Exemple #1
0
 /**
  * Ensures that there is at least an 'all' permission set for every resource
  * @return void
  */
 public static function create_permissions()
 {
     $actions = static::all_actions();
     $actions[] = 'all';
     $activeClasses = \CMF\Admin::activeClasses();
     $activeClasses['user_defined'] = array_keys(\Config::get('cmf.auth.resources', array()));
     $roles = Role::select('item')->getQuery()->getResult();
     $em = \D::manager();
     foreach ($activeClasses as $parent_class => $classes) {
         foreach ($classes as $class_name) {
             $count = intval(Permission::select("count(item)")->where("item.resource = '{$class_name}'")->andWhere("item.action = 'all'")->getQuery()->getSingleScalarResult());
             if ($count == 0) {
                 $permission = new Permission();
                 $permission->set('action', 'all');
                 $permission->set('resource', $class_name);
                 $em->persist($permission);
                 foreach ($roles as $role) {
                     $role->add('permissions', $permission);
                     $em->persist($role);
                 }
             }
         }
     }
     $em->flush();
 }
Exemple #2
0
 public function action_save_permissions($table_name, $role_id)
 {
     $class_name = \Admin::getClassForTable($table_name);
     if ($class_name === false) {
         return $this->show404(null, "type");
     }
     $post = \Input::post();
     $ids = array_keys($post);
     $role = \CMF\Model\Role::select('item')->where('item.id = ' . $role_id)->getQuery()->getResult();
     if (count($role) === 0) {
         return $this->show404(null, "role");
     } else {
         $role = $role[0];
     }
     $permissions = \CMF\Model\Permission::select('item')->leftJoin('item.roles', 'roles')->where("item.resource = '{$class_name}'")->andWhere("item.item_id IN(?1)")->andWhere("roles.id = {$role_id}")->setParameter(1, $ids)->getQuery()->getResult();
     $em = \D::manager();
     foreach ($permissions as $permission) {
         $actions = isset($post[$permission->item_id]) ? $post[$permission->item_id] : array();
         if (array_key_exists('all', $actions) && intval($actions['all']) === 1) {
             if ($permission->action != 'none') {
                 $em->remove($permission);
             }
             $actions = array('all' => 1);
         } elseif (!array_key_exists($permission->action, $actions) || intval($actions[$permission->action]) === 0) {
             if ($permission->action != 'none') {
                 $em->remove($permission);
             }
         }
         $post[$permission->item_id] = $actions;
     }
     foreach ($post as $item_id => $actions) {
         $passed = 0;
         foreach ($actions as $action => $action_value) {
             if ($action != 'all' && intval($action_value) === 1) {
                 $permission = \CMF\Auth::get_permission($action, $class_name, $item_id);
                 $role->add('permissions', $permission);
                 $passed++;
             } elseif ($action == 'all' && intval($action_value) === 1) {
                 $passed++;
             }
         }
         $none_permission = \CMF\Auth::get_permission('none', $class_name, $item_id);
         if ($passed === 0) {
             $role->add('permissions', $none_permission);
         } else {
             $em->remove($none_permission);
         }
     }
     $result = array('success' => true);
     try {
         $em->persist($role);
         $em->flush();
     } catch (\Exception $e) {
         $result['success'] = false;
     }
     return \Response::forge(json_encode($result), $this->status, $this->headers);
 }