/**
* Returns the permissions for a specific authorization item recursively.
* @param CAuthItem $item the item for which to get permissions.
* @return array the section of the permissions tree.
*/
private function getPermissionsRecursive(CAuthItem $item)
{
$permissions = array();
foreach ($item->getChildren() as $childName => $child) {
$permissions[$childName] = array();
if (($grandChildren = $this->getPermissionsRecursive($child)) !== array()) {
$permissions[$childName] = $grandChildren;
}
}
return $permissions;
}
/**
* Saves an authorization item to persistent storage.
* @param CAuthItem $item the item to be saved.
* @param string $oldName the old item name. If null, it means the item name is not changed.
*/
public function saveAuthItem($item, $oldName = null)
{
if ($oldName !== null && ($newName = $item->getName()) !== $oldName) {
if (isset($this->_items[$newName])) {
throw new CException(Yii::t('yii', 'Unable to change the item name. The name "{name}" is already used by another item.', array('{name}' => $newName)));
}
if (isset($this->_items[$oldName]) && $this->_items[$oldName] === $item) {
unset($this->_items[$oldName]);
$this->_items[$newName] = $item;
if (isset($this->_children[$oldName])) {
$this->_children[$newName] = $this->_children[$oldName];
unset($this->_children[$oldName]);
}
foreach ($this->_children as &$children) {
if (isset($children[$oldName])) {
$children[$newName] = $children[$oldName];
unset($children[$oldName]);
}
}
foreach ($this->_assignments as &$assignments) {
if (isset($assignments[$oldName])) {
$assignments[$newName] = $assignments[$oldName];
unset($assignments[$oldName]);
}
}
}
}
}
/**
* isTaskMenuItemChild
* detecta si un CAuthItem ($item) es un hijo de otro ($posibleSuperior)
* utiliza la sintaxis del atributo Description para detectarlo.
*
* @param CAuthItem $item
* @param CAuthItem $posibleSuperior
* @access public
* @return void
*/
public function isTaskMenuItemChild($item, $posibleSuperior)
{
return $this->getTaskParentMenuName($item) == $posibleSuperior->getName();
}
/**
* Saves an authorization item to persistent storage.
* @param CAuthItem $item the item to be saved.
* @param string $oldName the old item name. If null, it means the item name is not changed.
*/
public function saveAuthItem($item, $oldName = null)
{
if ($this->usingSqlite() && $oldName !== null && $item->getName() !== $oldName) {
$this->db->createCommand()->update($this->itemChildTable, array('parent' => $item->getName()), 'parent=:whereName', array(':whereName' => $oldName));
$this->db->createCommand()->update($this->itemChildTable, array('child' => $item->getName()), 'child=:whereName', array(':whereName' => $oldName));
$this->db->createCommand()->update($this->assignmentTable, array('itemname' => $item->getName()), 'itemname=:whereName', array(':whereName' => $oldName));
}
$this->db->createCommand()->update($this->itemTable, array('name' => $item->getName(), 'type' => $item->getType(), 'description' => $item->getDescription(), 'bizrule' => $item->getBizRule(), 'data' => serialize($item->getData())), 'name=:whereName', array(':whereName' => $oldName === null ? $item->getName() : $oldName));
}
/**
* Saves an authorization item to persistent storage.
* @param CAuthItem $item the item to be saved.
* @param string $oldName the old item name. If null, it means the item name is not changed.
*/
public function saveAuthItem($item, $oldName = null)
{
if ($this->usingSqlite() && $oldName !== null && $item->getName() !== $oldName) {
$sql = "UPDATE {$this->itemChildTable} SET parent=:newName WHERE parent=:name";
$command = $this->db->createCommand($sql);
$command->bindValue(':name', $oldName);
$command->bindValue(':newName', $item->getName());
$command->execute();
$sql = "UPDATE {$this->itemChildTable} SET child=:newName WHERE child=:name";
$command = $this->db->createCommand($sql);
$command->bindValue(':name', $oldName);
$command->bindValue(':newName', $item->getName());
$command->execute();
$sql = "UPDATE {$this->assignmentTable} SET itemname=:newName WHERE itemname=:name";
$command = $this->db->createCommand($sql);
$command->bindValue(':name', $oldName);
$command->bindValue(':newName', $item->getName());
$command->execute();
}
$sql = "UPDATE {$this->itemTable} SET name=:newName, type=:type, description=:description, bizrule=:bizrule, data=:data WHERE name=:name";
$command = $this->db->createCommand($sql);
$command->bindValue(':type', $item->getType());
$command->bindValue(':name', $oldName === null ? $item->getName() : $oldName);
$command->bindValue(':newName', $item->getName());
$command->bindValue(':description', $item->getDescription());
$command->bindValue(':bizrule', $item->getBizRule());
$command->bindValue(':data', serialize($item->getData()));
$command->execute();
}
/**
* Checks the access based on the default roles as declared in {@link defaultRoles}.
* @param string the name of the operation that need access check
* @param array name-value pairs that would be passed to biz rules associated
* with the tasks and roles assigned to the user.
* @return boolean whether the operations can be performed by the user according to the default roles.
* @since 1.0.3
*/
protected function checkDefaultRoles($itemName, $params)
{
$names = array();
foreach ($this->defaultRoles as $role) {
if (is_string($role)) {
$names[] = $this->db->quoteValue($role);
} else {
$names[] = $role;
}
}
if (count($names) < 4) {
$condition = 'name=' . implode(' OR name=', $names);
} else {
$condition = 'name IN (' . implode(', ', $names) . ')';
}
$sql = "SELECT name, type, description, bizrule, data, cond FROM {$this->itemTable} WHERE {$condition}";
$command = $this->db->createCommand($sql);
$rows = $command->queryAll();
foreach ($rows as $row) {
Yii::trace('Checking default role "' . $row['name'] . '"', 'system.web.auth.CDbAuthManager');
$item = new CAuthItem($this, $row['name'], $row['type'], $row['description'], $row['bizrule'], unserialize($row['data']), $row['cond']);
if ($item->checkAccess($itemName, $params)) {
return true;
}
}
return false;
}
/**
* Executes an SQL command and returns auth items with the RBAMAuthItemBehavior attached.
* @param CDbAuthManager owner
* @param string sql to execute
* @return array CAuthItems with RBAMAuthItemBehavior attached
*/
private function itemsFromSql($owner, $sql)
{
$items = array();
foreach ($owner->db->createCommand($sql)->queryAll() as $row) {
if (($data = @unserialize($row['data'])) === false) {
$data = null;
}
$item = new CAuthItem($owner, $row['name'], $row['type'], $row['description'], $row['bizrule'], $data);
$item->attachBehavior('RbamAuthItemBehavior', 'RbamAuthItemBehavior');
$items[$row['name']] = $item;
}
return $items;
}
/**
* Returns the permissions for a specific authorization item recursively.
* @param CAuthItem $item the item for which to get permissions.
* @return array the section of the permissions tree.
*/
private function getPermissionsWithBizRueRecursive(CAuthItem $item)
{
$permissions = array();
foreach ($item->getChildren() as $childName => $child) {
$permissions[$childName]['items'] = array();
if (($grandChildren = $this->getPermissionsRecursive($child)) !== array()) {
$permissions[$childName]['items'] = $grandChildren;
}
$permissions['bizRule'] = $child->bizRule;
}
return $permissions;
}
public function __construct($auth, $name, $type, $description = '', $bizRule = null, $data = null, $condition = null)
{
parent::__construct($auth, $name, $type, $description, $bizRule, $data);
$this->_condition = $condition;
}
