/** * Usuwanie uprawnień do kontrolerów/akcji * * Wszystkie zasoby dziedziczą po swoich przodkach (kontroler.akcja po kontrolerze, kontroler po module), podobnie role i grupy uprawnień. * Rola użytkownika (w sensie ACL) to "profil_{id_profilu}" i do profilu przywiązane są grupy uprawnień i role. * * @return Zend_Acl */ public function getAcl() { $oddzial = ODDZIAL_ID; $profil = $this->getCurrentProfile(); $aclProfileId = $profil ? $profil->id : 'none'; if ($aclProfileId !== "none") { $cm = $this->getBootstrap()->getResource('cachemanager'); $cache = $cm->getCache('rolecache'); $front = Zend_Controller_Front::getInstance(); $pluginAcl = $front->getPlugin('Base_Controller_Plugin_Acl'); $branch_name = is_numeric(ODDZIAL_ID) && ODDZIAL_ID > 0 ? '_' . ODDZIAL_ID : ''; $this->acl = $cache->load('acl_profile_' . $aclProfileId . $branch_name); if (!$this->acl) { $this->acl = $front->getPlugin('Base_Controller_Plugin_Acl')->getAcl(); $this->_groups = $all_groups = $grupy = $this->getGroups(); $profileResourceDenyModel = new ProfileResourceDeny(); $profileResourceDeny = $profileResourceDenyModel->fetchAll("id_profile=" . $aclProfileId)->toArray(); $rup = array(); foreach ($profileResourceDeny as $gpr) { $rupModel = new GroupLinkResource(); $rup = array_merge($rup, $rupModel->fetchAll("id_group=" . $gpr['id_group'])->toArray()); } $tmp = $this->getResources(); $up = $tmp['mvc']->toArray(); $upArray = array(); /** * Dla każdego zasobu dodajemy resource z odpowiednim przodkiem */ foreach ($up as $u) { $upArray[$u['id']] = $u; $module = $u['module']; $controller = $u['controller']; $action = $u['action']; if ('*' == $controller) { $resource = $this->buildResourceName('mvc', $module); $parent = null; } if ('*' == $action) { $resource = $this->buildResourceName('mvc', $module, $controller); $parent = $this->buildResourceName('mvc', $module); if (!$this->acl->has($parent)) { $this->acl->add(new Zend_Acl_Resource($parent), null); } } if ('*' != $action and $action) { $resource = $this->buildResourceName('mvc', $module, $controller, $action); $parent = $this->buildResourceName('mvc', $module, $controller); if (!$this->acl->has($parent)) { $this->acl->add(new Zend_Acl_Resource($parent), null); } } if (!$this->acl->has($resource)) { $this->acl->add(new Zend_Acl_Resource($resource), $parent); } } /** * Usuwanie resource'ów z ról/grup */ foreach ($rup as $r) { $module = $upArray[$r['id_resource']]['module']; $controller = $upArray[$r['id_resource']]['controller']; $action = $upArray[$r['id_resource']]['action']; $role = 'group_' . (int) $all_groups[$r['id_group']]['priority'] . "_" . $r['id_group']; if ('*' == $controller) { $resource = $this->buildResourceName('mvc', $module); } elseif ('*' == $action) { $resource = $this->buildResourceName('mvc', $module, $controller); } elseif ('*' != $action and $action) { $resource = $this->buildResourceName('mvc', $module, $controller, $action); } /** * Usuwanie grup z profilu */ $this->acl->deny($role, $resource); $cache->save($this->acl, 'acl_profile_' . $aclProfileId . $branch_name); } } return $this->acl; } }
/** * Aktualizacja zasobów(grup) dla profilu * * @param Base_Form_Abstract $form formularz z danymi do zapisania * @param integer $id id profilu * @return integer ilość poprawionych wierszy */ public function _updateGroupResource($form, $id) { $profileResourceDenyModel = new ProfileResourceDeny(); $values = $form->getValues(); $profileResourceDenyModel->delete('id_profile = ' . $id); $profileResourceDenyModel->getAdapter()->beginTransaction(); $tmp = 0; $ret = 0; try { foreach ($values['group'] as $group_id) { $tmp = $profileResourceDenyModel->insert(array('id_profile' => $id, 'id_group' => $group_id)); } $ret += $tmp; $tmp = 0; $profileResourceDenyModel->getAdapter()->commit(); $cache = Zend_Controller_Front::getInstance()->getParam('bootstrap')->getResource('cachemanager')->getCache('rolecache'); $cache->clean(Zend_Cache::CLEANING_MODE_ALL); } catch (Exception $e) { $profileResourceDenyModel->getAdapter()->rollBack(); } return $ret; }