public function loadDefaultRoles()
{
/**
* Only add the nologin role, as the others should come from the database when it is initialized
*/
$this->_acl->addRole(new \Zend_Acl_Role('nologin'));
}
/**
* Action to show all privileges
*/
public function privilegeAction()
{
$privileges = array();
foreach ($this->acl->getPrivilegeRoles() as $privilege => $roles) {
$privileges[$privilege][$this->_('Privilege')] = $privilege;
$privileges[$privilege][$this->_('Allowed')] = $roles[\Zend_Acl::TYPE_ALLOW] ? implode(', ', $roles[\Zend_Acl::TYPE_ALLOW]) : null;
$privileges[$privilege][$this->_('Denied')] = $roles[\Zend_Acl::TYPE_DENY] ? implode(', ', $roles[\Zend_Acl::TYPE_DENY]) : null;
}
// Add unassigned rights to the array too
$all_existing = $this->getUsedPrivileges();
$unassigned = array_diff_key($all_existing, $privileges);
$nonexistent = array_diff_key($privileges, $all_existing);
unset($nonexistent['pr.nologin']);
unset($nonexistent['pr.islogin']);
ksort($nonexistent);
foreach ($unassigned as $privilege => $description) {
$privileges[$privilege] = array($this->_('Privilege') => $privilege, $this->_('Allowed') => null, $this->_('Denied') => null);
}
ksort($privileges);
$this->html->h2($this->_('Project privileges'));
$this->_showTable($this->_('Privileges'), $privileges, true);
// Nonexistent rights are probably left-overs from old installations, this should be cleaned
if (!empty($nonexistent)) {
$this->_showTable($this->_('Assigned but nonexistent privileges'), $nonexistent, true);
}
// $this->acl->echoRules();
}
/**
* Action to show all privileges
*/
public function privilegeAction()
{
$privileges = array();
foreach ($this->acl->getPrivilegeRoles() as $privilege => $roles) {
$privileges[$privilege][$this->_('Privilege')] = $privilege;
$privileges[$privilege][$this->_('Allowed')] = $roles[\Zend_Acl::TYPE_ALLOW] ? implode(', ', $roles[\Zend_Acl::TYPE_ALLOW]) : null;
$privileges[$privilege][$this->_('Denied')] = $roles[\Zend_Acl::TYPE_DENY] ? implode(', ', $roles[\Zend_Acl::TYPE_DENY]) : null;
}
ksort($privileges);
$this->html->h2($this->_('Project privileges'));
$this->_showTable($this->_('Privileges'), $privileges, true);
// $this->acl->echoRules();
}
/**
* Get the privileges for thess parents
*
* @param array $parents
* @return array privilege => setting
*/
protected function getInheritedPrivileges(array $parents)
{
if (!$parents) {
return array();
}
$rolePrivileges = $this->acl->getRolePrivileges();
$inherited = array();
foreach ($parents as $parent) {
if (isset($rolePrivileges[$parent])) {
$inherited = $inherited + array_flip($rolePrivileges[$parent][\Zend_Acl::TYPE_ALLOW]);
$inherited = $inherited + array_flip($rolePrivileges[$parent][\MUtil_Acl::INHERITED][\Zend_Acl::TYPE_ALLOW]);
}
}
// Sneaks in:
unset($inherited[""]);
return $inherited;
}
/**
* Returns true if the role of the current user has the given privilege
*
* @param string $privilege
* @return bool
*/
public function hasPrivilege($privilege)
{
return !$this->acl || $this->acl->isAllowed($this->getRole(), null, $privilege);
}
/**
* Set the visibility of the menu item and any sub items in accordance
* with the specified user role.
*
* @param \Zend_Acl $acl
* @param string $userRole
* @return \Gems_Menu_MenuAbstract (continuation pattern)
*/
protected function applyAcl(\MUtil_Acl $acl, $userRole)
{
if ($this->_subItems) {
foreach ($this->_subItems as $item) {
$allowed = $item->get('allowed', true);
if ($allowed && ($privilege = $item->get('privilege'))) {
$allowed = $acl->isAllowed($userRole, null, $privilege);
}
if ($allowed) {
$item->applyAcl($acl, $userRole);
} else {
// As an item can be invisible but allowed,
// but not disallowed but visible we need to
// set both.
$item->set('allowed', false);
$item->set('visible', false);
$item->setForChildren('allowed', false);
$item->setForChildren('visible', false);
}
}
}
return $this;
}
