Example #1
0
 /**
  * Check whether given role has access to give id
  *
  * @param string $roleId
  * @param string $resourceId
  * @param string $privilege
  * @return bool
  */
 public function isAllowed($roleId, $resourceId, $privilege = null)
 {
     try {
         return $this->_aclBuilder->getAcl()->isAllowed($roleId, $resourceId, $privilege);
     } catch (\Exception $e) {
         try {
             if (!$this->_aclBuilder->getAcl()->has($resourceId)) {
                 return $this->_aclBuilder->getAcl()->isAllowed($roleId, null, $privilege);
             }
         } catch (\Exception $e) {
         }
     }
     return false;
 }
Example #2
0
 /**
  * Process of configuring of current auth storage when login was performed
  *
  * @return \Magento\Backend\Model\Auth\Session
  */
 public function processLogin()
 {
     if ($this->getUser()) {
         $this->regenerateId();
         if ($this->_backendUrl->useSecretKey()) {
             $this->_backendUrl->renewSecretUrls();
         }
         $this->setIsFirstPageAfterLogin(true);
         $this->setAcl($this->_aclBuilder->getAcl());
         $this->setUpdatedAt(time());
     }
     return $this;
 }
Example #3
0
 /**
  * Save ACL resources
  *
  * @param \Magento\Authorization\Model\Rules $rule
  * @return void
  * @throws \Magento\Framework\Exception\LocalizedException
  */
 public function saveRel(\Magento\Authorization\Model\Rules $rule)
 {
     try {
         $connection = $this->getConnection();
         $connection->beginTransaction();
         $roleId = $rule->getRoleId();
         $condition = ['role_id = ?' => (int) $roleId];
         $connection->delete($this->getMainTable(), $condition);
         $postedResources = $rule->getResources();
         if ($postedResources) {
             $row = ['resource_id' => $this->_rootResource->getId(), 'privileges' => '', 'role_id' => $roleId, 'permission' => 'allow'];
             // If all was selected save it only and nothing else.
             if ($postedResources === [$this->_rootResource->getId()]) {
                 $insertData = $this->_prepareDataForTable(new \Magento\Framework\DataObject($row), $this->getMainTable());
                 $connection->insert($this->getMainTable(), $insertData);
             } else {
                 /** Give basic admin permissions to any admin */
                 $postedResources[] = \Magento\Backend\App\AbstractAction::ADMIN_RESOURCE;
                 $acl = $this->_aclBuilder->getAcl();
                 /** @var $resource \Magento\Framework\Acl\AclResource */
                 foreach ($acl->getResources() as $resourceId) {
                     $row['permission'] = in_array($resourceId, $postedResources) ? 'allow' : 'deny';
                     $row['resource_id'] = $resourceId;
                     $insertData = $this->_prepareDataForTable(new \Magento\Framework\DataObject($row), $this->getMainTable());
                     $connection->insert($this->getMainTable(), $insertData);
                 }
             }
         }
         $connection->commit();
         $this->_aclCache->clean();
     } catch (\Magento\Framework\Exception\LocalizedException $e) {
         $connection->rollBack();
         throw $e;
     } catch (\Exception $e) {
         $connection->rollBack();
         $this->_logger->critical($e);
     }
 }
 /**
  * Get a list of available resource using user role id
  *
  * @param string $roleId
  * @return string[]
  */
 public function getAllowedResourcesByRole($roleId)
 {
     $allowedResources = [];
     $rulesCollection = $this->rulesCollectionFactory->create();
     $rulesCollection->getByRoles($roleId)->load();
     $acl = $this->aclBuilder->getAcl();
     /** @var \Magento\Authorization\Model\Rules $ruleItem */
     foreach ($rulesCollection->getItems() as $ruleItem) {
         $resourceId = $ruleItem->getResourceId();
         if ($acl->has($resourceId) && $acl->isAllowed($roleId, $resourceId)) {
             $allowedResources[] = $resourceId;
         }
     }
     return $allowedResources;
 }
Example #5
0
 /**
  * Class constructor
  *
  * @return void
  */
 protected function _construct()
 {
     parent::_construct();
     $rid = $this->_request->getParam('rid', false);
     $acl = $this->_aclBuilder->getAcl();
     $rulesSet = $this->_rulesCollectionFactory->create()->getByRoles($rid)->load();
     $selectedResourceIds = array();
     foreach ($rulesSet->getItems() as $item) {
         $itemResourceId = $item->getResource_id();
         if ($acl->has($itemResourceId) && $item->getPermission() == 'allow') {
             $selectedResourceIds[] = $itemResourceId;
         }
     }
     $this->setSelectedResources($selectedResourceIds);
 }
 /**
  * Check if user who has role is allowed to access requested resources.
  *
  * @param string[] $resources
  * @param UserIdentifier $userIdentifier
  * @return bool
  */
 protected function _isUserWithRoleAllowed($resources, UserIdentifier $userIdentifier)
 {
     try {
         $role = $this->_getUserRole($userIdentifier);
         if (!$role) {
             throw NoSuchEntityException::doubleField('userId', $userIdentifier->getUserId(), 'userType', $userIdentifier->getUserType());
         }
         foreach ($resources as $resource) {
             if (!$this->_aclBuilder->getAcl()->isAllowed($role->getId(), $resource)) {
                 return false;
             }
         }
         return true;
     } catch (\Exception $e) {
         $this->_logger->logException($e);
         return false;
     }
 }
Example #7
0
 /**
  * Save ACL resources
  *
  * @param \Magento\User\Model\Rules $rule
  * @return void
  * @throws \Magento\Framework\Model\Exception
  */
 public function saveRel(\Magento\User\Model\Rules $rule)
 {
     try {
         $adapter = $this->_getWriteAdapter();
         $adapter->beginTransaction();
         $roleId = $rule->getRoleId();
         $condition = array('role_id = ?' => (int) $roleId);
         $adapter->delete($this->getMainTable(), $condition);
         $postedResources = $rule->getResources();
         if ($postedResources) {
             $row = array('resource_id' => $this->_rootResource->getId(), 'privileges' => '', 'role_id' => $roleId, 'permission' => 'allow');
             // If all was selected save it only and nothing else.
             if ($postedResources === array($this->_rootResource->getId())) {
                 $insertData = $this->_prepareDataForTable(new \Magento\Framework\Object($row), $this->getMainTable());
                 $adapter->insert($this->getMainTable(), $insertData);
             } else {
                 $acl = $this->_aclBuilder->getAcl();
                 /** @var $resource \Magento\Framework\Acl\Resource */
                 foreach ($acl->getResources() as $resourceId) {
                     $row['permission'] = in_array($resourceId, $postedResources) ? 'allow' : 'deny';
                     $row['resource_id'] = $resourceId;
                     $insertData = $this->_prepareDataForTable(new \Magento\Framework\Object($row), $this->getMainTable());
                     $adapter->insert($this->getMainTable(), $insertData);
                 }
             }
         }
         $adapter->commit();
         $this->_aclCache->clean();
     } catch (\Magento\Framework\Model\Exception $e) {
         $adapter->rollBack();
         throw $e;
     } catch (\Exception $e) {
         $adapter->rollBack();
         $this->_logger->logException($e);
     }
 }
Example #8
0
 /**
  * @expectedException \LogicException
  */
 public function testGetAclRethrowsException()
 {
     $this->_aclCacheMock->expects($this->once())->method('has')->will($this->throwException(new \InvalidArgumentException()));
     $this->_model->getAcl();
 }