParameter('role', $role->getRoleId()); if (is_a($role, '\\Newscoop\\Entity\\User\\Group')) { // @fix WOBS-568: ignore deny rules for roles $queryBuilder->andWhere('r.type = :allow')->setParameter('allow', 'allow'); } return $queryBuilder->getQuery()->getArrayResult(); }
/** * Get rules for role * * @param Zend_Acl_Role_Interface $role * @return array */ public function getRules(\Zend_Acl_Role_Interface $role) { $em = $this->doctrine->getManager(); $repository = $em->getRepository('Newscoop\\Entity\\Acl\\Rule'); $criteria = array('role' => $role->getRoleId()); if (is_a($role, '\\Newscoop\\Entity\\User\\Group')) { // @fix WOBS-568: ignore deny rules for roles $criteria['type'] = 'allow'; } return $repository->findBy($criteria); }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } if (!$resource instanceof UserModel) { throw new Exception('Resource must be an instance of UserModel'); } return $role->getRoleId() === $resource->getRoleId(); }
/** * Returns the rules associated with a Resource and a Role, or null if no such rules exist * * If either $resource or $role is null, this means that the rules returned are for all Resources or all Roles, * respectively. Both can be null to return the default rule set for all Resources and all Roles. * * If the $create parameter is true, then a rule set is first created and then returned to the caller. * * @param Zend_Acl_Resource_Interface $resource * @param Zend_Acl_Role_Interface $role * @param boolean $create * @return array|null */ protected function &_getRules(Zend_Acl_Resource_Interface $resource = null, Zend_Acl_Role_Interface $role = null, $create = false) { // create a reference to null $null = null; $nullRef =& $null; // follow $resource do { if (null === $resource) { $visitor =& $this->_rules['allResources']; break; } $resourceId = $resource->getResourceId(); if (!isset($this->_rules['byResourceId'][$resourceId])) { if (!$create) { return $nullRef; } $this->_rules['byResourceId'][$resourceId] = array(); } $visitor =& $this->_rules['byResourceId'][$resourceId]; } while (false); // follow $role if (null === $role) { if (!isset($visitor['allRoles'])) { if (!$create) { return $nullRef; } $visitor['allRoles']['byPrivilegeId'] = array(); } return $visitor['allRoles']; } $roleId = $role->getRoleId(); if (!isset($visitor['byRoleId'][$roleId])) { if (!$create) { return $nullRef; } $visitor['byRoleId'][$roleId]['byPrivilegeId'] = array(); $visitor['byRoleId'][$roleId]['allPrivileges'] = array('type' => null, 'assert' => null); } return $visitor['byRoleId'][$roleId]; }
/** * Returns true if and only if the Role exists in the registry * * The $role parameter can either be a Role or a Role identifier. * * @param Zend_Acl_Role_Interface|string $role * @return boolean */ public function has($role) { if ($role instanceof Zend_Acl_Role_Interface) { $roleId = $role->getRoleId(); } else { $roleId = (string) $role; } return isset($this->_roles[$roleId]); }
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { if (ProfileTable::PUBLIC_FLAG_FRIEND == $resource->getPublicFlag()) { return 'self' === $role->getRoleId() || 'friend' === $role->getRoleId(); } if (ProfileTable::PUBLIC_FLAG_PRIVATE == $resource->getPublicFlag()) { return 'self' === $role->getRoleId(); } return true; }
protected function &_getRules($type, $name, Zend_Acl_Role_Interface $role = null, $create = false) { // create a reference to null $null = null; $nullRef =& $null; // follow $resource do { if (null === $name) { $visitor =& $this->_rules['all' . $type . 's']; break; } if (!isset($this->_rules['by' . $type . 'Id'][$name])) { if (!$create) { return $nullRef; } $this->_rules['by' . $type . 'Id'][$name] = array(); } $visitor =& $this->_rules['by' . $type . 'Id'][$name]; } while (false); // follow $role if (null === $role) { if (!isset($visitor['allRoles'])) { if (!$create) { return $nullRef; } $visitor['allRoles'] = array(); } return $visitor['allRoles']; } $roleId = $role->getRoleId(); if (!isset($visitor['byRoleId'][$roleId])) { if (!$create) { return $nullRef; } $visitor['byRoleId'][$roleId] = array(); } return $visitor['byRoleId'][$roleId]; }
/** * Removes the Role from the registry * * The $role parameter can either be a Role or a Role identifier. * * @param Zend_Acl_Role_Interface|string $role * @uses Zend_Acl::removeRole() * @return Zend_Acl Provides a fluent interface */ public function removeRole($role) { if ($this->hasCachingAdapter()) { $this->_checkCaching(); } $roleId = $role instanceof Zend_Acl_Role_Interface ? $role->getRoleId() : (string) $role; $this->_setRoleUnloaded($roleId); $arrRoles = $this->_getAdapter()->removeRole($roleId); foreach ($arrRoles as $role) { if ($this->hasRole($role) && $role != $roleId) { parent::removeRole($role); } if ($this->hasRoleLoaded($role)) { $this->_setRoleUnloaded($role); } //Zum Cachen freigeben if ($this->hasCachingAdapter()) { $this->_getCachingAdapter()->change($role, null); } } //Zum Cachen freigeben: if ($this->hasCachingAdapter()) { $this->_getCachingAdapter()->change($roleId, null); } return parent::removeRole($roleId); }
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { global $db; //If asserting is off then return true right away if (isset($resource->assert) && $resource->assert == false || isset($acl->_entrada_last_query) && isset($acl->_entrada_last_query->assert) && $acl->_entrada_last_query->assert == false) { return true; } if (isset($resource->eform_id)) { $eform_id = $resource->eform_id; } else { if (isset($acl->_entrada_last_query->eform_id)) { $eform_id = $acl->_entrada_last_query->eform_id; } else { //Parse out the user ID and course ID $resource_id = $resource->getResourceId(); $resource_type = preg_replace('/[0-9]+/', "", $resource_id); if ($resource_type !== "evaluationform") { //This only asserts for users authoring evaluation forms. return false; } $eform_id = preg_replace('/[^0-9]+/', "", $resource_id); } } $role_id = $role->getRoleId(); $access_id = preg_replace('/[^0-9]+/', "", $role_id); $query = "SELECT `user_id` FROM `" . AUTH_DATABASE . "`.`user_access`\n\t\t\t\t\tWHERE `id` = " . $db->qstr($access_id); $user_id = $db->GetOne($query); if (!isset($user_id) || !$user_id) { $role_id = $acl->_entrada_last_query_role->getRoleId(); $access_id = preg_replace('/[^0-9]+/', "", $role_id); $query = "SELECT `user_id` FROM `" . AUTH_DATABASE . "`.`user_access`\n\t\t\t\t\t\tWHERE `id` = " . $db->qstr($access_id); $user_id = $db->GetOne($query); } $permissions = Models_Evaluation::getFormAuthorPermissions($eform_id); if ($permissions) { return true; } else { return false; } }
/** * <p>Lädt eine Rolle.</p> * <p>Der zurückgegebene Array sieht ist wie folgt aufgebaut: * <code> * $array = array( * 0 => array( * 0 => 'role1', * 1 => array() * ), * 1 => array( * 0 => 'role2', * 1 => array() * ), * 2 => array( * 0 => 'role3', * 1 => array('role2') * ), * 3 => array( * 0 => 'role4', * 1 => array('role1', 'role2') * ) * ); * </code> * </p> * @param Zend_Acl_Role_Interface|string|null $role * @return array */ public function loadRole($role) { $roleId = $role instanceof Zend_Acl_Role_Interface ? $role->getRoleId() : (string) $role; $arrRoles = $this->_loadRoles($roleId); $arrReturn = array(); foreach ($arrRoles as $role) { $arrReturn[] = array(0 => $role[$this->_getRoleColumn(self::ROLE_NAME)], 1 => $role['parent']); } return $arrReturn; }