Exemple #1
0
 public function runConfigureRole(TBGRequest $request)
 {
     try {
         $role = new TBGRole($request['role_id']);
     } catch (Exception $e) {
         $this->getResponse()->setHttpStatus(400);
         return $this->renderJSON(array('error' => $this->getI18n()->__('This is not a valid role')));
     }
     if ($role->isSystemRole()) {
         $access_level = $this->getAccessLevel($request['section'], 'core');
     } else {
         $access_level = $this->getUser()->canManageProject($role->getProject()) ? TBGSettings::ACCESS_FULL : TBGSettings::ACCESS_READ;
     }
     switch ($request['mode']) {
         case 'list_permissions':
             return $this->renderTemplate('configuration/rolepermissionslist', array('role' => $role));
             break;
         case 'edit':
             if (!$access_level == TBGSettings::ACCESS_FULL) {
                 $this->getResponse()->setHttpStatus(400);
                 return $this->renderJSON(array('error' => $this->getI18n()->__('You do not have access to edit these permissions')));
             }
             if ($request->isPost()) {
                 $role->setName($request['name']);
                 $role->save();
                 $new_permissions = array();
                 foreach ($request['permissions'] as $new_permission) {
                     $permission_details = explode(',', $new_permission);
                     $new_permissions[$permission_details[2]] = array('module' => $permission_details[0], 'target_id' => $permission_details[1]);
                 }
                 foreach ($role->getPermissions() as $existing_permission) {
                     if (!array_key_exists($existing_permission->getPermission(), $new_permissions)) {
                         $role->removePermission($existing_permission);
                     }
                 }
                 foreach ($new_permissions as $permission_key => $details) {
                     $p = new TBGRolePermission();
                     $p->setModule($details['module']);
                     $p->setPermission($permission_key);
                     if ($details['target_id']) {
                         $p->setTargetID($details['target_id']);
                     }
                     $role->addPermission($p);
                 }
                 return $this->renderJSON(array('message' => $this->getI18n()->__('Permissions updated'), 'permissions_count' => count($request['permissions']), 'role_name' => $role->getName()));
             }
             return $this->renderTemplate('configuration/rolepermissionsedit', array('role' => $role));
         case 'delete':
             if (!$access_level == TBGSettings::ACCESS_FULL || !$request->isPost()) {
                 $this->getResponse()->setHttpStatus(400);
                 return $this->renderJSON(array('error' => $this->getI18n()->__('This role cannot be removed')));
             }
             $role->delete();
             return $this->renderJSON(array('message' => $this->getI18n()->__('Role deleted')));
     }
 }
Exemple #2
0
 public function addPermission(TBGRolePermission $permission)
 {
     $permission->setRole($this);
     $permission->save();
     if ($this->_permissions !== null) {
         $this->_permissions[$permission->getID()] = $permission;
     }
     TBGPermissionsTable::getTable()->addRolePermission($this->getID(), $permission);
 }
 public function addRolePermission($role_id, TBGRolePermission $rolepermission)
 {
     $crit = $this->getCriteria();
     $crit->addWhere(self::ROLE_ID, $role_id);
     $existing_identifiables = array('users' => array(), 'teams' => array());
     if ($res = $this->doSelect($crit)) {
         while ($row = $res->getNextRow()) {
             $key = $row->get(self::UID) ? self::UID : self::TID;
             $existing_identifiables[$key][$row->get($key)] = array('id' => $row->get($key), 'target_id' => $row->get(self::TARGET_ID));
         }
         foreach ($existing_identifiables as $key => $identifiables) {
             foreach ($identifiables as $identifiable) {
                 $crit = $this->getCriteria();
                 $crit->addInsert(self::SCOPE, TBGContext::getScope()->getID());
                 $crit->addInsert(self::PERMISSION_TYPE, $rolepermission->getPermission());
                 $crit->addInsert(self::TARGET_ID, $identifiable['target_id']);
                 $crit->addInsert($key, $identifiable['id']);
                 $crit->addInsert(self::ALLOWED, true);
                 $crit->addInsert(self::MODULE, $rolepermission->getModule());
                 $crit->addInsert(self::ROLE_ID, $role_id);
                 $res = $this->doInsert($crit);
             }
         }
     }
 }