/** * Reset de ACL en bouw opnieuw op */ private function _initAcl() { $this->_acl = new \MUtil_Acl(); if (get_class(self::$_instanceOfSelf) !== 'Gems_Roles') { throw new \Gems_Exception_Coding("Don't use project specific roles file anymore, you can now do so by using the gems_roles tabel and setup->roles from the interface."); } // Probeer eerst uit db in te lezen met fallback als dat niet lukt try { $this->loadDbAcl(); } catch (\Exception $e) { \Gems_Log::getLogger()->logError($e); // Reset all roles unset($this->_acl); $this->_acl = new \MUtil_Acl(); //Voeg standaard rollen en privileges in $this->loadDefaultRoles(); $this->loadDefaultPrivileges(); } // Now allow 'master' all access, except for the actions that have the // nologin privilege (->the login action) if (!$this->_acl->hasRole('master')) { //Add role if not already present $this->_acl->addRole('master'); } $this->_acl->allow('master'); $this->_acl->deny('master', null, 'pr.nologin'); }
/** * Adds elements from the model to the bridge that creates the form. * * Overrule this function to add different elements to the browse table, without * having to recode the core table building code. * * @param \MUtil_Model_Bridge_FormBridgeInterface $bridge * @param \MUtil_Model_ModelAbstract $model */ protected function addFormElements(\MUtil_Model_Bridge_FormBridgeInterface $bridge, \MUtil_Model_ModelAbstract $model) { $bridge->addHidden('grl_id_role'); $bridge->addText('grl_name'); $bridge->addText('grl_description'); $roles = $this->acl->getRoles(); if ($roles) { $possibleParents = array_combine($roles, $roles); } else { $possibleParents = array(); } if (isset($this->formData['grl_parents']) && $this->formData['grl_parents']) { $this->formData['grl_parents'] = array_combine($this->formData['grl_parents'], $this->formData['grl_parents']); } else { $this->formData['grl_parents'] = array(); } // Don't allow master, nologin or itself as parents unset($possibleParents['master']); unset($possibleParents['nologin']); $disabled = array(); if (isset($this->formData['grl_name'])) { foreach ($possibleParents as $parent) { if ($this->acl->hasRole($this->formData['grl_name']) && $this->acl->inheritsRole($parent, $this->formData['grl_name'])) { $disabled[] = $parent; $possibleParents[$parent] .= ' ' . \MUtil_Html::create('small', $this->_('child of current role'), $this->view); unset($this->formData['grl_parents'][$parent]); } else { foreach ($this->formData['grl_parents'] as $p2) { if ($this->acl->hasRole($p2) && $this->acl->inheritsRole($p2, $parent)) { $disabled[] = $parent; $possibleParents[$parent] .= ' ' . \MUtil_Html::create('small', \MUtil_Html::raw(sprintf($this->_('inherited from %s'), \MUtil_Html::create('em', $p2, $this->view))), $this->view); $this->formData['grl_parents'][$parent] = $parent; } } } } $disabled[] = $this->formData['grl_name']; if (isset($possibleParents[$this->formData['grl_name']])) { $possibleParents[$this->formData['grl_name']] .= ' ' . \MUtil_Html::create('small', $this->_('this role'), $this->view); } } // Add this for validator to allow empty list $possibleParents[''] = ''; $bridge->addMultiCheckbox('grl_parents', 'multiOptions', $possibleParents, 'disable', $disabled, 'escape', false, 'required', false, 'onchange', 'this.form.submit();'); $allPrivileges = $this->usedPrivileges; $rolePrivileges = $this->acl->getRolePrivileges(); if (isset($this->formData['grl_parents']) && $this->formData['grl_parents']) { $inherited = $this->getInheritedPrivileges($this->formData['grl_parents']); $privileges = array_diff_key($allPrivileges, $inherited); $inheritedPrivileges = array_intersect_key($allPrivileges, $inherited); } else { $privileges = $allPrivileges; $inheritedPrivileges = false; } $checkbox = $bridge->addMultiCheckbox('grl_privileges', 'multiOptions', $privileges, 'required', false); $checkbox->setAttrib('escape', false); //Don't use escaping, so the line breaks work if ($inheritedPrivileges) { $checkbox = $bridge->addMultiCheckbox('inherited', 'label', $this->_('Inherited'), 'multiOptions', $inheritedPrivileges, 'required', false, 'disabled', 'disabled'); $checkbox->setAttrib('escape', false); //Don't use escaping, so the line breaks work $checkbox->setValue(array_keys($inheritedPrivileges)); //To check the boxes } }