public function uninstall()
{
// Get DB connection
try {
$DB = Database::getConnection();
} catch (Exception $e) {
SystemLog::add('This extension requires a database. (' . $e->getMessage() . ')', SystemLog::WARNING);
return FALSE;
}
// Table definitions
$tables = array('acl_repo', 'acl_role', 'acl_resource', 'acl_role_member', 'acl_type', 'acl_entry');
// Create tables
try {
$DB->beginTransaction();
foreach ($tables as $table) {
if (!ModelManager::sqlQuery('DROP TABLE IF EXISTS ' . $table)) {
throw new PDOException("Invalid SQL");
}
}
$DB->commit();
return TRUE;
} catch (PDOException $e) {
SystemLog::add($e->getMessage(), SystemLog::WARNING);
try {
$DB->rollBack();
} catch (PDOException $e) {
SystemLog::add($e->getMessage(), SystemLog::WARNING);
}
}
// Catch-all result
return FALSE;
}
public function whichAllowed($permissions, $resource, $resultFormat = self::RETURN_OBJECTS)
{
// Load resource from a given alias
$alias = $resource;
if (is_string($resource) && !($resource = $this->loadResourceByAlias($resource))) {
throw new BuanException("Could not find AclResource with an alias of '{$alias}'");
return FALSE;
}
// If $resource is not persistent, we have to test all in-memory child
// resources and return as an array, ignoring $resultFormat.
// TODO: Why ignore $resultFormat?
if (!$resource->isInDatabase()) {
$childResources = $resource->getRelatedModels('AclResource', ModelRelation::REF_PARENT);
$allowed = array();
foreach ($childResources as $child) {
if ($this->isAllowed($permissions, $child)) {
$allowed[] = $child;
}
}
return $allowed;
}
// Get inheritable result first
$inheritable = $this->isAllowed($permissions, $resource);
// Convert $permissions to an array
if (!is_array($permissions)) {
$permissions = explode(",", preg_replace("/[^a-z0-9_\\-\\*,]/i", "", strtolower($permissions)));
}
$permissions = array_unique($permissions);
// Build list of AclRole IDs which affect $role.
// TODO: Order may be significant when I get around to using it. ie. A
// User is more significant, has more weight, than it's parent group,
// and so on up the hierarchy.
$parents = $this->getAncestors();
$roleIds = array();
foreach ($parents as $p) {
$roleIds[] = $p->id;
}
$roleIds[] = $this->id;
// TODO
// The code below doesn't yet take into account any AclEntry models
// that may just be in-memory, eg from:
// $role->load();
// $role->allow('view', 'resource');
// $role->whichAllowed();
//
// It only searches in the DB. Change to look through in-memory AclEntries
// too.
// Gather all allowable resources
$resultFields = $resultFormat == self::RETURN_OBJECTS ? 'R.*' : 'R.id';
$sql = 'SELECT ' . $resultFields . ' FROM acl_resource AS R
LEFT JOIN acl_entry AS E ON R.id=E.acl_resource_id
WHERE R.parent_id=' . $resource->id . ' AND (';
if ($inheritable) {
$sql .= 'E.acl_resource_id IS NULL OR (E.acl_role_id<>' . implode(" AND E.acl_role_id<>", $roleIds) . ') OR (E.pdeny<>"*" AND NOT FIND_IN_SET("' . implode('", pdeny) AND NOT FIND_IN_SET("', $permissions) . '", pdeny))';
} else {
$sql .= 'E.acl_role_id=' . implode(" OR E.acl_role_id=", $roleIds) . ' AND (E.pallow="*" OR (FIND_IN_SET("' . implode('") AND FIND_IN_SET("', $permissions) . '", pallow)))';
}
$sql .= ') GROUP BY R.id';
$stmt = ModelManager::sqlQuery($sql);
$idList = array();
while ($row = $stmt->fetch(PDO::FETCH_OBJ)) {
$idList[] = $resultFormat == self::RETURN_IDS ? (int) $row->id : $row;
}
return $idList;
}
