Beispiel #1
0
    /**
     * Create role for provided user of provided type
     *
     * @param int $parentId
     * @param ModelUser $user
     * @return void
     */
    protected function _createUserRole($parentId, ModelUser $user)
    {
        if ($parentId > 0) {
            /** @var \Magento\Authorization\Model\Role $parentRole */
            $parentRole = $this->_roleFactory->create()->load($parentId);
        } else {
            $role = new \Magento\Framework\DataObject();
            $role->setTreeLevel(0);
        }

        if ($parentRole->getId()) {
            $data = new \Magento\Framework\DataObject(
                [
                    'parent_id' => $parentRole->getId(),
                    'tree_level' => $parentRole->getTreeLevel() + 1,
                    'sort_order' => 0,
                    'role_type' => RoleUser::ROLE_TYPE,
                    'user_id' => $user->getId(),
                    'user_type' => UserContextInterface::USER_TYPE_ADMIN,
                    'role_name' => $user->getFirstname(),
                ]
            );

            $insertData = $this->_prepareDataForTable($data, $this->getTable('authorization_role'));
            $this->getConnection()->insert($this->getTable('authorization_role'), $insertData);
            $this->_aclCache->clean();
        }
    }
Beispiel #2
0
 /**
  * Build Access Control List
  *
  * @return \Magento\Framework\Acl
  * @throws \LogicException
  */
 public function getAcl()
 {
     try {
         if ($this->_cache->has()) {
             $this->_acl = $this->_cache->get();
         } else {
             $this->_acl = $this->_aclFactory->create();
             foreach ($this->_loaderPool as $loader) {
                 $loader->populateAcl($this->_acl);
             }
             $this->_cache->save($this->_acl);
         }
     } catch (\Exception $e) {
         throw new \LogicException('Could not create acl object: ' . $e->getMessage());
     }
     return $this->_acl;
 }
Beispiel #3
0
 /**
  * Create role for provided user of provided type
  *
  * @param int $parentId
  * @param ModelUser $user
  * @return void
  */
 protected function _createUserRole($parentId, ModelUser $user)
 {
     if ($parentId > 0) {
         /** @var \Magento\User\Model\Role $parentRole */
         $parentRole = $this->_roleFactory->create()->load($parentId);
     } else {
         $role = new \Magento\Framework\Object();
         $role->setTreeLevel(0);
     }
     if ($parentRole->getId()) {
         $data = new \Magento\Framework\Object(array('parent_id' => $parentRole->getId(), 'tree_level' => $parentRole->getTreeLevel() + 1, 'sort_order' => 0, 'role_type' => RoleUser::ROLE_TYPE, 'user_id' => $user->getId(), 'role_name' => $user->getFirstname()));
         $insertData = $this->_prepareDataForTable($data, $this->getTable('admin_role'));
         $this->_getWriteAdapter()->insert($this->getTable('admin_role'), $insertData);
         $this->_aclCache->clean();
     }
 }
Beispiel #4
0
 /**
  * Save ACL resources
  *
  * @param \Magento\Authorization\Model\Rules $rule
  * @return void
  * @throws \Magento\Framework\Exception\LocalizedException
  */
 public function saveRel(\Magento\Authorization\Model\Rules $rule)
 {
     try {
         $connection = $this->getConnection();
         $connection->beginTransaction();
         $roleId = $rule->getRoleId();
         $condition = ['role_id = ?' => (int) $roleId];
         $connection->delete($this->getMainTable(), $condition);
         $postedResources = $rule->getResources();
         if ($postedResources) {
             $row = ['resource_id' => $this->_rootResource->getId(), 'privileges' => '', 'role_id' => $roleId, 'permission' => 'allow'];
             // If all was selected save it only and nothing else.
             if ($postedResources === [$this->_rootResource->getId()]) {
                 $insertData = $this->_prepareDataForTable(new \Magento\Framework\DataObject($row), $this->getMainTable());
                 $connection->insert($this->getMainTable(), $insertData);
             } else {
                 /** Give basic admin permissions to any admin */
                 $postedResources[] = \Magento\Backend\App\AbstractAction::ADMIN_RESOURCE;
                 $acl = $this->_aclBuilder->getAcl();
                 /** @var $resource \Magento\Framework\Acl\AclResource */
                 foreach ($acl->getResources() as $resourceId) {
                     $row['permission'] = in_array($resourceId, $postedResources) ? 'allow' : 'deny';
                     $row['resource_id'] = $resourceId;
                     $insertData = $this->_prepareDataForTable(new \Magento\Framework\DataObject($row), $this->getMainTable());
                     $connection->insert($this->getMainTable(), $insertData);
                 }
             }
         }
         $connection->commit();
         $this->_aclCache->clean();
     } catch (\Magento\Framework\Exception\LocalizedException $e) {
         $connection->rollBack();
         throw $e;
     } catch (\Exception $e) {
         $connection->rollBack();
         $this->_logger->critical($e);
     }
 }
Beispiel #5
0
 /**
  * Save ACL resources
  *
  * @param \Magento\User\Model\Rules $rule
  * @return void
  * @throws \Magento\Framework\Model\Exception
  */
 public function saveRel(\Magento\User\Model\Rules $rule)
 {
     try {
         $adapter = $this->_getWriteAdapter();
         $adapter->beginTransaction();
         $roleId = $rule->getRoleId();
         $condition = array('role_id = ?' => (int) $roleId);
         $adapter->delete($this->getMainTable(), $condition);
         $postedResources = $rule->getResources();
         if ($postedResources) {
             $row = array('resource_id' => $this->_rootResource->getId(), 'privileges' => '', 'role_id' => $roleId, 'permission' => 'allow');
             // If all was selected save it only and nothing else.
             if ($postedResources === array($this->_rootResource->getId())) {
                 $insertData = $this->_prepareDataForTable(new \Magento\Framework\Object($row), $this->getMainTable());
                 $adapter->insert($this->getMainTable(), $insertData);
             } else {
                 $acl = $this->_aclBuilder->getAcl();
                 /** @var $resource \Magento\Framework\Acl\Resource */
                 foreach ($acl->getResources() as $resourceId) {
                     $row['permission'] = in_array($resourceId, $postedResources) ? 'allow' : 'deny';
                     $row['resource_id'] = $resourceId;
                     $insertData = $this->_prepareDataForTable(new \Magento\Framework\Object($row), $this->getMainTable());
                     $adapter->insert($this->getMainTable(), $insertData);
                 }
             }
         }
         $adapter->commit();
         $this->_aclCache->clean();
     } catch (\Magento\Framework\Model\Exception $e) {
         $adapter->rollBack();
         throw $e;
     } catch (\Exception $e) {
         $adapter->rollBack();
         $this->_logger->logException($e);
     }
 }