Exemple #1
0
 /**
  * Initialize the ACL resource.
  *
  * Attempt to read application.ini and find out
  * where to get roles from: acl.ini or mongo.
  *
  * By default, get roles from mongo 'config' collection.
  */
 public function init()
 {
     // Get options from application.ini
     $options = $this->getOptions();
     if (!empty($options) && $options['location'] == 'ini') {
         $acl = App_Acl_Factory::createAclFromFile(APPLICATION_PATH . '/../data/acl/portal.ini');
     } else {
         $acl = new App_Acl();
     }
     // Deny everything by default
     $acl->deny();
     return $acl;
 }
Exemple #2
0
 public static function processRule(App_Acl $acl, $role, $rule)
 {
     App_Acl_Factory::processRule($acl, $role, $rule);
 }
Exemple #3
0
 protected function _makeAcl($acl, $conf)
 {
     App_Acl_Factory::setupAclFromConfig($acl, $conf);
 }
Exemple #4
0
function updateNamespace($ns, $file)
{
    echo "Parsing namespace '{$ns}' ({$file})...\n";
    $acl = App_Acl_Factory::createAclFromFile($file, true);
    echo "Namespace parsed!\n";
    $mapper = Application\Model\Mapper\PermissionMapper::getInstance();
    $namespace = $mapper->getNamespace($ns, true);
    echo "Creating new permission map for namespace '{$ns}'...\n";
    $roles = $acl->getRoles();
    $resPrivs = $acl->getAllPrivileges();
    foreach ($roles as $role) {
        // Divide roles into role-orgType
        $aRole = explode('-', $role);
        if (count($aRole) <= 1) {
            echo "Ignoring role {$role}...\n";
            continue;
        }
        $thisOrgType = array_pop($aRole);
        $roleName = implode('-', $aRole);
        if ($roleName == 'org' || !in_array($thisOrgType, array('super', 'master', 'provider', 'customer', 'aggregator', 'enduser'))) {
            echo "Ignoring role {$role}...\n";
            continue;
        }
        echo "Creating permission map for {$role}...\n";
        $mapper->addRoleId($role);
        $allowed = $acl->getAllowedMapForRole($role);
        foreach ($resPrivs as $resource => $privs) {
            echo "Creating resource '{$resource}' for {$role}...";
            $namespace->namespaceAddResource($resource);
            echo " Resource created!\n";
            foreach ($privs as $priv) {
                $isAllowed = in_array($priv, isset($allowed[$resource]) ? $allowed[$resource] : array());
                if (!$isAllowed) {
                    continue;
                }
                $asserts = array();
                // Getting an App_Acl_Assert_Combine instance!
                $as = $acl->getAssert($role, $resource, $priv);
                $as = $as ? $as->getAsserts() : array();
                foreach ($as as $assert) {
                    $asserts[] = $assert;
                }
                $namespace->setPermission($role, $resource, $priv, $asserts);
            }
        }
        echo "Permission map for {$role} created!\n";
    }
    echo "Permission map for namespace '{$ns}' created!\n";
}