Adds a Role to the list. The most recently added parent
takes precedence over parents that were previously added.
| public addRole ( $role, $parents = NULL ) : self | ||
| return | self | |
/**
* Definice rolí.
*/
private function defineRoles()
{
$groups = $this->permissionRepository->selectAllGroups();
$this->acl->addRole("Guest");
foreach ($groups as $group) {
$this->acl->addRole($group->getName(), $group->getExtendsGroup()->getName());
}
}
public static function createAuthorizator()
{
$perm = new Permission;
$perm->addRole("guest");
$perm->addRole("user", "guest");
$perm->addRole("admin", "user");
$perm->deny();
$perm->allow("admin");
return $perm;
}
public function __construct()
{
$this->acl = new NS\Permission();
$this->acl->addRole('guest');
$this->acl->addRole('user', 'registered');
$this->acl->addRole('admin', 'user');
$this->acl->addResource('backend');
$this->acl->addResource('users');
$this->acl->allow('user', array('backend'), array('view'));
$this->acl->allow('admin');
}
public static function createAuthorizator()
{
$perm = new Permission();
$perm->addRole("guest");
$perm->addRole("user", "guest");
$perm->addRole("admin", "user");
$perm->addResource('clip');
$perm->addResource('comment');
$perm->deny();
$perm->allow("admin");
$perm->allow("user", "comment", "add");
return $perm;
}
private function setRoles(Permission $p)
{
try {
$roles = $this->rolesService->getRoles();
foreach ($roles as $r) {
if ($r->getParents()->isEmpty()) {
$p->addRole($r->getName(), []);
} else {
$p->addRole($r->getName(), $r->extractParentNames());
}
}
} catch (Exceptions\DataErrorException $e) {
$this->logError($e->getMessage());
}
}
public function startup()
{
parent::startup();
if ($this->getName() != 'Admin:Sign' && !$this->user->isLoggedIn()) {
$this->redirect('Sign:default');
}
//nastavim prava
foreach ($this->roles->getAll() as $role) {
$this->acl->addRole($role['system_name']);
}
foreach ($this->resources->getAll() as $resource) {
$this->acl->addResource($resource['system_name']);
}
foreach ($this->permissions->getAll() as $permission) {
$this->acl->allow($permission->role->system_name, $permission->resource->system_name, $permission->privilege->system_name);
}
$this->acl->addRole('super_admin');
$this->acl->allow('super_admin');
//homepage a sign maji pristup vsichni
$this->acl->addResource('homepage');
$this->acl->allow(\App\AdminModule\Components\Authorizator::ALL, 'homepage');
$this->acl->addResource('sign');
$this->acl->allow(\App\AdminModule\Components\Authorizator::ALL, 'sign');
//vychozi role
$this->acl->addRole('guest');
//kontrola prav
if ($this->getName() != 'Admin:Image' && $this->getAction() != 'ordering' && $this->getAction() != 'orderingCategory' && $this->getAction() != 'deleteImage' && $this->getAction() != 'changePassword' && $this->getAction() != 'getCity' && $this->getAction() != 'download') {
if (!$this->getUser()->isAllowed($this->getNameSimple(), $this->getAction())) {
$this->flashMessage($this->translator->translate('admin.login.noAccess'), 'error');
$this->redirect('Homepage:default');
}
}
//projedu vsek moduly a pokusim se najit presentery
$presenters = array();
$vsekDir = dirname(__FILE__) . '/../../../';
$ch = opendir($vsekDir);
while (($file = readdir($ch)) !== false) {
if (!in_array($file, array('.', '..'))) {
if (file_exists($vsekDir . $file . '/src/setting.xml')) {
$xml = simplexml_load_file($vsekDir . $file . '/src/setting.xml');
if (isset($xml->presenter)) {
$this->menuModules[] = array('name' => (string) $xml->presenter->name, 'resource' => (string) $xml->presenter->resource);
}
}
}
}
closedir($ch);
}
/** @return Nette\Security\Permission */
public function create()
{
if (!$this->cmsInstalled) {
return new Nette\Security\Permission();
}
$acl = $this->cache->load('acl');
if ($acl === NULL) {
$acl = new Nette\Security\Permission();
try {
foreach ($this->roleService->findAll() as $role) {
$acl->addRole($role->name, $role->parent === NULL ? NULL : $role->parent->name);
}
} catch (Kdyby\Doctrine\DBALException $ex) {
return new Nette\Security\Permission();
}
foreach ($this->resourceService->findAll() as $resource) {
$acl->addResource($resource->name);
}
foreach ($this->aclService->findAll() as $aclEntry) {
if ($aclEntry->allow) {
$acl->allow($aclEntry->role->name, $aclEntry->permission->resource->name, $aclEntry->permission->privilege->name);
} else {
$acl->deny($aclEntry->role->name, $aclEntry->permission->resource->name, $aclEntry->permission->privilege->name);
}
}
$this->cache->save('acl', $acl, [Nette\Caching\Cache::TAGS => self::CACHE_TAG]);
}
return $acl;
}
public function __construct()
{
$acl = new Nette\Security\Permission();
// definice rolí
$acl->addRole('guest');
$acl->addRole('demo', 'guest');
// demo dědí od guest
$acl->addRole('admin', 'demo');
// a od něj dědí admin
// seznam zdrojů, ke kterým mohou uživatelé přistupovat
$acl->addResource('Admin:Admin');
$acl->addResource('Front');
// pravidla, určující, kdo co může s čím dělat
$acl->allow('guest', 'Front', self::READ);
$acl->allow('demo', 'Admin:Admin', self::READ);
$acl->allow('admin', Permission::ALL, Permission::ALL);
// Nastaveno!
$this->acl = $acl;
}
public function addRole($role)
{
$this->acl->addRole($role);
}
/**
*
*/
private function initRole()
{
foreach ($this->roleRepository->read()->order("aclRoleID ASC") as $item) {
$this->acl->addRole($item->name);
}
}
private function defineRoles(Permission $authorizator)
{
$authorizator->addRole('employee');
$authorizator->addRole('admin');
}
/**
* Helping function to add roles from database, for roles which parents was not defined yet
* @param string $role
* @param mixed $parent
*/
public function addRole($role, $parents = null)
{
if ($this->hasRole($role)) {
return $this;
}
$parents = array();
if (isset($this->rolesRels[$role]) && is_array($this->rolesRels[$role])) {
foreach ($this->rolesRels[$role] as $parent) {
if (!$this->hasRole($parent)) {
$this->addRole($parent);
}
$parents[$role] = $parent;
}
} else {
$parents[$role] = null;
}
return parent::addRole($role, isset($parents[$role]) ? $parents[$role] : null);
}
/**
* Get raw permissions without privileges.
*
* @return Permission
*/
public function getRawPermissions()
{
$permission = new Permission();
foreach ($this->scanResources() as $resource => $privileges) {
$permission->addResource($resource);
}
foreach ($this->defaultRoles as $role) {
if (!$permission->hasRole($role)) {
$permission->addRole($role);
}
}
return $permission;
}
private function loadRoles(Permission $acl)
{
$roles = $this->em->createQuery('SELECT r, parent FROM ' . Role::class . ' r
LEFT JOIN r.parent parent
ORDER BY r.parent ASC')->execute();
/** @var Role $role */
foreach ($roles as $role) {
$acl->addRole($role->getName(), $role->hasParent() ? $role->getParentName() : null);
}
$acl->addRole(Role::GOD);
}
