/**
* Populate ACL with roles from external storage.
*
* @param Magento_Acl $acl
*/
public function populateAcl(Magento_Acl $acl)
{
$roleList = $this->_roleResource->getRolesIds();
foreach ($roleList as $roleId) {
/** @var $aclRole Mage_Webapi_Model_Authorization_Role */
$aclRole = $this->_roleFactory->createRole(array($roleId));
$acl->addRole($aclRole);
//Deny all privileges to Role. Some of them could be allowed later by whitelist
$acl->deny($aclRole);
}
}
/**
* Populate ACL with rules from external storage
*
* @param Magento_Acl $acl
*/
public function populateAcl(Magento_Acl $acl)
{
$ruleTable = $this->_resource->getTableName("admin_rule");
$adapter = $this->_resource->getConnection('read');
$select = $adapter->select()->from(array('r' => $ruleTable));
$rulesArr = $adapter->fetchAll($select);
foreach ($rulesArr as $rule) {
$role = $rule['role_type'] . $rule['role_id'];
$resource = $rule['resource_id'];
$privileges = !empty($rule['privileges']) ? explode(',', $rule['privileges']) : null;
if ($rule['permission'] == 'allow') {
if ($resource === Mage_Backend_Model_Acl_Config::ACL_RESOURCE_ALL) {
$acl->allow($role, null, $privileges);
}
$acl->allow($role, $resource, $privileges);
} else {
if ($rule['permission'] == 'deny') {
$acl->deny($role, $resource, $privileges);
}
}
}
}
/**
* Deny each resource for all roles.
*
* @param Magento_Acl $acl
*/
protected function _denyResources(Magento_Acl $acl)
{
foreach ($acl->getResources() as $aclResource) {
$acl->deny(null, $aclResource);
}
}
