/** * returns the actions of a module from the ontology * * @access public * @author Jerome Bogaerts, <*****@*****.**> * @param Resource module * @return array */ public static function getActions(core_kernel_classes_Resource $module) { $returnValue = array(); $controllerClassName = funcAcl_helpers_Map::getControllerFromUri($module->getUri()); try { foreach (ControllerHelper::getActions($controllerClassName) as $actionName) { $uri = funcAcl_helpers_Map::getUriForAction($controllerClassName, $actionName); $returnValue[$uri] = new core_kernel_classes_Resource($uri); } } catch (ReflectionException $e) { // unknown controller, no actions returned } return (array) $returnValue; }
/** * (non-PHPdoc) * @see \oat\tao\model\accessControl\AccessControl::hasAccess() */ public function hasAccess(User $user, $controller, $action, $parameters) { $required = array(); try { foreach (ControllerHelper::getRequiredRights($controller, $action) as $paramName => $privileges) { if (isset($parameters[$paramName])) { if (preg_match('/^[a-z]*_2_/', $parameters[$paramName]) != 0) { common_Logger::w('url encoded parameter detected for ' . $paramName); $cleanName = \tao_helpers_Uri::decode($parameters[$paramName]); } else { $cleanName = $parameters[$paramName]; } $required[$cleanName] = $privileges; } else { throw new \Exception('Missing parameter ' . $paramName . ' for ' . $controller . '/' . $action); } } } catch (ActionNotFoundException $e) { // action not found, no access return false; } return empty($required) ? true : self::hasPrivileges($user, $required); }
public static function flushExtensionAccess($extensionId) { self::getCacheImplementation()->remove(self::CACHE_PREFIX_EXTENSION . $extensionId); foreach (ControllerHelper::getControllers($extensionId) as $controllerClassName) { self::flushControllerAccess($controllerClassName); } }
/** * compulte permissions for a node against actions * @param array[] $actions the actions data with context, name and the resolver * @param User $user the user * @param array $node a tree node * @return array the node augmented with permissions */ private function computePermissions($actions, $user, $node) { if (isset($node['attributes']['data-uri'])) { foreach ($actions as $action) { if ($node['type'] == $action['context'] || $action['context'] == 'resource') { $resolver = $action['resolver']; try { if ($node['type'] == 'class') { $params = array('classUri' => $node['attributes']['data-uri']); } else { $params = array(); foreach ($node['attributes'] as $key => $value) { if (substr($key, 0, strlen('data-')) == 'data-') { $params[substr($key, strlen('data-'))] = $value; } } } $params['id'] = $node['attributes']['data-uri']; $required = array_keys(ControllerHelper::getRequiredRights($resolver->getController(), $resolver->getAction())); if (count(array_diff($required, array_keys($params))) == 0) { $node['permissions'][$action['id']] = AclProxy::hasAccess($user, $resolver->getController(), $resolver->getAction(), $params); } else { common_Logger::d('Unable to determine access to ' . $action['id'], 'ACL'); } //@todo should be a checked exception! } catch (Exception $e) { common_Logger::w('Unable to resolve permission for action ' . $action['id'] . ' : ' . $e->getMessage()); } } } } if (isset($node['children'])) { foreach ($node['children'] as $index => $child) { $node['children'][$index] = $this->computePermissions($actions, $user, $child); } } return $node; }
private function whiteListExtension($extensionId) { foreach (ControllerHelper::getControllers($extensionId) as $controllerClassName) { $this->whiteListController($controllerClassName); } }
/** * Shows the access to the actions of a controller for a specific role * * @throws Exception */ public function getActions() { if (!tao_helpers_Request::isAjax()) { throw new Exception("wrong request mode"); } else { $role = new core_kernel_classes_Resource($this->getRequestParameter('role')); $included = array(); foreach (tao_models_classes_RoleService::singleton()->getIncludedRoles($role) as $includedRole) { $included[] = $includedRole->getUri(); } $module = new core_kernel_classes_Resource($this->getRequestParameter('module')); $controllerClassName = funcAcl_helpers_Map::getControllerFromUri($module->getUri()); $controllerAccess = funcAcl_helpers_Cache::getControllerAccess($controllerClassName); $actions = array(); foreach (ControllerHelper::getActions($controllerClassName) as $actionName) { $uri = funcAcl_helpers_Map::getUriForAction($controllerClassName, $actionName); $part = explode('#', $uri); list($type, $extId, $modId, $actId) = explode('_', $part[1]); $allowedRoles = isset($controllerAccess['actions'][$actionName]) ? array_merge($controllerAccess['module'], $controllerAccess['actions'][$actionName]) : $controllerAccess['module']; $access = count(array_intersect($included, $allowedRoles)) > 0 ? self::ACCESS_INHERITED : (in_array($role->getUri(), $allowedRoles) ? self::ACCESS_FULL : self::ACCESS_NONE); $actions[$actId] = array('uri' => $uri, 'access' => $access); } ksort($actions); $this->returnJson($actions); } }