/**
  * Manage permissions
  */
 protected function adminPermissions()
 {
     $resource = new \core_kernel_classes_Resource($this->getRequestParameter('id'));
     $accessRights = AdminService::getUsersPermissions($resource->getUri());
     $userList = $this->getUserList();
     $roleList = $this->getRoleList();
     $this->setData('privileges', PermissionProvider::getRightLabels());
     $userData = array();
     foreach (array_keys($accessRights) as $uri) {
         if (isset($userList[$uri])) {
             $userData[$uri] = array('label' => $userList[$uri], 'isRole' => false);
             unset($userList[$uri]);
         } elseif (isset($roleList[$uri])) {
             $userData[$uri] = array('label' => $roleList[$uri], 'isRole' => true);
             unset($roleList[$uri]);
         } else {
             \common_Logger::d('unknown user ' . $uri);
         }
     }
     $this->setData('users', $userList);
     $this->setData('roles', $roleList);
     $this->setData('userPrivileges', $accessRights);
     $this->setData('userData', $userData);
     $this->setData('uri', $resource->getUri());
     $this->setData('label', _dh($resource->getLabel()));
     $this->setView('AdminAccessController/index.tpl');
 }
 /**
  * (non-PHPdoc)
  * @see \oat\generis\model\data\PermissionInterface::onResourceCreated()
  */
 public function onResourceCreated(\core_kernel_classes_Resource $resource)
 {
     $dbAccess = new DataBaseAccess();
     // test if class
     $class = new \core_kernel_classes_Class($resource);
     foreach (array_merge($resource->getTypes(), $class->getParentClasses()) as $parent) {
         foreach (AdminService::getUsersPermissions($parent->getUri()) as $userUri => $rights) {
             $dbAccess->addPermissions($userUri, $resource->getUri(), $rights);
         }
     }
 }
Ejemplo n.º 3
0
 /**
  * 
  * @param string $currentVersion
  * @return string $versionUpdatedTo
  */
 public function update($initialVersion)
 {
     $currentVersion = $initialVersion;
     if ($currentVersion == '1.0') {
         $impl = new PermissionProvider();
         // add read access to Items
         $class = new \core_kernel_classes_Class(TAO_ITEM_CLASS);
         AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, array('READ'));
         // add backoffice user rights to Tests
         $class = new \core_kernel_classes_Class(TAO_TEST_CLASS);
         AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, $impl->getSupportedRights());
         $currentVersion = '1.0.1';
     }
     return $currentVersion;
 }
 /**
  * (non-PHPdoc)
  * @see \oat\generis\model\data\PermissionInterface::onResourceCreated()
  */
 public function onResourceCreated(\core_kernel_classes_Resource $resource)
 {
     $dbAccess = new DataBaseAccess();
     // verify resource is created
     $permissions = $dbAccess->getResourcePermissions($resource->getUri());
     if (empty($permissions)) {
         // treat resources as classes without parent classes
         $class = new \core_kernel_classes_Class($resource);
         foreach (array_merge($resource->getTypes(), $class->getParentClasses()) as $parent) {
             foreach (AdminService::getUsersPermissions($parent->getUri()) as $userUri => $rights) {
                 $dbAccess->addPermissions($userUri, $resource->getUri(), $rights);
             }
         }
     }
 }
Ejemplo n.º 5
0
 /**
  * 
  * @param string $currentVersion
  * @return string $versionUpdatedTo
  */
 public function update($initialVersion)
 {
     $currentVersion = $initialVersion;
     if ($currentVersion == '1.0') {
         $impl = new PermissionProvider();
         // add read access to Items
         $class = new \core_kernel_classes_Class(TAO_ITEM_CLASS);
         AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, array('READ'));
         // add backoffice user rights to Tests
         $class = new \core_kernel_classes_Class(TAO_TEST_CLASS);
         AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, $impl->getSupportedRights());
         $currentVersion = '1.0.1';
     }
     if ($currentVersion == '1.0.1') {
         $currentVersion = '1.0.2';
     }
     if ($currentVersion == '1.0.2') {
         $taoClass = new \core_kernel_classes_Class(TAO_OBJECT_CLASS);
         $classAdmin = new AdminAction();
         ClassActionRegistry::getRegistry()->registerAction($taoClass, $classAdmin);
         $currentVersion = '1.1';
     }
     if ($currentVersion == '1.1') {
         $classesToAdd = array(new \core_kernel_classes_Class(CLASS_GENERIS_USER), new \core_kernel_classes_Class(CLASS_ROLE));
         // add admin to new instances
         $classAdmin = new AdminAction();
         foreach ($classesToAdd as $class) {
             ClassActionRegistry::getRegistry()->registerAction($class, $classAdmin);
         }
         // add base permissions to new classes
         $taoClass = new \core_kernel_classes_Class(TAO_OBJECT_CLASS);
         foreach ($taoClass->getSubClasses(false) as $class) {
             if (!in_array($class->getUri(), array(TAO_ITEM_CLASS, TAO_TEST_CLASS))) {
                 $classesToAdd[] = $class;
             }
         }
         $rights = PermissionManager::getPermissionModel()->getSupportedRights();
         foreach ($classesToAdd as $class) {
             if (count(AdminService::getUsersPermissions($class->getUri())) == 0) {
                 AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, $rights);
             } else {
                 \common_Logger::w('Unexpected rights present for ' . $class->getUri());
             }
         }
         $currentVersion = '1.2.0';
     }
     return $currentVersion;
 }
 /**
  * Manage permissions
  * @requiresRight id GRANT
  */
 public function adminPermissions()
 {
     $resource = new \core_kernel_classes_Resource($this->getRequestParameter('id'));
     $accessRights = AdminService::getUsersPermissions($resource->getUri());
     $this->setData('privileges', PermissionProvider::getRightLabels());
     $users = array();
     $roles = array();
     foreach ($accessRights as $uri => $privileges) {
         $identity = new \core_kernel_classes_Resource($uri);
         if ($identity->isInstanceOf(\tao_models_classes_RoleService::singleton()->getRoleClass())) {
             $roles[$uri] = array('label' => $identity->getLabel(), 'privileges' => $privileges);
         } else {
             $users[$uri] = array('label' => $identity->getLabel(), 'privileges' => $privileges);
         }
     }
     $this->setData('users', $users);
     $this->setData('roles', $roles);
     $this->setData('isClass', $resource->isClass());
     $this->setData('uri', $resource->getUri());
     $this->setData('label', _dh($resource->getLabel()));
     $this->setView('AdminAccessController/index.tpl');
 }
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 *
 * Copyright (c) 2013 (original work) Open Assessment Technologies SA (under the project TAO-PRODUCT);
 *
 *
 */
use oat\taoDacSimple\model\DataBaseAccess;
use oat\generis\model\data\permission\PermissionManager;
use oat\taoDacSimple\model\PermissionProvider;
use oat\taoDacSimple\model\AdminService;
$persistence = common_persistence_Manager::getPersistence('default');
$schemaManager = $persistence->getDriver()->getSchemaManager();
$schema = $schemaManager->createSchema();
$fromSchema = clone $schema;
$table = $schema->createtable(DataBaseAccess::TABLE_PRIVILEGES_NAME);
$table->addColumn('user_id', "string", array("notnull" => null, "length" => 255));
$table->addColumn('resource_id', "string", array("notnull" => null, "length" => 255));
$table->addColumn('privilege', "string", array("notnull" => null, "length" => 255));
$table->setPrimaryKey(array("user_id", "resource_id", "privilege"));
$queries = $persistence->getPlatform()->getMigrateSchemaSql($fromSchema, $schema);
foreach ($queries as $query) {
    $persistence->exec($query);
}
$impl = new PermissionProvider();
PermissionManager::setPermissionModel($impl);
$rights = $impl->getSupportedRights();
foreach (PermissionProvider::getSupportedRootClasses() as $class) {
    AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, $rights);
}