/** * Save the Permission for an action * * @return array */ public function saveActionPermissionsAction() { $ruleModel = new Admin_Model_DbTable_Acl_Rule(); $roleModel = new Admin_Model_DbTable_Acl_Role(); $actionModel = new Admin_Model_DbTable_Acl_Action(); $data = Zend_Json::decode($this->request->getParam('permissions', array())); $return = array(); if (!is_array($data) || !empty($data['aId'])) { // if we have no array or the controller id is directly in the array // we nest the array in an array to get the foreach to work // extjs is sending object if only 1 row has changed and an array of object // if multiple changes occure $data = array($data); } foreach ($data as $el) { $role = $roleModel->find($el['roleId']); $action = $actionModel->find($el['aId']); // not an action provided or multiple controller found if ($action->count() !== 1) { continue; } // not a roleId provided or multiple roles found if ($role->count() !== 1) { continue; } $action = new Admin_Model_DbRow_Action($action->current()); $role = new Admin_Model_DbRow_Role($role->current()); if ($el['rule'] == Admin_Model_DbTable_Acl_Rule::RULE_DENY) { $rule = Admin_Model_DbTable_Acl_Rule::RULE_DB_DENY; } elseif ($el['rule'] == Admin_Model_DbTable_Acl_Rule::RULE_ALLOW) { $rule = Admin_Model_DbTable_Acl_Rule::RULE_DB_ALLOW; } else { $rule = NULL; } $ruleModel->deleteWithActionRole($action->get('id'), $role->get('id')); if ($rule !== NULL) { $permission = new Admin_Model_DbRow_Rule(array('mcId' => $action->get('mcId'), 'aId' => $action->get('id'), 'roleId' => $role->get('id'), 'rule' => $rule)); $ruleModel->insert($permission->toDbArray()); } $return[] = array('ident' => join("_", array($role->get('id'), $action->get('mcId'), $action->get('id'))), 'mcId' => $action->get('mcId'), 'aId' => $action->get('id'), 'roleName' => $role->get('name'), 'roleId' => $role->get('id'), 'rule' => $rule); } return $this->responseSuccess(array('permissions' => $return)); }
/** * Delete an Controller from the database, which does not exists * as an controller file anymore. * Delete also from all releveant tables like * - actions * - rules * * @view views/scripts/controller/delete.phtml * @access public */ public function deleteAction() { $ctrlRow = new Admin_Model_DbRow_Controller($this->dbCtrl->find($this->checkControllerIdParam())); $form = new Admin_Form_Controller_Delete($ctrlRow); $form->setAction('/noc/admin/controller/delete'); if ($ctrlRow->get('id')) { if ($this->getRequest()->isPost()) { if ($form->isValid($this->getRequest()->getParams()) === TRUE && $form->getElement('chkdelete')->isChecked() === TRUE) { // delete the model controller $this->dbCtrl->deleteById($ctrlRow->get('id')); // delete all actions for this module / controller $actionDbModel = new Admin_Model_DbTable_Acl_Action(); $actionDbModel->deleteByControllerId($ctrlRow->get('id')); // delete all rules which are bound to this module / controller $rulesDbModel = new Admin_Model_DbTable_Acl_Rule(); $rulesDbModel->deleteByControllerId($ctrlRow->get('id')); $this->_redirect('admin/controller/scan'); } else { $form->addErrors(array('Delete not successfull. Did you checked the checkbox?')); } } } else { $form->addErrors(array('Invalid Controller Id, cannot proceed')); } $this->view->form = $form; }
/** * change to permission for this action * * @view views/scripts/action/permission.phtml * @access public */ public function permissionAction() { $actionRow = new Admin_Model_DbRow_Action($this->dbAction->find($this->checkActionIdParam())); $ctrlRow = new Admin_Model_DbRow_Controller($this->dbController->find($actionRow->get('mcId'))); $dbRoles = new Admin_Model_DbTable_Acl_Role(); $dbRules = new Admin_Model_DbTable_Acl_Rule(); $roles = array(); $rules = array(); $allowRules = array(); $denyRules = array(); foreach ($dbRoles->fetchActiveRoles() as $row) { $roles[] = new Admin_Model_DbRow_Role($row); } foreach ($dbRules->fetchRulesForAction($actionRow->get('id')) as $row) { $rules[] = new Admin_Model_DbRow_Rule($row); } foreach ($rules as $rule) { if ($rule->get('rule') === Admin_Model_DbTable_Acl_Rule::RULE_DB_ALLOW) { $allowRules[] = $rule->get('roleId'); } elseif ($rule->get('rule') === Admin_Model_DbTable_Acl_Rule::RULE_DB_DENY) { $denyRules[] = $rule->get('roleId'); } } $form = new Admin_Form_Action_Permission($ctrlRow, $actionRow, $roles, $allowRules, $denyRules); $form->setAction('/noc/admin/action/permission'); if ($this->getRequest()->isPost()) { if ($form->isValid($this->getRequest()->getParams()) && $form->hasPermissionCollision($this->getRequest()) === FALSE) { $dbRules->deleteByActionId($actionRow->get('id')); $allow = (array) $form->getElement('rolesallow')->getValue(); $deny = (array) $form->getElement('rolesdeny')->getValue(); foreach ($allow as $roleId) { $dbRules->addRule($ctrlRow->get('id'), $actionRow->get('id'), $roleId, Admin_Model_DbTable_Acl_Rule::RULE_DB_ALLOW); } foreach ($deny as $roleId) { $dbRules->addRule($ctrlRow->get('id'), $actionRow->get('id'), $roleId, Admin_Model_DbTable_Acl_Rule::RULE_DB_DENY); } $this->_redirect(sprintf('admin/action/index/control/%d/id/%d', $ctrlRow->get('id'), $actionRow->get('id'))); } else { $form->addError('Mindestens eine Rolle wurde der Zugriff erlaubt und verweigert.'); } } $this->view->form = $form; $this->view->controller = $ctrlRow; }