Example #1
0
 /**
  * Returns permissions assigned to a specific role
  * @param Zend_Db_Table_Row_Abstract $resource
  * @param Zend_Db_Table_Row_Abstract $role
  * @return Ambigous <Zend_Db_Table_Row_Abstract, NULL, unknown>
  */
 function getByResource(Zend_Db_Table_Row_Abstract $resource, Zend_Db_Table_Row_Abstract $role)
 {
     #var_dump($role);
     $select = $this->select()->setIntegrityCheck(false)->from(array('perm' => $this->_name), array('privilege', 'role_id'))->joinInner(array('rop' => Zend_Registry::get('tablePrefix') . 'acl_role'), 'perm.role_id = rop.id', 'rop.name')->where("role_id = ?", $role->id, Zend_Db::INT_TYPE)->where("resource_id = ?", $resource->id, Zend_Db::INT_TYPE)->limit(1);
     #echo $select->__toString().'<br>'
     $mdlRole = new Acl_Model_Role();
     $select2 = $mdlRole->select()->order('priority DESC')->limit(1);
     if (is_null($this->fetchRow($select))) {
         $childRole = $role->findDependentRowset('Acl_Model_Role', null, $select2)->current();
         if (!is_null($childRole)) {
             return $this->getByResource($resource, $childRole);
         }
     }
     /*else {
     			return $this->fetchRow($select);
     		}*/
     return $this->fetchRow($select);
 }
Example #2
0
 /**
  * PreDispatch method for ACL Plugin. It checks if current user has privileges for resources requested 
  * @see Zend_Controller_Plugin_Abstract::preDispatch()
  * @param Zend_Controller_Request_Abstract $request 
  */
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     try {
         $frontendOptions = array('lifetime' => 43200, 'automatic_serialization' => true);
         $backendOptions = array('cache_dir' => APPLICATION_CACHE_PATH);
         $cache = Zend_Cache::factory('Core', 'File', $frontendOptions, $backendOptions);
         // fetch the current user
         $auth = Zend_Auth::getInstance();
         if ($auth->hasIdentity()) {
             $identity = $auth->getIdentity();
             $objRole->id = $identity->role_id;
             // get an instance of Zend_Session_Namespace used by Zend_Auth
             #$authns = new Zend_Session_Namespace($auth->getStorage()->getNamespace());
             // set an expiration on the Zend_Auth namespace where identity is held
             #$authns->setExpirationSeconds(60 * 30);  // expire auth storage after 30 min
         } else {
             $objRole->id = 3;
             # guess
         }
         $cacheACL = false;
         if ($cache->load('cacheACL_' . $objRole->id) && $cache->test('cacheACL_' . $objRole->id)) {
             $cacheACL = $cache->load('cacheACL_' . $objRole->id);
         }
         if ($cacheACL == false) {
             // set up acl
             $acl = new Zend_Acl();
             $mdlRole = new Acl_Model_Role();
             $mdlResource = new Acl_Model_Resource();
             $mdlPermission = new Acl_Model_Permission();
             #$role = $mdlRole->createRow();
             $acl->addRole(new Zend_Acl_Role($objRole->id));
             $role = $mdlRole->find($objRole->id)->current();
             #var_dump($role, $objRole->id);
             #die();
             if ($role == null) {
                 throw new Zend_Exception('Role not found');
             }
             $select = $mdlRole->select()->order('priority DESC')->limit(1);
             $childRole = $role->findDependentRowset('Acl_Model_Role', null, $select)->current();
             $resources = $mdlResource->getRegisteredList();
             #if ( !$resources ) throw new Zend_Exception('Resources not available');
             if ($resources->count() > 0) {
                 foreach ($resources as $resource) {
                     $resourceTemp = strtolower($resource->module . ':' . $resource->controller);
                     if (!$acl->has(new Zend_Acl_Resource($resourceTemp))) {
                         $acl->addResource(new Zend_Acl_Resource($resourceTemp));
                     }
                 }
             } else {
                 throw new Zend_Exception('Resources not available');
             }
             if ($resources->count() > 0) {
                 foreach ($resources as $resource) {
                     $resourceTemp = strtolower($resource->module . ':' . $resource->controller);
                     $childPrivilege = $childRole ? $mdlPermission->getByResource($resource, $childRole) : null;
                     $rolePrivilege = $mdlPermission->getByResource($resource, $role);
                     if ($objRole->id < 2) {
                         $acl->allow($objRole->id, $resourceTemp, $resource->actioncontroller);
                     } elseif (!$childRole && !$rolePrivilege || strcasecmp($rolePrivilege->privilege, 'deny') == 0 || $childPrivilege && strcasecmp($childPrivilege->privilege, 'deny') == 0 && !$rolePrivilege) {
                         $acl->deny($objRole->id, $resourceTemp, $resource->actioncontroller);
                     } elseif (strcasecmp($rolePrivilege->privilege, 'allow') == 0 || $childPrivilege && strcasecmp($childPrivilege->privilege, 'allow') == 0 && !$rolePrivilege) {
                         $acl->allow($objRole->id, $resourceTemp, $resource->actioncontroller);
                     }
                 }
                 # foreach ( $resources as $resource )
             }
             # if ( $resources->count() > 0 )
             $cache->save($acl, 'cacheACL_' . $objRole->id);
             Zend_Registry::set('ZendACL', $acl);
         } else {
             Zend_Registry::set('ZendACL', $cacheACL);
         }
         Zend_Registry::set('cacheACL', $cache);
     } catch (Exception $e) {
         try {
             $writer = new Zend_Log_Writer_Stream(APPLICATION_LOG_PATH . 'plugins.log');
             $logger = new Zend_Log($writer);
             $logger->log($e->getMessage(), Zend_Log::ERR);
         } catch (Exception $e) {
         }
     }
 }
 /**
  * Manage action for Permission controller
  * @throws Zend_Exception
  * @return NULL
  */
 public function manageAction()
 {
     try {
         $translate = Zend_Registry::get('Zend_Translate');
         $roleId = $this->getRequest()->getParam('role', 0);
         $mdlRole = new Acl_Model_Role();
         $role = $mdlRole->find($roleId)->current();
         if (!$role) {
             throw new Exception($translate->translate("LBL_ROW_NOT_FOUND"));
         }
         $select = $mdlRole->select()->order('priority DESC')->limit(1);
         $childRole = $role->findDependentRowset('Acl_Model_Role', null, $select)->current();
         $frmManageResource = new Acl_Form_ManageResources();
         $action = $this->_request->getBaseUrl() . "/acl/permission/update";
         $frmManageResource->setAction($action);
         $frmManageResource->getElement('id')->setValue($role->id);
         $mdlResource = new Acl_Model_Resource();
         $mdlPermission = new Acl_Model_Permission();
         $modules = $mdlResource->getModules();
         $zfelements = array();
         $resourceDataIds = array();
         $order = 1;
         foreach ($modules as $module) {
             $resources = $mdlResource->getByModule($module);
             if (!array_key_exists(strtolower($module->module), $zfelements)) {
                 $zfelements[strtolower($module->module)] = array();
             }
             foreach ($resources as $resource) {
                 $resourceDataIds[] = $resource->id;
                 $cbResource = new Zend_Form_Element_Select("cb_res_" . $resource->id);
                 $zfelements[strtolower($module->module)][] = "cb_res_" . $resource->id;
                 $lblResource = $resource->controller . ' / ' . $resource->actioncontroller;
                 $cbResource->setLabel($lblResource);
                 $childPrivilege = $childRole ? $mdlPermission->getByResource($resource, $childRole) : null;
                 $rolePrivilege = $mdlPermission->getByResource($resource, $role);
                 #var_dump($childPrivilege, $rolePrivilege, $lblResource);
                 /*if ( strcasecmp($resource->controller, 'tag') == 0 && strcasecmp($resource->actioncontroller, 'list') == 0 ){
                       Zend_Debug::dump( $childPrivilege, 'child privilege' );
                       Zend_Debug::dump( $rolePrivilege, 'role privilege' );
                   }*/
                 if ($childPrivilege == null && $rolePrivilege == null) {
                     $cbResource->addMultiOption('deny', $translate->translate("ACL_DENIED_DEFAULT"));
                     $cbResource->addMultiOption('allow', $translate->translate("ACL_ALLOW"));
                 } elseif (isset($rolePrivilege->privilege) && strcasecmp($rolePrivilege->privilege, 'allow') == 0) {
                     $cbResource->addMultiOption('allow', $translate->translate("ACL_ALLOW"));
                     $cbResource->addMultiOption('deny', $translate->translate("ACL_DENY"));
                 } elseif (isset($rolePrivilege->privilege) && strcasecmp($rolePrivilege->privilege, 'deny') == 0) {
                     $cbResource->addMultiOption('deny', $translate->translate("ACL_DENY"));
                     $cbResource->addMultiOption('allow', $translate->translate("ACL_ALLOW"));
                 } elseif ($childPrivilege && strcasecmp($childPrivilege->privilege, 'allow') == 0 && !$rolePrivilege) {
                     $cbResource->addMultiOption('allow', sprintf($translate->translate("ACL_ALLOWED_INHERITED_FROM"), $privilege->name));
                     $cbResource->addMultiOption('deny', $translate->translate("ACL_DENY"));
                 } elseif ($childPrivilege && strcasecmp($childPrivilege->privilege, 'deny') == 0 && !$rolePrivilege) {
                     $cbResource->addMultiOption('deny', sprintf($translate->translate("ACL_DENIED_INHERITED_FROM"), $privilege->name));
                     $cbResource->addMultiOption('allow', $translate->translate("ACL_ALLOW"));
                 }
                 $cbResource->setOrder($order);
                 $frmManageResource->addElement($cbResource);
                 $order++;
             }
         }
         #$frmManageResource->getMessages()
         $resourceDataIds = implode(',', $resourceDataIds);
         $hrs = new Zend_Session_Namespace('resourceDataIds');
         $hrs->hrs = $resourceDataIds;
         #$frmManageResource->getElement('hrs')->setValue( $resourceDataIds );
         $this->view->modules = $modules;
         $this->view->zfelements = $zfelements;
         $this->view->role = $role;
         $this->view->formResources = $frmManageResource;
         $fields = array();
         foreach ($frmManageResource->getElements() as $element) {
             $fields[] = $element->getName();
         }
         $frmManageResource->addDisplayGroup($fields, 'form', array('legend' => "ACL_UPDATE_ROLE"));
     } catch (Exception $e) {
         $this->_helper->flashMessenger->addMessage(array('type' => 'error', 'header' => '', 'message' => $e->getMessage()));
         $this->_helper->redirector("list", "role", "acl");
     }
     return null;
 }