/**
* Create role for provided user of provided type
*
* @param int $parentId
* @param ModelUser $user
* @return void
*/
protected function _createUserRole($parentId, ModelUser $user)
{
if ($parentId > 0) {
/** @var \Magento\Authorization\Model\Role $parentRole */
$parentRole = $this->_roleFactory->create()->load($parentId);
} else {
$role = new \Magento\Framework\DataObject();
$role->setTreeLevel(0);
}
if ($parentRole->getId()) {
$data = new \Magento\Framework\DataObject(
[
'parent_id' => $parentRole->getId(),
'tree_level' => $parentRole->getTreeLevel() + 1,
'sort_order' => 0,
'role_type' => RoleUser::ROLE_TYPE,
'user_id' => $user->getId(),
'user_type' => UserContextInterface::USER_TYPE_ADMIN,
'role_name' => $user->getFirstname(),
]
);
$insertData = $this->_prepareDataForTable($data, $this->getTable('authorization_role'));
$this->getConnection()->insert($this->getTable('authorization_role'), $insertData);
$this->_aclCache->clean();
}
}
/**
* Build Access Control List
*
* @return \Magento\Framework\Acl
* @throws \LogicException
*/
public function getAcl()
{
try {
if ($this->_cache->has()) {
$this->_acl = $this->_cache->get();
} else {
$this->_acl = $this->_aclFactory->create();
foreach ($this->_loaderPool as $loader) {
$loader->populateAcl($this->_acl);
}
$this->_cache->save($this->_acl);
}
} catch (\Exception $e) {
throw new \LogicException('Could not create acl object: ' . $e->getMessage());
}
return $this->_acl;
}
/**
* Create role for provided user of provided type
*
* @param int $parentId
* @param ModelUser $user
* @return void
*/
protected function _createUserRole($parentId, ModelUser $user)
{
if ($parentId > 0) {
/** @var \Magento\User\Model\Role $parentRole */
$parentRole = $this->_roleFactory->create()->load($parentId);
} else {
$role = new \Magento\Framework\Object();
$role->setTreeLevel(0);
}
if ($parentRole->getId()) {
$data = new \Magento\Framework\Object(array('parent_id' => $parentRole->getId(), 'tree_level' => $parentRole->getTreeLevel() + 1, 'sort_order' => 0, 'role_type' => RoleUser::ROLE_TYPE, 'user_id' => $user->getId(), 'role_name' => $user->getFirstname()));
$insertData = $this->_prepareDataForTable($data, $this->getTable('admin_role'));
$this->_getWriteAdapter()->insert($this->getTable('admin_role'), $insertData);
$this->_aclCache->clean();
}
}
/**
* Save ACL resources
*
* @param \Magento\Authorization\Model\Rules $rule
* @return void
* @throws \Magento\Framework\Exception\LocalizedException
*/
public function saveRel(\Magento\Authorization\Model\Rules $rule)
{
try {
$connection = $this->getConnection();
$connection->beginTransaction();
$roleId = $rule->getRoleId();
$condition = ['role_id = ?' => (int) $roleId];
$connection->delete($this->getMainTable(), $condition);
$postedResources = $rule->getResources();
if ($postedResources) {
$row = ['resource_id' => $this->_rootResource->getId(), 'privileges' => '', 'role_id' => $roleId, 'permission' => 'allow'];
// If all was selected save it only and nothing else.
if ($postedResources === [$this->_rootResource->getId()]) {
$insertData = $this->_prepareDataForTable(new \Magento\Framework\DataObject($row), $this->getMainTable());
$connection->insert($this->getMainTable(), $insertData);
} else {
/** Give basic admin permissions to any admin */
$postedResources[] = \Magento\Backend\App\AbstractAction::ADMIN_RESOURCE;
$acl = $this->_aclBuilder->getAcl();
/** @var $resource \Magento\Framework\Acl\AclResource */
foreach ($acl->getResources() as $resourceId) {
$row['permission'] = in_array($resourceId, $postedResources) ? 'allow' : 'deny';
$row['resource_id'] = $resourceId;
$insertData = $this->_prepareDataForTable(new \Magento\Framework\DataObject($row), $this->getMainTable());
$connection->insert($this->getMainTable(), $insertData);
}
}
}
$connection->commit();
$this->_aclCache->clean();
} catch (\Magento\Framework\Exception\LocalizedException $e) {
$connection->rollBack();
throw $e;
} catch (\Exception $e) {
$connection->rollBack();
$this->_logger->critical($e);
}
}
/**
* Save ACL resources
*
* @param \Magento\User\Model\Rules $rule
* @return void
* @throws \Magento\Framework\Model\Exception
*/
public function saveRel(\Magento\User\Model\Rules $rule)
{
try {
$adapter = $this->_getWriteAdapter();
$adapter->beginTransaction();
$roleId = $rule->getRoleId();
$condition = array('role_id = ?' => (int) $roleId);
$adapter->delete($this->getMainTable(), $condition);
$postedResources = $rule->getResources();
if ($postedResources) {
$row = array('resource_id' => $this->_rootResource->getId(), 'privileges' => '', 'role_id' => $roleId, 'permission' => 'allow');
// If all was selected save it only and nothing else.
if ($postedResources === array($this->_rootResource->getId())) {
$insertData = $this->_prepareDataForTable(new \Magento\Framework\Object($row), $this->getMainTable());
$adapter->insert($this->getMainTable(), $insertData);
} else {
$acl = $this->_aclBuilder->getAcl();
/** @var $resource \Magento\Framework\Acl\Resource */
foreach ($acl->getResources() as $resourceId) {
$row['permission'] = in_array($resourceId, $postedResources) ? 'allow' : 'deny';
$row['resource_id'] = $resourceId;
$insertData = $this->_prepareDataForTable(new \Magento\Framework\Object($row), $this->getMainTable());
$adapter->insert($this->getMainTable(), $insertData);
}
}
}
$adapter->commit();
$this->_aclCache->clean();
} catch (\Magento\Framework\Model\Exception $e) {
$adapter->rollBack();
throw $e;
} catch (\Exception $e) {
$adapter->rollBack();
$this->_logger->logException($e);
}
}
