This solution is mostly based on Zend_Acl (c) Zend Technologies USA Inc. (http://www.zend.com), new BSD license
public function processRecord($record, $columnMap, &$results, $preview = false)
{
// We match by 'Code', the ID property is confusing the importer
if (isset($record['ID'])) {
unset($record['ID']);
}
$objID = parent::processRecord($record, $columnMap, $results, $preview);
$group = DataObject::get_by_id($this->objectClass, $objID);
// set group hierarchies - we need to do this after all records
// are imported to avoid missing "early" references to parents
// which are imported later on in the CSV file.
if (isset($record['ParentCode']) && $record['ParentCode']) {
$parentGroup = DataObject::get_one('Group', array('"Group"."Code"' => $record['ParentCode']));
if ($parentGroup) {
$group->ParentID = $parentGroup->ID;
$group->write();
}
}
// set permission codes - these are all additive, meaning
// existing permissions arent cleared.
if (isset($record['PermissionCodes']) && $record['PermissionCodes']) {
foreach (explode(',', $record['PermissionCodes']) as $code) {
$p = DataObject::get_one('Permission', array('"Permission"."Code"' => $code, '"Permission"."GroupID"' => $group->ID));
if (!$p) {
$p = new Permission(array('Code' => $code));
$p->write();
}
$group->Permissions()->add($p);
}
}
return $objID;
}
public function run()
{
if (file_exists(app_path() . '/config/creds.yml')) {
$creds = yaml_parse_file(app_path() . '/config/creds.yml');
} else {
$creds = array('admin_email' => '*****@*****.**');
}
$admin = new Role();
$admin->name = 'Admin';
$admin->save();
$independent_sponsor = new Role();
$independent_sponsor->name = 'Independent Sponsor';
$independent_sponsor->save();
$permIds = array();
foreach ($this->adminPermissions as $permClass => $data) {
$perm = new Permission();
foreach ($data as $key => $val) {
$perm->{$key} = $val;
}
$perm->save();
$permIds[] = $perm->id;
}
$admin->perms()->sync($permIds);
$user = User::where('email', '=', $creds['admin_email'])->first();
$user->attachRole($admin);
$createDocPerm = new Permission();
$createDocPerm->name = "independent_sponsor_create_doc";
$createDocPerm->display_name = "Independent Sponsoring";
$createDocPerm->save();
$independent_sponsor->perms()->sync(array($createDocPerm->id));
}
public function __invoke(Permission $acl, $role, $resource, $privilege)
{
if (!$this->publiclySharedFiles) {
$this->init();
}
return in_array($acl->getQueriedResource()->id, $this->publiclySharedFiles);
}
function createPermissions($meta, $moduleId)
{
$permData = $meta->permissions;
if (empty($permData)) {
return;
}
foreach ($permData as $key => $val) {
if (!empty($val)) {
foreach ($val as $permissionString => $defaultValue) {
$permissionObj = new Permission();
$permissionObj->Load("user_level = ? and module_id = ? and permission = ?", array($key, $moduleId, $permissionString));
if (empty($permissionObj->id) && $permissionObj->module_id == $moduleId) {
} else {
$permissionObj = new Permission();
$permissionObj->user_level = $key;
$permissionObj->module_id = $moduleId;
$permissionObj->permission = $permissionString;
$permissionObj->value = $defaultValue;
$permissionObj->meta = '["value", {"label":"Value","type":"select","source":[["Yes","Yes"],["No","No"]]}]';
$permissionObj->Save();
}
}
}
}
}
public function run()
{
$adminEmail = Config::get('madison.seeder.admin_email');
$admin = new Role();
$admin->name = 'Admin';
$admin->save();
$independent_sponsor = new Role();
$independent_sponsor->name = 'Independent Sponsor';
$independent_sponsor->save();
$permIds = array();
foreach ($this->adminPermissions as $permClass => $data) {
$perm = new Permission();
foreach ($data as $key => $val) {
$perm->{$key} = $val;
}
$perm->save();
$permIds[] = $perm->id;
}
$admin->perms()->sync($permIds);
$user = User::where('email', '=', $adminEmail)->first();
$user->attachRole($admin);
$createDocPerm = new Permission();
$createDocPerm->name = "independent_sponsor_create_doc";
$createDocPerm->display_name = "Independent Sponsoring";
$createDocPerm->save();
$independent_sponsor->perms()->sync(array($createDocPerm->id));
}
public function run()
{
$ver_usuarios = new Permission();
$ver_usuarios->name = 'ver_usuarios';
$ver_usuarios->display_name = 'ver usuarios';
$ver_usuarios->save();
$ver_roles = new Permission();
$ver_roles->name = 'ver_roles';
$ver_roles->display_name = 'ver roles';
$ver_roles->save();
$crear_roles = new Permission();
$crear_roles->name = 'crear_roles';
$crear_roles->display_name = 'crear roles';
$crear_roles->save();
$crear_usuarios = new Permission();
$crear_usuarios->name = 'crear_usuarios';
$crear_usuarios->display_name = 'crear usuarios';
$crear_usuarios->save();
$editar_roles = new Permission();
$editar_roles->name = 'editar_roles';
$editar_roles->display_name = 'editar roles';
$editar_roles->save();
$editar_usuarios = new Permission();
$editar_usuarios->name = 'editar_usuarios';
$editar_usuarios->display_name = 'editar usuarios';
$editar_usuarios->save();
$eliminar_usuarios = new Permission();
$eliminar_usuarios->name = 'eliminar_usuarios';
$eliminar_usuarios->display_name = 'eliminar usuarios';
$eliminar_usuarios->save();
$eliminar_roles = new Permission();
$eliminar_roles->name = 'eliminar_roles';
$eliminar_roles->display_name = 'eliminar roles';
$eliminar_roles->save();
}
public function save($id = FALSE)
{
if ($_POST) {
$user_type = new User_type($id);
$user_type->from_array($_POST);
$user_type->save();
foreach ($user_type->permission as $item) {
$item->delete();
}
if (isset($_POST['checkbox'])) {
foreach ($_POST['checkbox'] as $module => $item) {
$data['user_type_id'] = $user_type->id;
$data['module'] = $module;
foreach ($item as $perm => $val) {
$data[$perm] = $val;
}
$permission = new Permission();
$permission->from_array($data);
$permission->save();
$data = array();
}
}
set_notify('success', lang('save_data_complete'));
}
//redirect('permissions/admin/permissions');
redirect($_SERVER['HTTP_REFERER']);
}
public function equals(Permission $permission)
{
if ($permission->getName() != $this->name) {
return false;
}
// True if allow is equal ((true && true) || (false && false))
return !($this->isAllowed() xor $permission->isAllowed());
}
public static function factory($id = null)
{
$instance = new Permission();
if (!empty($id)) {
$instance->where('id', $id)->get();
}
return $instance;
}
function _savePermissions($setting_values)
{
$newGroup = new Permission($this->dbcon);
foreach ($setting_values as $perid) {
$newGroup->dropID();
$newGroup->setData(array('perid' => $perid, 'groupid' => $this->id));
$newGroup->save();
}
}
function addPermission($permissionCfg)
{
// verify obligatory fields
if (!$permissionCfg->name) {
throw new Exception('Permission name must be set');
}
if (is_null($permissionCfg->partnerId) || $permissionCfg->partnerId === '') {
throw new Exception('Permission partner id must be set');
}
// init new db permission object
$permission = new Permission();
foreach ($permissionCfg as $key => $value) {
$setterCallback = array($permission, "set{$key}");
call_user_func_array($setterCallback, array($value));
}
if (!$permission->getFriendlyName()) {
$permission->setFriendlyName($permission->getName());
}
if (!$permission->getStatus()) {
$permission->setStatus(PermissionStatus::ACTIVE);
}
// add to database
KalturaLog::log('Adding new permission with name [' . $permission->getName() . '] to partner id [' . $permission->getPartnerId() . ']');
try {
PermissionPeer::addToPartner($permission, $permission->getPartnerId());
} catch (kPermissionException $e) {
if ($e->getCode() === kPermissionException::PERMISSION_ALREADY_EXISTS) {
KalturaLog::log('Permission name [' . $permission->getName() . '] already exists for partner id [' . $permission->getPartnerId() . ']');
} else {
throw $e;
}
}
}
/**
* Store a newly created resource in storage.
* POST /permissions
*
* @return Response
*/
public function store()
{
$permission = new Permission();
$permission->name = Input::get('name');
$permission->display_name = Input::get('display_name');
if ($permission->save()) {
return Redirect::back()->with('permissions-notice', '"' . Input::get('display_name') . '" has been created.');
} else {
return Redirect::back()->with('permissions-errors', $permission->errors());
}
}
public function run()
{
/**
* ------------------------ Role Definitions ------------------------
*/
$admin = new Role();
$admin->name = 'administrator';
$admin->display_name = 'Administrator';
$admin->description = 'master admin';
$admin->save();
$user = new Role();
$user->name = 'user';
$user->display_name = 'User';
$user->description = 'Generic user';
$user->save();
/**
* --------------------- Permission Definitions ---------------------
*/
$editAllPosts = new Permission();
$editAllPosts->name = 'edit_all_posts';
$editAllPosts->display_name = 'Can Edit All Posts';
$editAllPosts->description = 'permission for the master admin to be able to edit all posts';
$editAllPosts->save();
$editAllUsers = new Permission();
$editAllUsers->name = 'edit_all_users';
$editAllUsers->display_name = 'Can Edit All Users';
$editAllUsers->description = 'Able to edit all user profiles and information';
$editAllUsers->save();
$editAllRoles = new Permission();
$editAllRoles->name = 'edit_all_roles';
$editAllRoles->display_name = 'Can Edit All Roles';
$editAllRoles->description = 'Able to add or remove any role for any user';
$editAllRoles->save();
$editOwnPosts = new Permission();
$editOwnPosts->name = 'edit_own_posts';
$editOwnPosts->display_name = 'Can Edit Own Posts';
$editOwnPosts->description = 'Users can edit their own posts';
$editOwnPosts->save();
$editOwnProfile = new Permission();
$editOwnProfile->name = 'edit_own_profile';
$editOwnProfile->display_name = 'Can Edit Own Profile';
$editOwnProfile->description = 'Users can edit their own profiles';
$editOwnProfile->save();
$createPost = new Permission();
$createPost->name = 'create_post';
$createPost->display_name = 'Can Create Post';
$createPost->description = 'Able to create a post';
$createPost->save();
/**
* ----------------------- Attatch Permissions -----------------------
*/
$admin->attatchPermissions([$editAllPosts, $editAllUsers, $editAllRoles, $editOwnPosts, $editOwnProfile, $createPost]);
$user->attatchPermissions([$editOwnPosts, $editOwnProfile, $createPost]);
}
/**
* Load a given view if the logged user have the required permission
* @param $requiredPermission - String with the permission route required to access the asked view
* @param $template - String with the view to be loaded
* @param $data - Data to pass along the view
*/
function loadTemplateSafelyByPermission($requiredPermission, $template, $data = array())
{
$permission = new Permission();
$ci = get_instance();
$userHasPermission = $permission->checkUserPermission($requiredPermission);
if ($userHasPermission) {
$ci->load->template($template, $data);
} else {
logoutUser();
}
}
public function implies(Permission $p)
{
if ($p instanceof BasicPermission) {
// This has to be changed to do a wildcard match
if ($p->getName() == $this->getName()) {
return true;
}
return false;
}
return false;
}
function permission($module, $action)
{
$CI =& get_instance();
$permission = new Permission();
$perm = $permission->where("user_type_id = " . $CI->session->userdata('user_type') . " and module = '" . $module . "'")->get();
if ($perm->{$action}) {
return TRUE;
} else {
return FALSE;
}
}
/**
* Registers a new permission with the system directly in the database.
* @param Permission $perm
* @return boolean Whether the permission was successfully added.
*/
public static function register($perm)
{
$db =& self::$db;
$db->pushState()->select('sys_perms')->fields('name, display, description, type')->append($perm->name(), $perm->display(), $perm->description(), $perm->type());
$result = $db->found();
$db->popState();
if (!$result) {
logMsg('Permissions: failed to register a new permission', 3, 5);
}
return $result;
}
protected function getChildrenPermission(Permission $permission, $existingList)
{
$list = [];
$children = $permission->getChildren()->all();
if (count($children) !== 0) {
foreach ($children as $child) {
$list[$child->name] = $child->code;
$list = $this->getChildrenPermission($child, $list);
}
}
return array_merge($list, $existingList);
}
/**
* Copies forum permission of role to category
* @param type $rid
* @param type $cid
*/
public function copyCategoryPermissionsFromRole($cid)
{
$permission = new Permission();
$roles = \DB::table(PREFIX . 'codo_roles')->get();
$sets = array();
foreach ($roles as $role) {
$rid = $role['rid'];
$permissions = $permission->getForumPermissions($rid);
//query in a loop
$sets = array_merge($permission->createPermissionSet($permissions, $rid, $cid), $sets);
}
\DB::table(PREFIX . 'codo_permissions')->insert($sets);
}
function getPermissions($user_id = NULL, $company_id = NULL)
{
if ($user_id == NULL or $user_id == '') {
global $current_user;
$user_id = $current_user->getId();
}
if ($company_id == NULL or $company_id == '') {
global $current_company;
$company_id = $current_company->getId();
}
$permission = new Permission();
return $this->returnHandler($permission->getPermissions($user_id, $company_id));
}
public function run()
{
DB::table('permissions')->delete();
//Permission 1
$manageUsers = new Permission();
$manageUsers->name = 'manage_users';
$manageUsers->display_name = 'Manage Users';
$manageUsers->save();
DB::table('permission_role')->delete();
//Role ID 1 and 2 are admin and user respectively.
$permissions = array(array('role_id' => 1, 'permission_id' => 1));
DB::table('permission_role')->insert($permissions);
}
public static function get_or_create($name, $codename, $contentType)
{
$q = Doctrine_Query::create()->from('Permission o')->where('o.codename = ? AND o.content_type_id = ?', array($codename, $contentType));
$permission = $q->fetchOne();
if (!$permission) {
$permission = new Permission();
$permission->content_type_id = $contentType;
$permission->codename = $codename;
$permission->name = $name;
$permission->save();
}
return $permission;
}
public function run()
{
$managePages = new Permission();
$managePages->name = 'manage_pages';
$managePages->display_name = 'Manage Pages';
$managePages->save();
$manageUsers = new Permission();
$manageUsers->name = 'manage_users';
$manageUsers->display_name = 'Manage Users';
$manageUsers->save();
$manageSermons = new Permission();
$manageSermons->name = 'manage_sermons';
$manageSermons->display_name = 'Manage Sermons';
$manageSermons->save();
}
public function postSavePermissions(Request $request)
{
//return $request->all();
$permissions = $request->get('permissions');
Permission::truncate();
foreach ($permissions as $role => $perms) {
foreach ($perms as $perm) {
$permission = new Permission();
$permission->roles_id = Role::where('name', $role)->first()->id;
$permission->route = $perm;
$permission->save();
}
}
return back();
}
public function newUserSession()
{
// Do nothing if this user is not Authwebserver type
$identity = $this->getEvent()->get('identity');
if ($identity->plugin != 'Authwebserver') {
return;
}
/* @var $identity LSUserIdentity */
$sUser = $this->getUserName();
$oUser = $this->api->getUserByName($sUser);
if (is_null($oUser)) {
if (function_exists("hook_get_auth_webserver_profile")) {
// If defined this function returns an array
// describing the default profile for this user
$aUserProfile = hook_get_auth_webserver_profile($sUser);
} elseif ($this->api->getConfigKey('auth_webserver_autocreate_user')) {
$aUserProfile = $this->api->getConfigKey('auth_webserver_autocreate_profile');
}
} else {
if (Permission::model()->hasGlobalPermission('auth_webserver', 'read', $oUser->uid)) {
$this->setAuthSuccess($oUser);
return;
} else {
$this->setAuthFailure(self::ERROR_AUTH_METHOD_INVALID, gT('Web server authentication method is not allowed for this user'));
return;
}
}
if ($this->api->getConfigKey('auth_webserver_autocreate_user') && isset($aUserProfile) && is_null($oUser)) {
// user doesn't exist but auto-create user is set
$oUser = new User();
$oUser->users_name = $sUser;
$oUser->password = hash('sha256', createPassword());
$oUser->full_name = $aUserProfile['full_name'];
$oUser->parent_id = 1;
$oUser->lang = $aUserProfile['lang'];
$oUser->email = $aUserProfile['email'];
if ($oUser->save()) {
$permission = new Permission();
$permission->setPermissions($oUser->uid, 0, 'global', $this->api->getConfigKey('auth_webserver_autocreate_permissions'), true);
Permission::model()->setGlobalPermission($oUser->uid, 'auth_webserver');
// read again user from newly created entry
$this->setAuthSuccess($oUser);
return;
} else {
$this->setAuthFailure(self::ERROR_USERNAME_INVALID);
}
}
}
function init()
{
if (!Permission::check('ADMIN')) {
Requirements::css('iq-security/css/iq-security.css');
}
Requirements::javascript('iq-security/javascript/iq-security.js');
}
function testModelAdminOpens()
{
$this->autoFollowRedirection = false;
$this->logInAs('admin');
$this->assertTrue((bool) Permission::check("ADMIN"));
$this->assertEquals(200, $this->get('ModelAdminTest_Admin')->getStatusCode());
}
/**
* Load your component.
*
* @param \Cx\Core\ContentManager\Model\Entity\Page $page The resolved page
*/
public function load(\Cx\Core\ContentManager\Model\Entity\Page $page)
{
global $_CORELANG, $subMenuTitle, $objTemplate;
switch ($this->cx->getMode()) {
case \Cx\Core\Core\Controller\Cx::MODE_FRONTEND:
$objMediaDirectory = new MediaDirectory(\Env::get('cx')->getPage()->getContent(), $this->getName());
$objMediaDirectory->pageTitle = \Env::get('cx')->getPage()->getTitle();
$pageMetaTitle = \Env::get('cx')->getPage()->getMetatitle();
$objMediaDirectory->metaTitle = $pageMetaTitle;
\Env::get('cx')->getPage()->setContent($objMediaDirectory->getPage());
if ($objMediaDirectory->getPageTitle() != '' && $objMediaDirectory->getPageTitle() != \Env::get('cx')->getPage()->getTitle()) {
\Env::get('cx')->getPage()->setTitle($objMediaDirectory->getPageTitle());
\Env::get('cx')->getPage()->setContentTitle($objMediaDirectory->getPageTitle());
\Env::get('cx')->getPage()->setMetaTitle($objMediaDirectory->getPageTitle());
}
if ($objMediaDirectory->getMetaTitle() != '') {
\Env::get('cx')->getPage()->setMetatitle($objMediaDirectory->getMetaTitle());
}
break;
case \Cx\Core\Core\Controller\Cx::MODE_BACKEND:
$this->cx->getTemplate()->addBlockfile('CONTENT_OUTPUT', 'content_master', 'LegacyContentMaster.html');
$objTemplate = $this->cx->getTemplate();
\Permission::checkAccess(153, 'static');
$subMenuTitle = $_CORELANG['TXT_MEDIADIR_MODULE'];
$objMediaDirectory = new MediaDirectoryManager($this->getName());
$objMediaDirectory->getPage();
break;
default:
break;
}
}
public function setupFoundorAndBaseRolsPermission()
{
// Create Roles
$founder = new Role();
$founder->name = 'Founder';
$founder->save();
$admin = new Role();
$admin->name = 'Admin';
$admin->save();
// Create User
$user = User::create(['github_id' => 324764, 'github_url' => 'https://github.com/summerblue', 'name' => 'summerblue']);
// Attach Roles to user
$user->roles()->attach($founder->id);
// Create Permissions
$manageTopics = new Permission();
$manageTopics->name = 'manage_topics';
$manageTopics->display_name = 'Manage Topics';
$manageTopics->save();
$manageUsers = new Permission();
$manageUsers->name = 'manage_users';
$manageUsers->display_name = 'Manage Users';
$manageUsers->save();
// Assign Permission to Role
$founder->perms()->sync([$manageTopics->id, $manageUsers->id]);
$admin->perms()->sync([$manageTopics->id]);
}
public function index()
{
$table = new G2_ImprovedDataTable();
if (isset($_GET['s'])) {
$where = 'title LIKE \'%' . implode('%', str_split(str_replace(' ', '', $_GET['s']))) . '%\' ';
} else {
$where = '';
}
//$table->add_query('page', $where.' ORDER BY id DESC');
$query = "SELECT DISTINCT page.* FROM page INNER JOIN area ON page.id = area.page_id ";
if ($where) {
$query .= "WHERE " . $where;
}
$table->add_exec_query($query);
$table->set_fields([['name' => 'title', 'label' => 'Page Title'], ['name' => 'description', 'label' => 'Page description']]);
$renderer = new G2_DataTable_Renderer('title');
$renderer->set_function(function ($fieldname, $value, $data) {
return "<strong>{$value}</strong><br><a href=\"" . BASE_URL . $data['slug'] . "\" target=\"_blank\">View Page</a> | <a href=\"" . PACKAGE_URL . "page/{$data['id']}\">Edit Page</a>";
});
$table->add_renderer($renderer);
if (Permission::has_permission('Delete Pages')) {
$table->add_function(PACKAGE_URL . 'delete-page/[id]', 'Delete this page');
}
echo '<a href="' . PACKAGE_URL . 'posts" class="btn">View Posts</a>';
echo '<div class="panel"><div class="panel-body"><form action="" method="get"><input name="s" type="text" value="' . $_GET['s'] . '"><button>Search</button></form></div></div>';
echo $table->render();
}
