<?php
global $conf;
global $global;
define('APPROOT', realpath(dirname(__FILE__) . '/../') . '/');
$_SESSION['username'] = '******';
require_once APPROOT . 'conf/sysconf.php';
include APPROOT . '3rd/phpgacl/gacl.class.php';
include APPROOT . '3rd/phpgacl/gacl_api.class.php';
include APPROOT . 'inc/handler_db.inc';
# $gacl= new gacl(array('db_host'=> $conf['db_host'] , 'db_name'=> $conf['db_name'] , 'db_user'=> $conf['db_user'], 'db_password'=> $conf['db_pass'] , 'db_table_prefix'=>'gacl_' , 'db_type'=> 'mysql' ));
# $gacl_api = new gacl_api(array('db_host'=> $conf['db_host'] , 'db_name'=> $conf['db_name'] , 'db_user'=> $conf['db_user'], 'db_password'=> $conf['db_pass'] , 'db_table_prefix'=>'gacl_' , 'db_type'=> 'mysql' ));
$gacl = new gacl(array('db' => $global['db'], 'db_table_prefix' => 'gacl_'));
$gacl_api = new gacl_api(array('db' => $global['db'], 'db_table_prefix' => 'gacl_'));
$g_user_admin = $gacl_api->get_group_id('admin', 'Admin', ' ARO');
$gacl_api->add_object('modules', 'Dashboard', 'dashboard', 8, 0, 'AXO');
$gacl_api->add_acl(array('access' => array('access')), null, array($g_user_admin), array('modules' => array('dashboard')));
// and add him/her to the above-created "admin" group.
// If this script is being used by OpenEMR's setup, then will
// incorporate the installation values. Otherwise will
// hardcode the 'admin' user.
if (isset($this->iuser)) {
$gacl->add_object('users', $this->iuname, $this->iuser, 10, 0, 'ARO');
$gacl->add_group_object($admin, 'users', $this->iuser, 'ARO');
} else {
$gacl->add_object('users', 'Administrator', 'admin', 10, 0, 'ARO');
$gacl->add_group_object($admin, 'users', 'admin', 'ARO');
}
// Declare return terms for language translations
// xl('write') xl('wsome') xl('addonly')
// Set permissions for administrators.
//
$gacl->add_acl(array('acct' => array('bill', 'disc', 'eob', 'rep', 'rep_a'), 'admin' => array('calendar', 'database', 'forms', 'practice', 'superbill', 'users', 'batchcom', 'language', 'super', 'drugs', 'acl'), 'encounters' => array('auth_a', 'coding_a', 'notes_a', 'date_a'), 'lists' => array('default', 'state', 'country', 'language', 'ethrace'), 'patients' => array('appt', 'demo', 'med', 'trans', 'docs', 'notes'), 'sensitivities' => array('normal', 'high'), 'nationnotes' => array('nn_configure')), NULL, array($admin), NULL, NULL, 1, 1, 'write', 'Administrators can do anything');
// xl('Administrators can do anything')
// Set permissions for physicians.
//
$gacl->add_acl(array('placeholder' => array('filler')), NULL, array($doc), NULL, NULL, 1, 1, 'addonly', 'Things that physicians can read and enter but not modify');
// xl('Things that physicians can read and enter but not modify')
$gacl->add_acl(array('acct' => array('disc', 'rep'), 'admin' => array('drugs'), 'encounters' => array('auth_a', 'coding_a', 'notes_a', 'date_a'), 'patients' => array('appt', 'demo', 'med', 'trans', 'docs', 'notes', 'sign'), 'sensitivities' => array('normal', 'high')), NULL, array($doc), NULL, NULL, 1, 1, 'write', 'Things that physicians can read and modify');
// xl('Things that physicians can read and modify')
// Set permissions for clinicians.
//
$gacl->add_acl(array('encounters' => array('notes', 'relaxed'), 'patients' => array('demo', 'med', 'docs', 'notes'), 'sensitivities' => array('normal')), NULL, array($clin), NULL, NULL, 1, 1, 'addonly', 'Things that clinicians can read and enter but not modify');
// xl('Things that clinicians can read and enter but not modify')
$gacl->add_acl(array('admin' => array('drugs'), 'encounters' => array('coding'), 'patients' => array('appt')), NULL, array($clin), NULL, NULL, 1, 1, 'write', 'Things that clinicians can read and modify');
// xl('Things that clinicians can read and modify')
// Set permissions for front office staff.
//
echo "Error creating 'Jedi > Luke' ARO Group > ARO Connection!<br>\n";
}
}
unset($result);
/*
* Allow the Jedi ARO Group Access to the Cockpit:
*/
//Associative array, with Object Section Value => array( Object Value ) pairs.
$aco_array = array('access' => array('cockpit'));
$aro_array_GroupID = array($gacl_api->get_group_id('jedi'));
$allow = TRUE;
$enabled = TRUE;
$return_value = NULL;
$note = "Allowing the Jedi to have Access to the cockpit!";
//The NULL values are for the more advanced options such as groups, and AXOs. Refer to the manual for more info.
$result = $gacl_api->add_acl($aco_array, NULL, $aro_array_GroupID, NULL, NULL, $allow, $enabled, $return_value, $note, 'user');
if ($outputDebug == TRUE) {
if ($result !== FALSE) {
echo "Created our Jedi Cockpit Access ACL sucessfully!<br>\n";
} else {
echo "Error creating ACL.<br>\n";
}
}
unset($result);
if ($outputDebug == TRUE) {
echo "<br>\n";
echo "=================================================================================================<br>\n";
echo "-- Lets test the Jedi ACL for Obi-wan! --<br>\n";
echo "=================================================================================================<br>\n";
}
// Lets check if Obi-wan has access to the Lounge
$gacl_api->add_object('entities', 'Address', 'address', 14, 0, 'AXO');
// Add Groups
$gacl_api->add_group_object($g_entities_primary, 'entities', 'event', 'AXO');
$gacl_api->add_group_object($g_entities_primary, 'entities', 'person', 'AXO');
$gacl_api->add_group_object($g_entities_primary, 'entities', 'document', 'AXO');
$gacl_api->add_group_object($g_entities_primary, 'entities', 'supporting_docs_meta', 'AXO');
$gacl_api->add_group_object($g_entities_primary, 'entities', 'address', 'AXO');
$gacl_api->add_group_object($g_entities_linking, 'entities', 'act', 'AXO');
$gacl_api->add_group_object($g_entities_linking, 'entities', 'information', 'AXO');
$gacl_api->add_group_object($g_entities_linking, 'entities', 'intervention', 'AXO');
$gacl_api->add_group_object($g_entities_linking, 'entities', 'involvement', 'AXO');
$gacl_api->add_group_object($g_entities_linking, 'entities', 'chain_of_events', 'AXO');
$gacl_api->add_group_object($g_entities_additional, 'entities', 'biographic_details', 'AXO');
$gacl_api->add_group_object($g_entities_additional, 'entities', 'arrest', 'AXO');
$gacl_api->add_group_object($g_entities_additional, 'entities', 'destruction', 'AXO');
$gacl_api->add_group_object($g_entities_additional, 'entities', 'killing', 'AXO');
$gacl_api->add_group_object($g_entities_additional, 'entities', 'torture', 'AXO');
$gacl_api->add_group_object($g_user_admin, 'users', 'admin', 'ARO');
$gacl_api->add_group_object($g_user_data_entry, 'users', 'user1', 'ARO');
$gacl_api->add_group_object($g_user_analyst, 'users', 'user2', 'ARO');
$gacl_api->add_group_object($g_user_data_entry, 'users', 'user3', 'ARO');
// permissions
$gacl_api->add_acl(array('access' => array('access')), null, array($root_aro), array('modules' => array('home', 'help')));
$gacl_api->add_acl(array('access' => array('access')), null, array($g_user_admin), array('modules' => array('events', 'person', 'docu', 'analysis', 'admin')));
$gacl_api->add_acl(array('access' => array('access')), null, array($g_user_analyst), array('modules' => array('analysis')));
$gacl_api->add_acl(array('access' => array('access')), null, array($g_user_data_entry), array('modules' => array('person', 'events', 'docu')));
$gacl_api->add_acl(array('access' => array('access')), null, array($g_user_admin), array('modules' => array('dashboard')));
$gacl_api->add_acl(array('crud' => array('create', 'read', 'update', 'delete')), null, array($root_aro), array('entities' => array('person', 'event', 'act', 'information', 'intervention', 'involvement', 'chain_of_events', 'biographic_details', 'arrest', 'destruction', 'killing', 'torture', 'supporting_docs_meta', 'address')));
$gacl_api->add_acl(array('access' => array('access')), null, array($root_aro), null, array($g_events));
$gacl_api->add_acl(array('access' => array('access')), null, array($root_aro), null, array($g_person));
echo 'Installed the default GACL access control List ';
public function act_test()
{
include APPROOT . '3rd/phpgacl/gacl_api.class.php';
// $gacl_api = new gacl_api(array('db'=>$global['db'] , 'db_table_prefix'=>'gacl_'));
$gacl_api = new gacl_api();
$gacl_api->clear_database();
// ARO //
$root_aro = $gacl_api->add_group('root', 'OpenEvSysUser', 0, 'ARO');
$user_group = $gacl_api->add_group('users', 'Users', $root_aro, 'ARO');
$g_user_admin = $gacl_api->add_group('admin', 'Admin', $user_group, ' ARO');
$g_user_analyst = $gacl_api->add_group('analyst', 'Analyst', $user_group, ' ARO');
$g_user_data_entry = $gacl_api->add_group('data_entry', 'Data Entry', $user_group, ' ARO');
$ws_group = $gacl_api->add_group('ws', 'WS', $root_aro, 'ARO');
// ARO sections
$gacl_api->add_object_section('Users', 'users', 1, 0, 'ARO');
//ARO values
$gacl_api->add_object('users', 'Admin', 'admin', 1, 0, 'ARO');
$gacl_api->add_object('users', 'User1', 'user1', 2, 0, 'ARO');
$gacl_api->add_object('users', 'User2', 'user2', 3, 0, 'ARO');
$gacl_api->add_object('users', 'User3', 'user3', 4, 0, 'ARO');
//ACO //
//ACO sections
$gacl_api->add_object_section('CRUD', 'crud', 1, 0, 'ACO');
$gacl_api->add_object_section('Access', 'access', 1, 0, 'ACO');
//ACO values
$gacl_api->add_object('access', 'Access', 'access', 1, 0, 'ACO');
$gacl_api->add_object('crud', 'Create', 'create', 1, 0, 'ACO');
$gacl_api->add_object('crud', 'Read', 'read', 2, 0, 'ACO');
$gacl_api->add_object('crud', 'Update', 'update', 3, 0, 'ACO');
$gacl_api->add_object('crud', 'Delete', 'delete', 4, 0, 'ACO');
// AXO //
$root_axo = $gacl_api->add_group('root', 'root', 0, 'AXO');
$gacl_api->add_group('modules', 'Modules', $root_axo, 'AXO');
$entity_group = $gacl_api->add_group('entities', 'Entities', $root_axo, 'AXO');
$g_entities_primary = $gacl_api->add_group('primary', 'Primary', $entity_group, 'AXO');
$g_entities_linking = $gacl_api->add_group('linking', 'Linking', $entity_group, 'AXO');
$g_entities_additional = $gacl_api->add_group('additional', 'Additional Details', $entity_group, 'AXO');
$g_events = $gacl_api->add_group('events', 'Events', $root_axo, 'AXO');
// AXO sections //
$gacl_api->add_object_section('Modules', 'modules', 1, 0, 'AXO');
$gacl_api->add_object_section('Entities', 'entities', 2, 0, 'AXO');
$gacl_api->add_object_section('Events', 'events', 3, 0, 'AXO');
// AXO values
$gacl_api->add_object('modules', 'Event', 'events', 1, 0, 'AXO');
$gacl_api->add_object('modules', 'Person', 'person', 2, 0, 'AXO');
$gacl_api->add_object('modules', 'Documents', 'docu', 3, 0, 'AXO');
$gacl_api->add_object('modules', 'Home', 'home', 4, 0, 'AXO');
$gacl_api->add_object('modules', 'Help', 'help', 5, 0, 'AXO');
$gacl_api->add_object('modules', 'Admin', 'admin', 6, 0, 'AXO');
$gacl_api->add_object('modules', 'Analysis', 'analysis', 7, 0, 'AXO');
$gacl_api->add_object('entities', 'Event', 'event', 1, 0, 'AXO');
$gacl_api->add_object('entities', 'Person', 'person', 2, 0, 'AXO');
$gacl_api->add_object('entities', 'Document', 'document', 3, 0, 'AXO');
$gacl_api->add_object('entities', 'Information', 'information', 4, 0, 'AXO');
$gacl_api->add_object('entities', 'Involvement', 'involvement', 5, 0, 'AXO');
$gacl_api->add_object('entities', 'Intervention', 'intervention', 6, 0, 'AXO');
$gacl_api->add_object('entities', 'Act', 'act', 7, 0, 'AXO');
$gacl_api->add_object('entities', 'Chain Of Events', 'chain_of_events', 8, 0, 'AXO');
$gacl_api->add_object('entities', 'Biographic Details', 'biographic_details', 9, 0, 'AXO');
// Add Groups
$gacl_api->add_group_object($g_entities_primary, 'entities', 'event', 'AXO');
$gacl_api->add_group_object($g_entities_primary, 'entities', 'person', 'AXO');
$gacl_api->add_group_object($g_entities_primary, 'entities', 'document', 'AXO');
$gacl_api->add_group_object($g_entities_linking, 'entities', 'act', 'AXO');
$gacl_api->add_group_object($g_entities_linking, 'entities', 'information', 'AXO');
$gacl_api->add_group_object($g_entities_linking, 'entities', 'intervention', 'AXO');
$gacl_api->add_group_object($g_entities_linking, 'entities', 'involvement', 'AXO');
$gacl_api->add_group_object($g_entities_linking, 'entities', 'chain_of_events', 'AXO');
$gacl_api->add_group_object($g_entities_additional, 'entities', 'biographic_details', 'AXO');
$gacl_api->add_group_object($g_user_admin, 'users', 'admin', 'ARO');
$gacl_api->add_group_object($g_user_data_entry, 'users', 'user1', 'ARO');
$gacl_api->add_group_object($g_user_analyst, 'users', 'user2', 'ARO');
$gacl_api->add_group_object($g_user_data_entry, 'users', 'user3', 'ARO');
// permissions
$gacl_api->add_acl(array('access' => array('access')), null, array($root_aro), array('modules' => array('home', 'help')));
$gacl_api->add_acl(array('access' => array('access')), null, array($g_user_admin), array('modules' => array('events', 'person', 'docu', 'analysis', 'admin')));
$gacl_api->add_acl(array('access' => array('access')), null, array($g_user_analyst), array('modules' => array('analysis')));
$gacl_api->add_acl(array('access' => array('access')), null, array($g_user_data_entry), array('modules' => array('person', 'events', 'docu')));
$gacl_api->add_acl(array('crud' => array('create', 'read', 'update', 'delete')), null, array($root_aro), array('entities' => array('person', 'event', 'act', 'information', 'intervention', 'involvement', 'chain_of_events', 'biographic_details')));
$gacl_api->add_acl(array('crud' => array('create', 'read', 'update', 'delete')), null, array($root_aro), null, array($g_events));
}
unset($result);
/*
* There, we now have the building blocks to start creating our ACL matrix from.
* Lets give John Doe access to login.
*
* add_acl($aco_array, $aro_array, $aro_group_ids=NULL, $axo_array=NULL, $axo_group_ids=NULL, $allow=1, $enabled=1, $return_value=NULL, $note=NULL, $acl_id=FALSE )
*/
//Associative array, with Object Section Value => array( Object Value ) pairs.
$aco_array = array('system' => array('login'));
$aro_array = array('users' => array('john_doe', 'jane_doe'));
$allow = TRUE;
$enabled = TRUE;
$return_value = NULL;
$note = "Allowing John and Jane Doe access to login!";
//The NULL values are for the more advanced options such as groups, and AXOs. Refer to the manual for more info.
$result = $gacl_api->add_acl($aco_array, $aro_array, NULL, NULL, NULL, $allow, $enabled, $return_value, $note);
if ($result !== FALSE) {
echo "Created our first ACL sucessfully. Click <a href=admin/acl_test.php>here</a> to see it in action!<br>\n";
} else {
echo "Error creating ACL.<br>\n";
}
unset($result);
echo "<br>\n<br>\n";
echo "-- Lets test our work --<br>\n";
/*
* Awesome, we've setup our ACL system just the way we want it. Now for the easy part,
* the code to check ACLs.
*
* Keep in the mind the API class does not need to be included in scripts that just
* check ACLs. This is for performance reasons of course.
*
foreach ($ACL_MAIN_MENU as $menu_name => $menu) {
$gacl_api->add_object_section($menu_name, $menu_name, $menu_count++, 0, 'ACO');
foreach ($menu as $submenu_name => $submenu) {
echo " * " . $submenu["name"] . " ...<br/>";
$gacl_api->add_object($menu_name, $submenu_name, $submenu_name, $submenu_count++, 0, "ACO");
}
$submenu_count = 1;
}
/* Groups */
echo "<br/>Setting up default admin user...<br/><br/>";
$groups['ossim'] = $gacl_api->add_group('ossim', 'OSSIM', 0, 'ARO');
$groups['users'] = $gacl_api->add_group(ACL_DEFAULT_USER_GROUP, 'Users', $groups['ossim'], 'ARO');
/* Default User */
$gacl_api->add_object_section('Users', ACL_DEFAULT_USER_SECTION, 1, 0, 'ARO');
$gacl_api->add_object(ACL_DEFAULT_USER_SECTION, 'Admin', ACL_DEFAULT_OSSIM_ADMIN, 1, 0, 'ARO');
$gacl_api->add_acl(array(ACL_DEFAULT_DOMAIN_SECTION => array(ACL_DEFAULT_DOMAIN_ALL)), array(ACL_DEFAULT_USER_SECTION => array(ACL_DEFAULT_OSSIM_ADMIN)));
// The upgrade system at include/classes/Upgrade_base.inc includes
// that file like: include 'http://foo/setup/ossim_acl.php'
// In this case, there is not HTTP_REFERER and btw we don't want to show
// this "go back" link.
if (isset($_SERVER['HTTP_REFERER'])) {
?>
<center>
<form><input type="button" class="button" onclick="document.location.href='<?php
echo $_SERVER['HTTP_REFERER'];
?>
'" value="<?php
echo _("Back");
?>
"/>
</form>
$id = $gacl_api->get_group_id($group->id, $group->id, 'ARO');
$gacl_api->del_group($id, true, 'ARO');
}
} else {
$usergroup->name = $_POST['name'];
$usergroup->description = $_POST['description'];
$aco_array = array();
$aco_array['system'] = array();
$aco_array['system'] = $_POST['permission'];
if ($op == 'creategroup') {
$usergroup->insertusergroup();
$id = $usergroup->getInsert_ID();
$group_id = $gacl_api->add_group($id, $id, 10, 'aro');
$arr_group = array();
$arr_group[] = $group_id;
$gacl_api->add_acl($aco_array, NULL, $arr_group, NULL, NULL, true, true, NULL, NULL);
} else {
$usergroup->id = $_POST['group_id'];
$usergroup->updateusergroup();
$group_id = $gacl_api->get_group_id($usergroup->id, $usergroup->id, 'aro');
$arr_group[] = $group_id;
$arr_acl = $gacl_api->search_acl('system', false, false, false, $usergroup->id, false, false, false, false);
// print_r($arr_acl);
if (count($arr_acl)) {
$gacl_api->edit_acl($arr_acl[0], $aco_array, NULL, $arr_group);
} else {
$gacl_api->add_acl($aco_array, NULL, $arr_group);
}
}
}
header("Location: index.php?op=grouplist");
require_once APPROOT . '3rd/Zend/ ' . $class_name . '.php';
}
if (file_exists(APPROOT . 'data/' . $class_name . '.php')) {
require_once APPROOT . 'data/' . $class_name . '.php';
}
}
}
spl_autoload_register(array('AutoLoadClass', '__autoload'));
//include(APPROOT.'3rd/phpgacl/gacl.class.php');
include APPROOT . '3rd/phpgacl/gacl_api.class.php';
include APPROOT . 'inc/handler_db.inc';
# $gacl= new gacl(array('db_host'=> $conf['db_host'] , 'db_name'=> $conf['db_name'] , 'db_user'=> $conf['db_user'], 'db_password'=> $conf['db_pass'] , 'db_table_prefix'=>'gacl_' , 'db_type'=> 'mysql' ));
# $gacl_api = new gacl_api(array('db_host'=> $conf['db_host'] , 'db_name'=> $conf['db_name'] , 'db_user'=> $conf['db_user'], 'db_password'=> $conf['db_pass'] , 'db_table_prefix'=>'gacl_' , 'db_type'=> 'mysql' ));
$gacl = new gacl(array('db' => $global['db'], 'db_table_prefix' => 'gacl_'));
$gacl_api = new gacl_api(array('db' => $global['db'], 'db_table_prefix' => 'gacl_'));
$root_aro = $gacl_api->get_group_id('root', 'OpenEvSysUser', 'ARO');
//var_dump('root_aro' , $root_aro); exit(0);
$root_axo = $gacl_api->get_group_id('root', 'root', 'AXO');
//var_dump($root_axo);
$g_person = $gacl_api->add_group('person', 'Person', $root_axo, 'AXO');
$gacl_api->add_object_section('Person', 'person', 3, 0, 'AXO');
$gacl_api->add_acl(array('access' => array('access')), null, array($root_aro), null, array($g_person));
$persons = Browse::getPersonConf();
//var_dump($persons); exit(0);
foreach ($persons as $person) {
acl_add_person($person['person_record_number']);
//if event is marked as confidential limit it to this user and admin.
if ($person['confidentiality'] == 'y') {
acl_set_person_permissions($person['person_record_number']);
}
}
public function act_permissions()
{
global $global;
include_once APPROOT . '3rd/phpgacl/gacl_api.class.php';
$gacl = new gacl_api(array('db' => $global['db'], 'db_table_prefix' => 'gacl_'));
//select role
$this->roles = acl_get_roles();
if (isset($_REQUEST['role'])) {
$this->role = $_REQUEST['role'];
}
//change role if requested
if (isset($_POST['change_role'])) {
$this->role = $_POST['role'];
}
if (!array_key_exists($this->role, $this->roles)) {
$this->role = key($this->roles);
}
$role_id = $gacl->get_group_id($this->role, NULL, 'ARO');
$role_name = $gacl->get_group_data($role_id, 'ARO');
$role_name = $role_name[3];
//list accessible modules
$options = $gacl->get_objects('crud', 0, 'ACO');
$this->crud = $options['crud'];
$group_id = $gacl->get_group_id('entities', 'Entities', 'AXO');
$entity_groups = $gacl->get_group_children($group_id, 'AXO', 'NO_RECURSE');
$this->entity_groups = array();
foreach ($entity_groups as $id) {
$group = $gacl->get_group_data($id, 'AXO');
$this->entity_groups[$group[2]] = _t($group[3]);
}
//get the deny list
$acl_list = array();
$this->select = array();
foreach ($this->entity_groups as $key => $group) {
$acl_id = $gacl->search_acl('crud', FALSE, FALSE, FALSE, $role_name, FALSE, FALSE, $group, FALSE);
if ($acl_id) {
$acl_list = array_merge($acl_list, $acl_id);
}
$acl = $gacl->get_acl($acl_id[0]);
if ($acl['allow'] == 0) {
$crud = $acl['aco']['crud'];
}
foreach ($this->crud as $opt) {
$this->select[$key . "_" . $opt] = true;
if (is_array($crud) && in_array($opt, $crud)) {
$this->select[$key . "_" . $opt] = false;
}
}
}
//list accessible entities
if ($_POST['change_permissions']) {
if ($this->role == 'admin') {
shnMessageQueue::addInformation(_t('YOU_CANNOT_CHANGE_THE_ADMINISTRATOR_PERMISSIONS_'));
} else {
$this->select = array();
foreach ($this->entity_groups as $key => $group) {
$crud = array();
foreach ($this->crud as $opt) {
if (!isset($_POST[$key . '_' . $opt])) {
array_push($crud, $opt);
}
$this->select[$key . "_" . $opt] = true;
if (is_array($crud) && in_array($opt, $crud)) {
$this->select[$key . "_" . $opt] = false;
}
}
$axo_id = $gacl->get_group_id($key, $group, 'AXO');
if (count($crud) > 0) {
$gacl->add_acl(array('crud' => $crud), NULL, array($role_id), NULL, array($axo_id), 0, 1);
}
}
//delete previous acls
foreach ($acl_list as $acl_id) {
$gacl->del_acl($acl_id);
}
}
}
}
function commit_update()
{
//set phpgacl options
$gacl_options = array('smarty_dir' => 'phpgacl/admin/smarty/libs', 'smarty_template_dir' => 'phpgacl/admin/templates', 'smarty_compile_dir' => AMP_SYSTEM_CACHE_PATH, 'db_type' => AMP_DB_TYPE, 'db_host' => AMP_DB_HOST, 'db_user' => AMP_DB_USER, 'db_password' => AMP_DB_PASS, 'db_name' => AMP_DB_NAME, 'db_table_prefix' => 'acl_');
if (!defined('AMP_SYSTEM_PERMISSIONS_LOADING')) {
define('AMP_SYSTEM_PERMISSIONS_LOADING', 1);
}
require_once 'phpgacl/gacl_api.class.php';
$gacl = new gacl_api($gacl_options);
//$gacl = AMP_acl( true );
$this->_upgrade_database('acl_');
$gacl->clear_database();
//ACOs
$aco_objects = array('view' => 'View', 'access' => 'Access', 'create' => 'Create', 'save' => 'Save', 'submit' => 'Submit', 'publish' => 'Publish', 'delete' => 'Delete');
$aco_sections = array('commands' => 'Commands');
$aco_complete_set = array('commands' => $aco_objects);
foreach ($aco_sections as $value => $name) {
$aco_section_id[$value] = $gacl->add_object_section($name, $value, 0, 0, 'ACO');
foreach ($aco_objects as $aco_value => $aco_name) {
$aco_id[$aco_value] = $gacl->add_object($value, $aco_name, $aco_value, 0, 0, 'ACO');
}
}
// AROs
$client_root_id = $gacl->add_group('clients', 'Clients', 0, 'ARO');
$admin_group = $gacl->add_group('admins', 'Admins', $client_root_id, 'ARO');
$users = AMP_lookup('admins');
$aro_sections = array('users' => 'Users');
foreach ($users as $id => $name) {
$aro_objects['user_' . $id] = $name;
}
foreach ($aro_sections as $value => $name) {
$gacl->add_object_section($name, $value, 0, 0, 'ARO');
}
foreach ($aro_objects as $value => $name) {
$aro_object_ids[$value] = $gacl->add_object('users', $name, $value, 0, 0, 'ARO');
$gacl->add_group_object($admin_group, 'users', $value, 'ARO');
}
//AXOs
$system_root = $gacl->add_group('system', 'AMP', 0, 'AXO');
$site_root = $gacl->add_group('site', AMP_SITE_NAME, $system_root, 'AXO');
$section_root = $gacl->add_object_section(AMP_SITE_NAME . ' Content', 'sections', 0, 0, 'AXO');
$section_order_ref = AMP_lookup('sectionMap');
require_once 'AMP/Content/Map/Complete.php';
$map = AMP_Content_Map_Complete::instance();
$map_result = $map->selectOptions();
$section_order_ref = $map_result;
$section_names_source = new AMPContentLookup_Sections();
//AMP_lookup( 'sections' );
$section_parents_source = new AMPContentLookup_SectionParents();
AMP_lookup('sectionParents');
$section_names = $section_names_source->dataset;
$section_parents = $section_parents_source->dataset;
if ($section_order_ref && $section_names) {
$sections = array_combine_key(array_keys($section_order_ref), $section_names);
$sections = array(AMP_CONTENT_MAP_ROOT_SECTION => AMP_SITE_NAME) + $sections;
} else {
$sections = array(AMP_CONTENT_MAP_ROOT_SECTION => AMP_SITE_NAME);
}
$axo_group_ids = array();
foreach ($sections as $id => $name) {
$parent_group_id = $site_root;
$parent_id_content = isset($section_parents[$id]) ? $section_parents[$id] : AMP_CONTENT_MAP_ROOT_SECTION;
if (isset($axo_group_ids[$parent_id_content])) {
$parent_group_id = $axo_group_ids[$parent_id_content];
}
$parent_group_id = $gacl->add_group('section_' . $id, $name, $parent_group_id, 'AXO');
$axo_group_ids['section'][$id] = $parent_group_id;
$axo_object_ids[$id] = $gacl->add_object('sections', $name, 'section_' . $id, 0, 0, 'AXO');
$gacl->add_group_object($parent_group_id, 'sections', 'section_' . $id, 'AXO');
}
//ACLs
$group_ids = AMP_lookup('permissionGroups');
foreach ($group_ids as $group_id => $group_name) {
$acl_group_id = $gacl->add_group('group_' . $group_id, $group_name, $admin_group, 'ARO');
$allowed_sections_lookup = new AMPSystemLookup_SectionsByGroup($group_id);
//AMP_lookup( 'sectionsByGroup', $group_id );
$allowed_sections = $allowed_sections_lookup->dataset;
$affected_users = AMP_lookup('usersByGroup', $group_id);
if (!$affected_users) {
continue;
}
foreach ($affected_users as $user_id => $user_name) {
$gacl->add_group_object($acl_group_id, 'users', 'user_' . $user_id, 'ARO');
}
if (!$allowed_sections) {
$allow_group = array($site_root);
} else {
$allow_group = array_combine_key(array_keys($allowed_sections), $axo_group_ids['section']);
}
$acl_id = $gacl->add_acl($aco_complete_set, array(), array($acl_group_id), array(), $allow_group, true, true);
}
$reg =& AMP_Registry::instance();
$reg->setEntry(AMP_REGISTRY_PERMISSION_MANAGER, $gacl);
$this->message('Permissions Update Successful');
AMP_cacheFlush(AMP_CACHE_TOKEN_LOOKUP);
return true;
}
