/**
* Overrides deleteById() in App_Model
*
* @param int $privilegeId
* @access public
* @return void
*/
public function deleteById($privilegeId)
{
$flipperModel = new Flipper();
$this->delete($this->_db->quoteInto('id = ?', $privilegeId));
$flipperModel->deleteByPrivilegeId($privilegeId);
return TRUE;
}
/**
* Generate the Acl object from the permission file
*
* @return Zend_Acl
*/
private static function _generateFromDb()
{
$aclObject = new Zend_Acl();
$aclObject->deny();
//Get all the models
$backofficeUserModel = new BackofficeUser();
$groupModel = new Group();
$flagModel = new Flag();
$flipperModel = new Flipper();
$privilegeModel = new Privilege();
//Add all groups
$groups = $groupModel->fetchAllThreaded();
foreach ($groups as $group) {
if ($group->parent_name) {
$aclObject->addRole(new Zend_Acl_Role($group->name), $group->parent_name);
} else {
$aclObject->addRole(new Zend_Acl_Role($group->name));
}
}
//Add all users
$users = $backofficeUserModel->findAll();
foreach ($users as $user) {
$aclObject->addRole(new Zend_Acl_Role($user->username), $user->groupNames);
}
//Add all resources
$flags = $flagModel->fetchAll();
foreach ($flags as $flag) {
$aclObject->addResource(new Zend_Acl_Resource($flag->name));
}
//Add hardcoded resources
$aclObject->addResource('frontend-error');
$aclObject->addResource('backoffice-error');
//Populate the ACLs
$flippers = $flipperModel->fetchAll();
foreach ($flippers as $flipper) {
switch (APPLICATION_ENV) {
case APP_STATE_PRODUCTION:
$flag = $flag->active_on_prod;
break;
default:
$flag = $flag->active_on_dev;
}
$privilege = $flipper->findParentRow('Privilege');
$flipper->privilegeName = $privilege->name;
$group = $flipper->findParentRow('Group');
$flipper->groupName = $group->name;
$flag = $flipper->findParentRow('Flag');
$flipper->flagName = $flag->name;
if (Zend_Registry::get('IS_PRODUCTION')) {
$envAllowed = $flag->active_on_prod;
} else {
$envAllowed = $flag->active_on_dev;
}
if ($flipper->allow && $envAllowed) {
$aclObject->allow($flipper->groupName, $flipper->flagName, $flipper->privilegeName);
} else {
$aclObject->deny($flipper->groupName, $flipper->flagName, $flipper->privilegeName);
}
}
//Hardcode basic paths for members
foreach (App_FlagFlippers_Manager::$_membersAllowedResources as $resource) {
$aclObject->allow('members', $resource);
}
//Hardcode basic paths for guests
foreach (App_FlagFlippers_Manager::$_guestsAllowedResources as $resource => $roles) {
if (!is_array($roles)) {
$aclObject->allow('guests', $resource);
} else {
foreach ($roles as $r) {
$aclObject->allow('guests', $resource, $r);
}
}
}
//Everbody can see the errors
$aclObject->allow(null, 'frontend-error');
$aclObject->allow(null, 'backoffice-error');
//Admins are allowed everywhere
$aclObject->allow('administrators');
return $aclObject;
}
/**
* Allows the user to manage individual permissions for each
* user group
*
* @access public
* @return void
*/
public function flippersAction()
{
$this->title = 'Manage permissions for this group.';
$form = new GroupPermissionsForm();
$fliperModel = new Flipper();
$groupModel = new Group();
if ($this->getRequest()->isPost()) {
if ($form->isValid($this->getRequest()->getPost())) {
$fliperModel->savePermissions($form->getValues());
$this->_helper->FlashMessenger(array('msg-success' => sprintf('Permissions for group %s were successfully updated.', $group['name'])));
App_FlagFlippers_Manager::save();
$this->_redirect('/groups/');
}
} else {
$id = $this->_getParam('id');
if (!is_numeric($id)) {
$this->_helper->FlashMessenger(array('msg-success' => sprintf('We cannot find group with id %s', $id)));
$this->_redirect('/groups/');
}
$group = $groupModel->findById($id);
$flipper = $fliperModel->findByGroupId($id);
if (empty($group)) {
$this->_helper->FlashMessenger(array('msg-success' => sprintf('The permissions for the group %s were updated.', $form->getValue('name'))));
$this->_redirect('/groups/');
}
$form->populate($flipper->toArray(), $id);
$this->view->item = $group;
}
$this->view->form = $form;
}
