/**
* Initializes the database with the init data for the meetings module.
*/
public function init()
{
// create status entries
$authStatusModel = new Auth_Model_Status();
if ($authStatusModel->getResource()->countRows() === 0) {
foreach ($this->_init->options['init']['auth']['status'] as $status) {
$a = array('status' => $status);
$r = $authStatusModel->create($a);
$this->_check($r, $a);
}
}
// create roles entries
$authRoleModel = new Auth_Model_Roles();
if ($authRoleModel->getResource()->countRows() === 0) {
foreach ($this->_init->options['init']['auth']['roles'] as $role) {
$a = array('role' => $role);
$r = $authRoleModel->create($a);
$this->_check($r, $a);
}
}
// create detail keys entries
$authDetailKeysModel = new Auth_Model_DetailKeys();
if ($authDetailKeysModel->getResource()->countRows() === 0) {
foreach ($this->_init->options['init']['auth']['detailKeys'] as &$a) {
if (!isset($a['type'])) {
$a['type_id'] = 0;
} else {
$a['type_id'] = array_search($a['type'], Auth_Model_DetailKeys::$types);
unset($a['type']);
}
$r = $authDetailKeysModel->create($a);
$this->_check($r, $a);
}
}
// create users
$authUserModel = new Auth_Model_User();
if ($authUserModel->getResource()->countRows() === 0) {
foreach ($this->_init->options['init']['auth']['user'] as $credentials) {
// get the corresponding role_id and status_id
$credentials['role_id'] = Daiquiri_Auth::getInstance()->getRoleId($credentials['role']);
unset($credentials['role']);
$credentials['status_id'] = Daiquiri_Auth::getInstance()->getStatusId($credentials['status']);
unset($credentials['status']);
// pre-process password first
$credentials['new_password'] = $credentials['password'];
$credentials['confirm_password'] = $credentials['password'];
unset($credentials['password']);
// process detail keys
foreach ($this->_init->options['init']['auth']['detailKeys'] as $detailKey) {
if (in_array(Auth_Model_DetailKeys::$types[$detailKey['type_id']], array('radio', 'select'))) {
$options = Zend_Json::decode($detailKey['options']);
$option_id = array_search($credentials[$detailKey['key']], $options);
$credentials[$detailKey['key']] = $option_id;
} else {
if (in_array(Auth_Model_DetailKeys::$types[$detailKey['type_id']], array('checkbox', 'multiselect'))) {
$options = Zend_Json::decode($detailKey['options']);
$values = array();
foreach ($credentials[$detailKey['key']] as $value) {
$values[] = array_search($value, $options);
}
$credentials[$detailKey['key']] = $values;
}
}
}
// fake request parametes to make
Zend_Controller_Front::getInstance()->getRequest()->setParams($credentials);
// create user
$r = $authUserModel->create($credentials);
// clean up request
Zend_Controller_Front::getInstance()->getRequest()->setParams(array());
$this->_check($r, $credentials);
}
}
// create apps
$authAppsModel = new Auth_Model_Apps();
if ($authAppsModel->getResource()->countRows() === 0) {
foreach ($this->_init->options['init']['auth']['apps'] as $credentials) {
// pre-process password first
$credentials['new_password'] = $credentials['password'];
$credentials['confirm_password'] = $credentials['password'];
unset($credentials['password']);
// fake request parametes to make
Zend_Controller_Front::getInstance()->getRequest()->setParams($credentials);
// create user
$r = $authAppsModel->create($credentials);
// clean up request
Zend_Controller_Front::getInstance()->getRequest()->setParams(array());
$this->_check($r, $credentials);
}
}
// create acl ressources
$authResourcesModel = new Auth_Model_Resources();
if ($authResourcesModel->getResource()->countRows() === 0) {
foreach ($this->_init->options['init']['auth']['resources'] as $resource) {
$a = array('resource' => $resource);
$r = $authResourcesModel->create($a);
$this->_check($r, $a);
}
}
// create acl rules, needs to be after create apps
$authRulesModel = new Auth_Model_Rules();
if ($authRulesModel->getResource()->countRows() === 0) {
foreach ($this->_init->options['init']['auth']['rules'] as $role => $rule) {
foreach ($rule as $resource => $permissions) {
$a = array('role' => $role, 'resource' => $resource, 'permissions' => implode(',', $permissions));
$r = $authRulesModel->create($a);
$this->_check($r, $a);
}
}
}
}
/**
* @brief constructor - constructs an Zend_Acl object from information stored in the database
*
* Sets all Roles, Apps, Resources, and Rules from the database as stored in the Auth module.
* It always sets up the complete role/rule/ressource stack, so that all ACL information is
* globally available.
*/
public function __construct()
{
// get the roles
$roleModel = new Auth_Model_Roles();
$roles = $roleModel->getResource()->fetchValues('role');
// get the apps
$appsModel = new Auth_Model_Apps();
$apps = $appsModel->getResource()->fetchValues('appname');
// define roles for acl using roles and apps
if (!empty($roles)) {
$this->addRole(new Zend_Acl_Role($roles[1]));
for ($i = 2; $i <= sizeof($roles); $i++) {
$this->addRole(new Zend_Acl_Role($roles[$i]), $roles[$i - 1]);
}
}
foreach ($apps as $app) {
$this->addRole(new Zend_Acl_Role($app));
}
// get the resources
$resourcesModel = new Auth_Model_Resources();
$this->_defined_resources = $resourcesModel->getResource()->fetchValues('resource');
// define resources
foreach ($this->_defined_resources as $resource) {
$this->add(new Zend_Acl_Resource($resource));
}
// get the rules
$rulesModel = new Auth_Model_Rules();
$rules = $rulesModel->getResource()->fetchRows();
// define permissions
foreach ($rules as $rule) {
if ($rule['role_id']) {
if ($rule['role_id'] > 0) {
$role = $roles[$rule['role_id']];
} else {
$role = $apps[-$rule['role_id']];
}
} else {
// null role, i.e. all users
$role = null;
}
if ($rule['resource_id']) {
$resource = $this->_defined_resources[$rule['resource_id']];
} else {
// all resources
$resource = null;
}
if ($rule['permissions']) {
$permissions = array();
foreach (explode(',', $rule['permissions']) as $permission) {
$array = explode('?', $permission);
if (count($array) == 1) {
$permissions[] = $permission;
} else {
if (count($array) <= 2) {
$permissions[] = $array[0];
foreach (explode('&', $array[1]) as $argument) {
$permissions[] = $array[0] . '?' . $argument;
}
} else {
throw new Exception('Unable to parse permission string in ' . __METHOD__);
}
}
}
} else {
// all permissions on their resource
$permissions = null;
}
$this->allow($role, $resource, $permissions);
}
}
