/**
* Returns permissions assigned to a specific role
* @param Zend_Db_Table_Row_Abstract $resource
* @param Zend_Db_Table_Row_Abstract $role
* @return Ambigous <Zend_Db_Table_Row_Abstract, NULL, unknown>
*/
function getByResource(Zend_Db_Table_Row_Abstract $resource, Zend_Db_Table_Row_Abstract $role)
{
#var_dump($role);
$select = $this->select()->setIntegrityCheck(false)->from(array('perm' => $this->_name), array('privilege', 'role_id'))->joinInner(array('rop' => Zend_Registry::get('tablePrefix') . 'acl_role'), 'perm.role_id = rop.id', 'rop.name')->where("role_id = ?", $role->id, Zend_Db::INT_TYPE)->where("resource_id = ?", $resource->id, Zend_Db::INT_TYPE)->limit(1);
#echo $select->__toString().'<br>'
$mdlRole = new Acl_Model_Role();
$select2 = $mdlRole->select()->order('priority DESC')->limit(1);
if (is_null($this->fetchRow($select))) {
$childRole = $role->findDependentRowset('Acl_Model_Role', null, $select2)->current();
if (!is_null($childRole)) {
return $this->getByResource($resource, $childRole);
}
}
/*else {
return $this->fetchRow($select);
}*/
return $this->fetchRow($select);
}
/**
* PreDispatch method for ACL Plugin. It checks if current user has privileges for resources requested
* @see Zend_Controller_Plugin_Abstract::preDispatch()
* @param Zend_Controller_Request_Abstract $request
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
try {
$frontendOptions = array('lifetime' => 43200, 'automatic_serialization' => true);
$backendOptions = array('cache_dir' => APPLICATION_CACHE_PATH);
$cache = Zend_Cache::factory('Core', 'File', $frontendOptions, $backendOptions);
// fetch the current user
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$identity = $auth->getIdentity();
$objRole->id = $identity->role_id;
// get an instance of Zend_Session_Namespace used by Zend_Auth
#$authns = new Zend_Session_Namespace($auth->getStorage()->getNamespace());
// set an expiration on the Zend_Auth namespace where identity is held
#$authns->setExpirationSeconds(60 * 30); // expire auth storage after 30 min
} else {
$objRole->id = 3;
# guess
}
$cacheACL = false;
if ($cache->load('cacheACL_' . $objRole->id) && $cache->test('cacheACL_' . $objRole->id)) {
$cacheACL = $cache->load('cacheACL_' . $objRole->id);
}
if ($cacheACL == false) {
// set up acl
$acl = new Zend_Acl();
$mdlRole = new Acl_Model_Role();
$mdlResource = new Acl_Model_Resource();
$mdlPermission = new Acl_Model_Permission();
#$role = $mdlRole->createRow();
$acl->addRole(new Zend_Acl_Role($objRole->id));
$role = $mdlRole->find($objRole->id)->current();
#var_dump($role, $objRole->id);
#die();
if ($role == null) {
throw new Zend_Exception('Role not found');
}
$select = $mdlRole->select()->order('priority DESC')->limit(1);
$childRole = $role->findDependentRowset('Acl_Model_Role', null, $select)->current();
$resources = $mdlResource->getRegisteredList();
#if ( !$resources ) throw new Zend_Exception('Resources not available');
if ($resources->count() > 0) {
foreach ($resources as $resource) {
$resourceTemp = strtolower($resource->module . ':' . $resource->controller);
if (!$acl->has(new Zend_Acl_Resource($resourceTemp))) {
$acl->addResource(new Zend_Acl_Resource($resourceTemp));
}
}
} else {
throw new Zend_Exception('Resources not available');
}
if ($resources->count() > 0) {
foreach ($resources as $resource) {
$resourceTemp = strtolower($resource->module . ':' . $resource->controller);
$childPrivilege = $childRole ? $mdlPermission->getByResource($resource, $childRole) : null;
$rolePrivilege = $mdlPermission->getByResource($resource, $role);
if ($objRole->id < 2) {
$acl->allow($objRole->id, $resourceTemp, $resource->actioncontroller);
} elseif (!$childRole && !$rolePrivilege || strcasecmp($rolePrivilege->privilege, 'deny') == 0 || $childPrivilege && strcasecmp($childPrivilege->privilege, 'deny') == 0 && !$rolePrivilege) {
$acl->deny($objRole->id, $resourceTemp, $resource->actioncontroller);
} elseif (strcasecmp($rolePrivilege->privilege, 'allow') == 0 || $childPrivilege && strcasecmp($childPrivilege->privilege, 'allow') == 0 && !$rolePrivilege) {
$acl->allow($objRole->id, $resourceTemp, $resource->actioncontroller);
}
}
# foreach ( $resources as $resource )
}
# if ( $resources->count() > 0 )
$cache->save($acl, 'cacheACL_' . $objRole->id);
Zend_Registry::set('ZendACL', $acl);
} else {
Zend_Registry::set('ZendACL', $cacheACL);
}
Zend_Registry::set('cacheACL', $cache);
} catch (Exception $e) {
try {
$writer = new Zend_Log_Writer_Stream(APPLICATION_LOG_PATH . 'plugins.log');
$logger = new Zend_Log($writer);
$logger->log($e->getMessage(), Zend_Log::ERR);
} catch (Exception $e) {
}
}
}
/**
* Manage action for Permission controller
* @throws Zend_Exception
* @return NULL
*/
public function manageAction()
{
try {
$translate = Zend_Registry::get('Zend_Translate');
$roleId = $this->getRequest()->getParam('role', 0);
$mdlRole = new Acl_Model_Role();
$role = $mdlRole->find($roleId)->current();
if (!$role) {
throw new Exception($translate->translate("LBL_ROW_NOT_FOUND"));
}
$select = $mdlRole->select()->order('priority DESC')->limit(1);
$childRole = $role->findDependentRowset('Acl_Model_Role', null, $select)->current();
$frmManageResource = new Acl_Form_ManageResources();
$action = $this->_request->getBaseUrl() . "/acl/permission/update";
$frmManageResource->setAction($action);
$frmManageResource->getElement('id')->setValue($role->id);
$mdlResource = new Acl_Model_Resource();
$mdlPermission = new Acl_Model_Permission();
$modules = $mdlResource->getModules();
$zfelements = array();
$resourceDataIds = array();
$order = 1;
foreach ($modules as $module) {
$resources = $mdlResource->getByModule($module);
if (!array_key_exists(strtolower($module->module), $zfelements)) {
$zfelements[strtolower($module->module)] = array();
}
foreach ($resources as $resource) {
$resourceDataIds[] = $resource->id;
$cbResource = new Zend_Form_Element_Select("cb_res_" . $resource->id);
$zfelements[strtolower($module->module)][] = "cb_res_" . $resource->id;
$lblResource = $resource->controller . ' / ' . $resource->actioncontroller;
$cbResource->setLabel($lblResource);
$childPrivilege = $childRole ? $mdlPermission->getByResource($resource, $childRole) : null;
$rolePrivilege = $mdlPermission->getByResource($resource, $role);
#var_dump($childPrivilege, $rolePrivilege, $lblResource);
/*if ( strcasecmp($resource->controller, 'tag') == 0 && strcasecmp($resource->actioncontroller, 'list') == 0 ){
Zend_Debug::dump( $childPrivilege, 'child privilege' );
Zend_Debug::dump( $rolePrivilege, 'role privilege' );
}*/
if ($childPrivilege == null && $rolePrivilege == null) {
$cbResource->addMultiOption('deny', $translate->translate("ACL_DENIED_DEFAULT"));
$cbResource->addMultiOption('allow', $translate->translate("ACL_ALLOW"));
} elseif (isset($rolePrivilege->privilege) && strcasecmp($rolePrivilege->privilege, 'allow') == 0) {
$cbResource->addMultiOption('allow', $translate->translate("ACL_ALLOW"));
$cbResource->addMultiOption('deny', $translate->translate("ACL_DENY"));
} elseif (isset($rolePrivilege->privilege) && strcasecmp($rolePrivilege->privilege, 'deny') == 0) {
$cbResource->addMultiOption('deny', $translate->translate("ACL_DENY"));
$cbResource->addMultiOption('allow', $translate->translate("ACL_ALLOW"));
} elseif ($childPrivilege && strcasecmp($childPrivilege->privilege, 'allow') == 0 && !$rolePrivilege) {
$cbResource->addMultiOption('allow', sprintf($translate->translate("ACL_ALLOWED_INHERITED_FROM"), $privilege->name));
$cbResource->addMultiOption('deny', $translate->translate("ACL_DENY"));
} elseif ($childPrivilege && strcasecmp($childPrivilege->privilege, 'deny') == 0 && !$rolePrivilege) {
$cbResource->addMultiOption('deny', sprintf($translate->translate("ACL_DENIED_INHERITED_FROM"), $privilege->name));
$cbResource->addMultiOption('allow', $translate->translate("ACL_ALLOW"));
}
$cbResource->setOrder($order);
$frmManageResource->addElement($cbResource);
$order++;
}
}
#$frmManageResource->getMessages()
$resourceDataIds = implode(',', $resourceDataIds);
$hrs = new Zend_Session_Namespace('resourceDataIds');
$hrs->hrs = $resourceDataIds;
#$frmManageResource->getElement('hrs')->setValue( $resourceDataIds );
$this->view->modules = $modules;
$this->view->zfelements = $zfelements;
$this->view->role = $role;
$this->view->formResources = $frmManageResource;
$fields = array();
foreach ($frmManageResource->getElements() as $element) {
$fields[] = $element->getName();
}
$frmManageResource->addDisplayGroup($fields, 'form', array('legend' => "ACL_UPDATE_ROLE"));
} catch (Exception $e) {
$this->_helper->flashMessenger->addMessage(array('type' => 'error', 'header' => '', 'message' => $e->getMessage()));
$this->_helper->redirector("list", "role", "acl");
}
return null;
}