public function revokeRule(AccessRule $rule)
{
if ($rule->isGrant()) {
$accessService = funcAcl_models_classes_AccessService::singleton();
$elements = $this->evalFilterMask($rule->getMask());
switch (count($elements)) {
case 1:
$extension = reset($elements);
$accessService->revokeExtensionAccess($rule->getRole(), $extension);
break;
case 2:
list($extension, $shortName) = $elements;
$accessService->revokeModuleAccess($rule->getRole(), $extension, $shortName);
break;
case 3:
list($extension, $shortName, $action) = $elements;
$accessService->revokeActionAccess($rule->getRole(), $extension, $shortName, $action);
break;
default:
// fail silently warning should already be send
}
} else {
common_Logger::w('Only grant rules accepted in ' . __CLASS__);
}
}
public function revokeRule(AccessRule $rule)
{
if ($rule->getRole()->getUri() == INSTANCE_ROLE_ANONYMOUS) {
$mask = $rule->getMask();
$ruleString = $mask['ext'] . '::' . (isset($mask['mod']) ? $mask['mod'] : '*') . '::' . (isset($mask['act']) ? $mask['act'] : '*');
$remaining = array_diff(explode(',', $this->whitelist), array($ruleString));
$this->whitelist = implode(',', $remaining);
$ext = common_ext_ExtensionsManager::singleton()->getExtensionById('tao');
common_ext_ExtensionsManager::singleton()->getExtensionById('tao')->setConfig(self::WHITELIST_KEY, $this->whitelist);
}
}
public function revokeRule(AccessRule $rule)
{
if ($rule->getRole()->getUri() === INSTANCE_ROLE_ANONYMOUS) {
$ext = common_ext_ExtensionsManager::singleton()->getExtensionById('tao');
$this->controllers = $ext->hasConfig(self::WHITELIST_KEY) ? $ext->getConfig(self::WHITELIST_KEY) : array();
$mask = $rule->getMask();
if (isset($mask['ext']) && !isset($mask['mod'])) {
foreach (ControllerHelper::getControllers($mask['ext']) as $controllerClassName) {
unset($this->controllers[$controllerClassName]);
}
} elseif (isset($mask['ext']) && isset($mask['mod']) && !isset($mask['act'])) {
unset($this->controllers[FuncHelper::getClassName($mask['ext'], $mask['mod'])]);
} elseif (isset($mask['ext']) && isset($mask['mod']) && isset($mask['act'])) {
$controller = FuncHelper::getClassName($mask['ext'], $mask['mod']);
if (isset($this->controllers[$controller])) {
unset($this->controllers[$controller][$mask['act']]);
if (0 === count($this->controllers[$controller])) {
unset($this->controllers[$controller]);
}
}
} elseif (isset($mask['controller'])) {
unset($this->controllers[$mask['controller']]);
} elseif (isset($mask['act']) && strpos($mask['act'], '@') !== false) {
list($controller, $action) = explode('@', $mask['act'], 2);
if (isset($this->controllers[$controller])) {
unset($this->controllers[$controller][$action]);
if (0 === count($this->controllers[$controller])) {
unset($this->controllers[$controller]);
}
}
} else {
\common_Logger::w('Unrecognised mask keys: ' . implode(',', array_keys($mask)));
}
$ext->setConfig(self::WHITELIST_KEY, $this->controllers);
}
}
public function revokeRule(AccessRule $rule)
{
if ($rule->isGrant()) {
$accessService = funcAcl_models_classes_AccessService::singleton();
$filter = $rule->getMask();
if (isset($filter['act']) && isset($filter['mod']) && isset($filter['ext'])) {
$accessService->revokeActionAccess($rule->getRole(), $filter['ext'], $filter['mod'], $filter['act']);
} elseif (isset($filter['mod']) && isset($filter['ext'])) {
$accessService->revokeModuleAccess($rule->getRole(), $filter['ext'], $filter['mod']);
} elseif (isset($filter['ext'])) {
$accessService->revokeExtensionAccess($rule->getRole(), $filter['ext']);
} elseif (isset($filter['controller'])) {
$extension = funcAcl_helpers_Map::getExtensionFromController($filter['controller']);
$shortName = strpos($filter['controller'], '\\') !== false ? substr($filter['controller'], strrpos($filter['controller'], '\\') + 1) : substr($filter['controller'], strrpos($filter['controller'], '_') + 1);
$accessService->revokeModuleAccess($rule->getRole(), $extension, $shortName);
} elseif (isset($filter['act']) && strpos($filter['act'], '@') !== false) {
list($controller, $action) = explode('@', $mask['act'], 2);
$extension = funcAcl_helpers_Map::getExtensionFromController($controller);
$shortName = strpos($controller, '\\') !== false ? substr($controller, strrpos($controller, '\\') + 1) : substr($controller, strrpos($controller, '_') + 1);
$accessService->revokeActionAccess($rule->getRole(), $extension, $shortName, $action);
} else {
common_Logger::w('Uninterpretable filter in ' . __CLASS__);
}
} else {
common_Logger::w('Only grant rules accepted in ' . __CLASS__);
}
}
