Example #1
0
File: Acl.php Project: scalr/scalr
 /**
  * Loads permissions into role object
  *
  * @param   Role\RoleObject $role  A role object
  */
 protected function loadRolePermissions(Role\RoleObject $role)
 {
     if ($role instanceof Role\AccountRoleObject) {
         $sAcc = 'account_';
         $rmJoin = "LEFT JOIN acl_account_role_resource_modes rm ON rr.`account_role_id` = rm.account_role_id " . " AND rr.`resource_id` = rm.`resource_id`";
     } else {
         $sAcc = '';
         $rmJoin = '';
     }
     $disabledResources = Acl::getDisabledResources();
     $disabledSql = !empty($disabledResources) ? "AND rr.resource_id NOT IN (" . implode(',', array_fill(0, count($disabledResources), '?')) . ")" : "";
     $res = $this->db->Execute("\n            SELECT\n                rr.`" . $sAcc . "role_id` AS `role_id`,\n                rr.`resource_id`, rr.`granted`, rp.`perm_id`,\n                rp.`granted` AS `perm_granted`,\n                " . (!empty($rmJoin) ? "rm.`mode`" : "NULL AS `mode`") . "\n            FROM `acl_" . $sAcc . "role_resources` rr\n            " . $rmJoin . "\n            LEFT JOIN `acl_" . $sAcc . "role_resource_permissions` rp\n                ON rp.`" . $sAcc . "role_id` = rr.`" . $sAcc . "role_id`\n                AND rp.`resource_id` = rr.`resource_id`\n            WHERE rr.`" . $sAcc . "role_id` = ?\n            {$disabledSql}\n        ", array_merge((array) $role->getRoleId(), $disabledResources));
     if ($res) {
         $resources = $role->getResources();
         while ($rec = $res->FetchRow()) {
             if (!isset($resources[$rec['resource_id']])) {
                 //Adds resource to role object
                 $resource = new Role\RoleResourceObject($rec['role_id'], $rec['resource_id'], $rec['granted'], $rec['mode']);
                 $role->appendResource($resource);
             } else {
                 $resource = $resources[$rec['resource_id']];
             }
             if ($rec['perm_id'] !== null) {
                 $permission = new Role\RoleResourcePermissionObject($rec['role_id'], $rec['resource_id'], $rec['perm_id'], $rec['perm_granted']);
                 //We should append permission only if it's been declared in the definition.
                 $resourceDefinition = Resource\Definition::get($resource->getResourceId());
                 if ($resourceDefinition->hasPermission($permission->getPermissionId())) {
                     $resource->appendPermission($permission);
                 }
                 unset($permission);
             }
             unset($resource);
         }
     }
 }
Example #2
0
File: Acl.php Project: recipe/scalr
 /**
  * Loads permissions into role object
  *
  * @param   Role\RoleObject $role  A role object
  */
 protected function loadRolePermissions(Role\RoleObject $role)
 {
     $sAcc = $role instanceof Role\AccountRoleObject ? 'account_' : '';
     $res = $this->db->Execute("\n            SELECT\n                rr.`" . $sAcc . "role_id` as `role_id`,\n                rr.`resource_id`, rr.`granted`, rp.`perm_id`,\n                rp.`granted` AS `perm_granted`\n            FROM `acl_" . $sAcc . "role_resources` rr\n            LEFT JOIN `acl_" . $sAcc . "role_resource_permissions` rp\n                ON rp.`" . $sAcc . "role_id` = rr.`" . $sAcc . "role_id`\n                AND rp.`resource_id` = rr.`resource_id`\n            WHERE rr.`" . $sAcc . "role_id` = ?\n        ", array($role->getRoleId()));
     if ($res) {
         $resources = $role->getResources();
         while ($rec = $res->FetchRow()) {
             if (!isset($resources[$rec['resource_id']])) {
                 //Adds resource to role object
                 $resource = new Role\RoleResourceObject($rec['role_id'], $rec['resource_id'], $rec['granted']);
                 $role->appendResource($resource);
             } else {
                 $resource = $resources[$rec['resource_id']];
             }
             if ($rec['perm_id'] !== null) {
                 $permission = new Role\RoleResourcePermissionObject($rec['role_id'], $rec['resource_id'], $rec['perm_id'], $rec['perm_granted']);
                 //We should append permission only if it's been declared in the definition.
                 $resourceDefinition = Resource\Definition::get($resource->getResourceId());
                 if ($resourceDefinition->hasPermission($permission->getPermissionId())) {
                     $resource->appendPermission($permission);
                 }
                 unset($permission);
             }
             unset($resource);
         }
     }
 }
Example #3
0
 /**
  * Appends permission object which associated with the resource
  *
  * @param   RoleResourcePermissionObject $permission The resource permission object
  * @return  RoleResourceObject
  */
 public function appendPermission(RoleResourcePermissionObject $permission)
 {
     $this->permissions[$permission->getPermissionId()] = $permission;
     return $this;
 }