/** * Processes the access list passed through adding and editing a role * * @param array $data * @param string $inheritRoleName * @return array */ protected function _processAccessList($data, $inheritRoleId, $scope = 'application') { if ($scope == 'remote') { $acl = new Ot_Acl('remote'); $resources = $acl->getRemoteResources($inheritRoleId); } else { $acl = new Ot_Acl(); $resources = $acl->getResources($inheritRoleId); $acl = $this->_acl; } if ($inheritRoleId == 0) { $inheritRoleId = null; } $rules = array(); foreach ($resources as $module => $controllers) { foreach ($controllers as $controller => $actions) { $resource = strtolower($module . '_' . $controller); if (isset($data[$module][$controller]['all'])) { if ($data[$module][$controller]['all'] == 'allow') { if (!$acl->isAllowed($inheritRoleId, $resource)) { $rules[] = array('type' => 'allow', 'resource' => $resource, 'privilege' => '*'); } $parts = array_keys($actions['part']); foreach ($parts as $action) { if (isset($data[$module][$controller]['part'][$action])) { if ($data[$module][$controller]['part'][$action] == 'deny') { $rules[] = array('type' => 'deny', 'resource' => $resource, 'privilege' => $action); } } } } else { if ($acl->isAllowed($inheritRoleId, $resource)) { $rules[] = array('type' => 'deny', 'resource' => $resource, 'privilege' => '*'); } $parts = array_keys($actions['part']); foreach ($parts as $action) { if (isset($data[$module][$controller]['part'][$action])) { if ($data[$module][$controller]['part'][$action] == 'allow' && ($acl->isAllowed($inheritRoleId, $resource) || !$acl->isAllowed($inheritRoleId, $resource, $action))) { $rules[] = array('type' => 'allow', 'resource' => $resource, 'privilege' => $action); } } } } } else { $parts = array_keys($actions['part']); foreach ($parts as $action) { if (isset($data[$module][$controller]['part'][$action])) { if ($data[$module][$controller]['part'][$action] == 'allow' && !$acl->isAllowed($inheritRoleId, $resource, $action)) { $rules[] = array('type' => 'allow', 'resource' => $resource, 'privilege' => $action); } if ($data[$module][$controller]['part'][$action] == 'deny' && $acl->isAllowed($inheritRoleId, $resource, $action)) { $rules[] = array('type' => 'deny', 'resource' => $resource, 'privilege' => $action); } } } } } } return $rules; }