public function addPermissions(array $ids)
{
foreach ($ids as $permId) {
$rolePerm = new RolePermission();
$rolePerm->role_id = $this->id;
$rolePerm->perm_id = $permId;
$rolePerm->save();
}
}
/**
* Display the main page of the permission settings
*/
public function index()
{
$permissionGroups = Permission::getAllGroupByPlugin();
$example = isset($this->roleId) ? array('roleId' => $this->roleId) : array();
$data = RolePermission::getListByExample(new DBExample($example));
$values = array();
foreach ($data as $value) {
$values[$value->permissionId][$value->roleId] = $value->value;
}
$roles = isset($this->roleId) ? array(Role::getById($this->roleId)) : Role::getAll(null, array(), array(), true);
$param = array('id' => 'permissions-form', 'fieldsets' => array('form' => array(), '_submits' => array(new SubmitInput(array('name' => 'valid', 'value' => Lang::get('main.valid-button'))))));
foreach ($roles as $role) {
foreach ($permissionGroups as $group => $permissions) {
if (Plugin::get($group)) {
foreach ($permissions as $permission) {
if ($role->id == Role::ADMIN_ROLE_ID) {
$default = 1;
} elseif (isset($values[$permission->id][$role->id])) {
$default = $values[$permission->id][$role->id];
} else {
$default = 0;
}
$param['fieldsets']['form'][] = new CheckboxInput(array('name' => "permission-{$permission->id}-{$role->id}", 'disabled' => $role->id == Role::ADMIN_ROLE_ID || $role->id == Role::GUEST_ROLE_ID && !$permission->availableForGuests, 'default' => $default, 'class' => $permission->id == Permission::ALL_PRIVILEGES_ID ? 'select-all' : '', 'nl' => false));
}
}
}
}
$form = new Form($param);
if (!$form->submitted()) {
$page = View::make(Plugin::current()->getView("permissions.tpl"), array('permissions' => $permissionGroups, 'fields' => $form->inputs, 'roles' => $roles));
return NoSidebarTab::make(array('icon' => 'unlock-alt', 'title' => Lang::get('permissions.page-title'), 'page' => $form->wrap($page)));
} else {
try {
foreach ($form->inputs as $name => $field) {
if (preg_match('/^permission\\-(\\d+)\\-(\\d+)$/', $name, $match)) {
$permissionId = $match[1];
$roleId = $match[2];
$value = App::request()->getBody($name) ? 1 : 0;
if ($roleId != Role::ADMIN_ROLE_ID && !($roleId == Role::GUEST_ROLE_ID && !$permission->availableForGuests)) {
$permission = new RolePermission();
$permission->set(array('roleId' => $roleId, 'permissionId' => $permissionId, 'value' => $value));
$permission->save();
}
}
}
App::logger()->info('Permissions were succesfully updated');
return $form->response(Form::STATUS_SUCCESS, Lang::get("roles.permissions-update-success"));
} catch (Exception $e) {
App::logger()->error('An error occured while updating permissions');
return $form->response(Form::STATUS_ERROR, DEBUG_MODE ? $e->getMessage() : Lang::get("roles.permissions-update-error"));
}
}
}
public static function savePermissionsFor($role_id, $permissions)
{
if (!Record::existsIn('Role', 'id = :role_id', array(':role_id' => $role_id))) {
return false;
}
if (!self::deleteWhere('RolePermission', 'role_id = :role_id', array(':role_id' => (int) $role_id))) {
return false;
}
foreach ($permissions as $perm) {
$rp = new RolePermission(array('role_id' => $role_id, 'permission_id' => $perm->id));
if (!$rp->save()) {
return false;
}
}
return true;
}
public static function role($id)
{
if (!isset(static::$stored[$id])) {
static::$stored[$id] = RolePermission::with('permission')->where('role_id', '=', $id)->get();
}
return static::$stored[$id];
}
public function getPermissions($roleId = null)
{
if (!$roleId) {
return null;
}
// Check if the table exists (patch not installed yet)
$db = ConnectionManager::getDataSource('default');
$tables = $db->listSources();
if (!in_array($this->tablePrefix . 'role_permission_roles', $tables)) {
$permissions['full_permissions'] = $roleId == 1;
$permissions['limited_admin'] = false;
$permissions['manage_events'] = false;
$permissions['manage_own_events'] = false;
$permissions['create_templates'] = false;
$permissions['create_reports'] = false;
return $permissions;
}
$permissions = array();
$rolePermissionsAssigned = array();
App::uses('RolePermissionRole', 'Model');
$RolePermissionRoleModel = new RolePermissionRole();
App::uses('RolePermission', 'Model');
$RolePermissionModel = new RolePermission();
$params = array();
$params['recursive'] = 1;
$params['fields'] = array('id', 'role_id');
$params['contain']['RolePermission']['fields'] = array('alias');
$params['conditions']['role_id'] = $roleId;
if ($rolePermissionRoles = $RolePermissionRoleModel->find('all', $params)) {
foreach ($rolePermissionRoles as $rolePermissionRole) {
$permissions[$rolePermissionRole['RolePermission']['alias']] = $rolePermissionRole['RolePermissionRole']['role_id'] == $roleId;
$rolePermissionsAssigned[] = $rolePermissionRole['RolePermission']['id'];
}
}
$params = array();
$params['recursive'] = -1;
$params['conditions']['id !='] = $rolePermissionsAssigned;
if ($rolePermissions = $RolePermissionModel->find('all', $params)) {
foreach ($rolePermissions as $rolePermission) {
if (!isset($permissions[$rolePermission['RolePermission']['alias']])) {
$permissions[$rolePermission['RolePermission']['alias']] = false;
}
}
}
return $permissions;
}
/**
* Returns all Permissions for this Role.
*
* The Permissions are only read from the DB when needed the first time.
*
* @return array An array of Permission objects.
*/
public function permissions()
{
if (!$this->permissions) {
$this->permissions = array();
foreach (RolePermission::findPermissionsFor($this->id) as $perm) {
$this->permissions[$perm->name] = $perm;
}
}
return $this->permissions;
}
public static function factory(Storage $storage, $row)
{
$permission = new RolePermission($storage);
$permission->setRoleID($row["roleid"]);
$permission->setPermissionID($row["permissionid"]);
$permission->setGliederungID($row["gliederungid"]);
$permission->isTransitive($row["transitive"]);
return $permission;
}
public function executeSave(sfWebRequest $request)
{
$role = RolePeer::retrieveByPK($request->getParameter('id'));
$this->forward404Unless($role);
$perms = $request->getParameter('permissions');
if (!is_array($perms)) {
$perms = array();
}
# remove rights
$c = new Criteria();
$c->add(RolePermissionPeer::ROLE_ID, $role->getId());
RolePermissionPeer::doDelete($c);
# save new rights
foreach ($perms as $perm) {
$role_permission = new RolePermission();
$role_permission->setPermissionId($perm);
$role_permission->setRoleId($role->getId());
$role_permission->save();
}
return $this->renderText('Rights for \'' . $role->getTitle() . '\' have successfully saved!');
}
public static function GetByPermissionId($permission_id)
{
return RolePermission::find('all', array('permission_id' => $permission_id));
}
final public static function revokePermissions( $role, $permissions ) {
$role = trim($role);
if ( ! $r = Role::findByName($role) ) return self::__ERROR( __('Role does not exist!') );
foreach (explode(',', $permissions) as $permission) {
$permission = trim($permission);
if ( $r->hasPermission($permission) ) {
if ( ! $p = Permission::findByName($permission) ) return self::__ERROR( __('Permission does not exist!') );
RolePermission::deleteWhere('RolePermission','role_id='.$r->id.', permission_id='.$p->id);
if ( RolePermission::countFrom('RolePermission','role_id='.$r->id.', permission_id='.$p->id) > 0 ) return self::__ERROR( __('Could not remove Role->Permission link!') );
}
}
return true;
}
public function v15()
{
// Regenerate cache
Cache::clear(false);
// Notifications
$notifications = array('enabled' => 1, 'signup' => 0, 'contact' => '');
$this->Setting->setOption('notifications', json_encode($notifications));
// Calendar settings
$calendar = array('weekStartDay' => 0, 'title' => 'event', 'timeToDisplay' => 'time_invitation', 'gameIcon' => 1, 'dungeonIcon' => 1);
$this->Setting->setOption('calendar', json_encode($calendar));
// Set main characters
$sql = "SELECT t.user_id, t.game_id, t.character_id, MAX(t.used) AS nb_used\n FROM (\n SELECT ec.user_id, e.game_id, ec.character_id, COUNT(ec.id) AS used\n FROM " . $this->dbPrefix . "events_characters ec \n JOIN " . $this->dbPrefix . "users u ON ec.user_id=u.id\n JOIN " . $this->dbPrefix . "events e ON e.id=ec.event_id\n GROUP BY ec.character_id\n ORDER BY used DESC, u.id ASC, e.game_id ASC, ec.character_id\n ) t\n GROUP BY t.user_id, t.game_id";
if ($eventsCharacters = $this->EventsCharacter->query($sql)) {
foreach ($eventsCharacters as $eventsCharacter) {
$toUpdate = array();
$toUpdate['id'] = $eventsCharacter['t']['character_id'];
$toUpdate['main'] = 1;
$this->Character->save($toUpdate);
}
}
$params = array();
$params['recursive'] = -1;
$params['group'] = array('user_id', 'game_id');
$params['fields'] = array('id', 'user_id', 'game_id');
$params['order'] = array('main DESC', 'level DESC');
if ($characters = $this->Character->find('all', $params)) {
foreach ($characters as $character) {
$params = array();
$params['recursive'] = -1;
$params['fields'] = array('Character.id');
$params['conditions']['user_id'] = $character['Character']['user_id'];
$params['conditions']['game_id'] = $character['Character']['game_id'];
$params['conditions']['main'] = 1;
if (!$this->Character->find('first', $params)) {
$toUpdate = array();
$toUpdate['id'] = $character['Character']['id'];
$toUpdate['main'] = 1;
$this->Character->save($toUpdate);
}
}
}
// New role own events
$toSaveRole = array('title' => __('Can manage own events only'), 'alias' => 'manage_own_events', 'description' => __('Can create, edit and delete own events only. Can also manage the roster for his events'));
App::uses('RolePermission', 'Model');
$RolePermissionModel = new RolePermission();
$RolePermissionModel->create();
$RolePermissionModel->save($toSaveRole);
// Mushstats
$this->Setting->setOption('Mushstats', time());
}
/**
* Add a new permission in the database
*
* @param string $name The permission name, formatted as "<plugin>.<key>"
* @param int $default The default value for this permission
* @param int $availableForGuests Defines if the permission can be set to true for guest users
*
* @return Permission The created permission
*/
public static function add($name, $default = 1, $availableForGuests = 0)
{
list($plugin, $key) = explode('.', $name);
$permission = parent::add(array('plugin' => $plugin, 'key' => $key, 'availableForGuests' => $availableForGuests));
$roles = Role::getAll();
foreach ($roles as $role) {
$value = $role->id == Role::GUEST_ROLE_ID ? $availableForGuests ? $default : 0 : $default;
RolePermission::add(array('roleId' => $role->id, 'permissionId' => $permission->id, 'value' => $value));
}
return $permission;
}
private function postInstallData($siteTitle)
{
// Add default settings
$host = substr_count($_SERVER['HTTP_HOST'], '.') > 1 ? substr($_SERVER['HTTP_HOST'], strpos($_SERVER['HTTP_HOST'], '.') + 1) : $_SERVER['HTTP_HOST'];
$host = strpos($host, ':') !== false ? substr($host, 0, strpos($host, ':')) : $host;
// Remove port if present on unusual configurations
App::uses('Setting', 'Model');
$settingModel = new Setting();
$defaultSettings = array();
$defaultSettings['title'] = $siteTitle;
$defaultSettings['theme'] = json_encode(array('logo' => '/img/logo.png', 'bgcolor' => '#444444', 'bgimage' => $this->request->webroot . 'img/bg.png', 'bgrepeat' => 'repeat'));
$defaultSettings['css'] = '';
$defaultSettings['notifications'] = json_encode(array('enabled' => 1, 'signup' => 0, 'contact' => ''));
$defaultSettings['email'] = json_encode(array('name' => 'MushRaider', 'from' => 'mushraider@' . $host, 'encoding' => '', 'transport' => 'Mail', 'host' => '', 'port' => '', 'username' => '', 'password' => ''));
$defaultSettings['Mushstats'] = time();
$defaultSettings['calendar'] = json_encode(array('weekStartDay' => 1, 'title' => 'event', 'timeToDisplay' => 'time_invitation', 'gameIcon' => 1, 'dungeonIcon' => 1));
$defaultSettings['timezone'] = 'Europe/Paris';
foreach ($defaultSettings as $option => $value) {
$settingModel->create();
$settingModel->save(array('option' => $option, 'value' => $value));
}
// Add default roles permissions
$rolesPermissions = array(array('title' => __('Full permissions'), 'alias' => 'full_permissions', 'description' => __('Like Chuck Norris, he can do anything. This overwrite every permissions')), array('title' => __('Limited admin access'), 'alias' => 'limited_admin', 'description' => __('Like Robin, he can do some things but not all (like driving the batmobile or change user role)')), array('title' => __('Can manage events'), 'alias' => 'manage_events', 'description' => __('Can create, edit and delete events. Can also manage the roster for each events')), array('title' => __('Can manage own events only'), 'alias' => 'manage_own_events', 'description' => __('Can create, edit and delete own events only. Can also manage the roster for his events')), array('title' => __('Can create templates'), 'alias' => 'create_templates', 'description' => __('Can create events templates')), array('title' => __('Can create reports'), 'alias' => 'create_reports', 'description' => __('Can create events reports')));
App::uses('RolePermission', 'Model');
$RolePermissionModel = new RolePermission();
foreach ($rolesPermissions as $rolesPermission) {
$RolePermissionModel->create();
$RolePermissionModel->save($rolesPermission);
}
// Add new roles permissions to existing roles
App::uses('Role', 'Model');
$RoleModel = new Role();
App::uses('RolePermissionRole', 'Model');
$RolePermissionRoleModel = new RolePermissionRole();
$RolePermissionRoleModel->__add(array('role_id' => $RoleModel->getIdByAlias('admin'), 'role_permission_id' => $RolePermissionModel->getIdByAlias('full_permissions')));
$RolePermissionRoleModel->__add(array('role_id' => $RoleModel->getIdByAlias('officer'), 'role_permission_id' => $RolePermissionModel->getIdByAlias('limited_admin')));
$RolePermissionRoleModel->__add(array('role_id' => $RoleModel->getIdByAlias('officer'), 'role_permission_id' => $RolePermissionModel->getIdByAlias('manage_events')));
$RolePermissionRoleModel->__add(array('role_id' => $RoleModel->getIdByAlias('officer'), 'role_permission_id' => $RolePermissionModel->getIdByAlias('create_templates')));
$RolePermissionRoleModel->__add(array('role_id' => $RoleModel->getIdByAlias('officer'), 'role_permission_id' => $RolePermissionModel->getIdByAlias('create_reports')));
}
/**
* Adds an object to the instance pool.
*
* Propel keeps cached copies of objects in an instance pool when they are retrieved
* from the database. In some cases -- especially when you override doSelect*()
* methods in your stub classes -- you may need to explicitly add objects
* to the cache in order to ensure that the same objects are always returned by doSelect*()
* and retrieveByPK*() calls.
*
* @param RolePermission $value A RolePermission object.
* @param string $key (optional) key to use for instance map (for performance boost if key was already calculated externally).
*/
public static function addInstanceToPool(RolePermission $obj, $key = null)
{
if (Propel::isInstancePoolingEnabled()) {
if ($key === null) {
$key = serialize(array((string) $obj->getRoleId(), (string) $obj->getPermissionId()));
}
// if key === null
self::$instances[$key] = $obj;
}
}
/**
* Set all the permissions on the user
*/
private function getPermissions()
{
if (!isset($this->permissions)) {
$sql = 'SELECT P.plugin, P.key, P.id
FROM ' . RolePermission::getTable() . ' RP
INNER JOIN ' . Permission::getTable() . ' P ON RP.permissionId = P.id
INNER JOIN ' . self::getTable() . ' U ON U.roleId = RP.roleId
WHERE U.id = :id AND RP.value=1';
$permissions = App::db()->query($sql, array('id' => $this->id), array('return' => DB::RETURN_OBJECT));
$this->permissions = array();
foreach ($permissions as $permission) {
// Register the permission by it id
$this->permissions['byId'][$permission->id] = 1;
// Regoster the permission by it name
$this->permissions['byName'][$permission->plugin][$permission->key] = 1;
}
}
}
