Describes ACL Role object
/**
* Loads permissions into role object
*
* @param Role\RoleObject $role A role object
*/
protected function loadRolePermissions(Role\RoleObject $role)
{
if ($role instanceof Role\AccountRoleObject) {
$sAcc = 'account_';
$rmJoin = "LEFT JOIN acl_account_role_resource_modes rm ON rr.`account_role_id` = rm.account_role_id " . " AND rr.`resource_id` = rm.`resource_id`";
} else {
$sAcc = '';
$rmJoin = '';
}
$disabledResources = Acl::getDisabledResources();
$disabledSql = !empty($disabledResources) ? "AND rr.resource_id NOT IN (" . implode(',', array_fill(0, count($disabledResources), '?')) . ")" : "";
$res = $this->db->Execute("\n SELECT\n rr.`" . $sAcc . "role_id` AS `role_id`,\n rr.`resource_id`, rr.`granted`, rp.`perm_id`,\n rp.`granted` AS `perm_granted`,\n " . (!empty($rmJoin) ? "rm.`mode`" : "NULL AS `mode`") . "\n FROM `acl_" . $sAcc . "role_resources` rr\n " . $rmJoin . "\n LEFT JOIN `acl_" . $sAcc . "role_resource_permissions` rp\n ON rp.`" . $sAcc . "role_id` = rr.`" . $sAcc . "role_id`\n AND rp.`resource_id` = rr.`resource_id`\n WHERE rr.`" . $sAcc . "role_id` = ?\n {$disabledSql}\n ", array_merge((array) $role->getRoleId(), $disabledResources));
if ($res) {
$resources = $role->getResources();
while ($rec = $res->FetchRow()) {
if (!isset($resources[$rec['resource_id']])) {
//Adds resource to role object
$resource = new Role\RoleResourceObject($rec['role_id'], $rec['resource_id'], $rec['granted'], $rec['mode']);
$role->appendResource($resource);
} else {
$resource = $resources[$rec['resource_id']];
}
if ($rec['perm_id'] !== null) {
$permission = new Role\RoleResourcePermissionObject($rec['role_id'], $rec['resource_id'], $rec['perm_id'], $rec['perm_granted']);
//We should append permission only if it's been declared in the definition.
$resourceDefinition = Resource\Definition::get($resource->getResourceId());
if ($resourceDefinition->hasPermission($permission->getPermissionId())) {
$resource->appendPermission($permission);
}
unset($permission);
}
unset($resource);
}
}
}
/**
* Loads permissions into role object
*
* @param Role\RoleObject $role A role object
*/
protected function loadRolePermissions(Role\RoleObject $role)
{
$sAcc = $role instanceof Role\AccountRoleObject ? 'account_' : '';
$res = $this->db->Execute("\n SELECT\n rr.`" . $sAcc . "role_id` as `role_id`,\n rr.`resource_id`, rr.`granted`, rp.`perm_id`,\n rp.`granted` AS `perm_granted`\n FROM `acl_" . $sAcc . "role_resources` rr\n LEFT JOIN `acl_" . $sAcc . "role_resource_permissions` rp\n ON rp.`" . $sAcc . "role_id` = rr.`" . $sAcc . "role_id`\n AND rp.`resource_id` = rr.`resource_id`\n WHERE rr.`" . $sAcc . "role_id` = ?\n ", array($role->getRoleId()));
if ($res) {
$resources = $role->getResources();
while ($rec = $res->FetchRow()) {
if (!isset($resources[$rec['resource_id']])) {
//Adds resource to role object
$resource = new Role\RoleResourceObject($rec['role_id'], $rec['resource_id'], $rec['granted']);
$role->appendResource($resource);
} else {
$resource = $resources[$rec['resource_id']];
}
if ($rec['perm_id'] !== null) {
$permission = new Role\RoleResourcePermissionObject($rec['role_id'], $rec['resource_id'], $rec['perm_id'], $rec['perm_granted']);
//We should append permission only if it's been declared in the definition.
$resourceDefinition = Resource\Definition::get($resource->getResourceId());
if ($resourceDefinition->hasPermission($permission->getPermissionId())) {
$resource->appendPermission($permission);
}
unset($permission);
}
unset($resource);
}
}
}
/**
* {@inheritdoc}
* @see Scalr\Acl\Role.RoleObject::isOverridden()
*/
public function isOverridden($resourceId, $permissionId = null)
{
$overridden = parent::isAllowed($resourceId, $permissionId) !== null;
return $overridden;
}
