/**
* Initialize the ACL service
*
* @return Module
*/
public function initAcl()
{
$roles = Table\Roles::findAll()->rows();
$resources = $this->application->config()['resources'];
foreach ($roles as $role) {
$roleName = str_replace(' ', '-', strtolower(str_replace(' ', '-', $role->name)));
$resources['role-' . $role->id . '|role-' . $roleName] = ['edit', 'remove'];
$resources['users-of-role-' . $role->id . '|users-of-role-' . $roleName] = ['index', 'add', 'edit', 'remove'];
}
$this->application->mergeConfig(['resources' => $resources]);
foreach ($this->application->config()['resources'] as $resource => $permissions) {
if (strpos($resource, '|') !== false) {
$resource = substr($resource, 0, strpos($resource, '|'));
}
$this->application->getService('acl')->addResource(new Resource($resource));
}
$allRoles = [];
foreach ($roles as $role) {
$r = new Role($role->name);
$allRoles[$role->id] = $r;
$this->application->getService('acl')->addRole($r);
if (null !== $role->permissions) {
$role->permissions = unserialize($role->permissions);
}
if (null === $role->permissions || is_array($role->permissions) && count($role->permissions) == 0) {
$this->application->getService('acl')->allow($role->name);
} else {
if (count($role->permissions['allow']) > 0) {
foreach ($role->permissions['allow'] as $allow) {
$this->application->getService('acl')->allow($role->name, $allow['resource'], $allow['permission']);
}
} else {
$this->application->getService('acl')->allow($role->name);
}
if (count($role->permissions['deny']) > 0) {
foreach ($role->permissions['deny'] as $deny) {
$this->application->getService('acl')->deny($role->name, $deny['resource'], $deny['permission']);
}
}
}
}
// Set up parent/child roles
foreach ($allRoles as $id => $child) {
$r = Table\Roles::findById($id);
if (isset($r->id) && null !== $r->parent_id && isset($allRoles[$r->parent_id])) {
$child->setParent($allRoles[$r->parent_id]);
}
}
// Set the acl in the nav objects
$this->application->getService('nav.top')->setAcl($this->application->getService('acl'));
if ($this->application->services()->isAvailable('nav.fluid')) {
$this->application->getService('nav.fluid')->setAcl($this->application->getService('acl'));
}
if ($this->application->services()->isAvailable('nav.static')) {
$this->application->getService('nav.static')->setAcl($this->application->getService('acl'));
}
return $this;
}
/**
* Login a user
*
* @param mixed $user
* @param \Pop\Session\Session $sess
* @param array $config
* @return void
*/
public function login($user, $sess, $config)
{
$user->failed_attempts = 0;
$user->total_logins++;
$user->save();
$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';
$ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
$session = new Session();
$session->login($user->id, $ip, $ua);
$session->start($user->id, $sess->getId(), $ip, $ua);
$cookie = Cookie::getInstance(['path' => '/']);
$cookie->set('pop_session', 1);
if ((int) $config['session_timeout'] > 0) {
$cookie->delete('pop_session_timeout');
$cookie->set('pop_session_timeout', (int) $config['session_timeout'] * 60);
if ((int) $config['timeout_warning'] > 0) {
$cookie->delete('pop_timeout_warning');
$cookie->set('pop_timeout_warning', (int) $config['timeout_warning']);
}
}
$role = Table\Roles::findById($user->role_id);
$sess->user = new \ArrayObject(['id' => $user->id, 'sess_id' => $session->id, 'role_id' => $user->role_id, 'role' => $role->name, 'username' => $user->username, 'email' => $user->email, 'last_login' => $user->last_login, 'last_ip' => $user->last_ip], \ArrayObject::ARRAY_AS_PROPS);
}
/**
* Remove user role(s)
*
* @param array $post
* @return void
*/
public function remove(array $post)
{
if (isset($post['rm_roles'])) {
foreach ($post['rm_roles'] as $id) {
$role = Table\Roles::findById((int) $id);
if (isset($role->id)) {
$role->delete();
}
}
}
}