protected function loadMigrated()
{
$db = $this->db;
isset($this->sql[$sqlKey = 'load_migrated']) or $this->sql[$sqlKey] = strtr('SELECT * FROM `table`', ['`table`' => $db->escapeIdentifier($this->table)]);
$this->rawMigrated = $this->db->fetchAll($this->sql[$sqlKey]);
foreach ($this->rawMigrated as $row) {
$this->migrated[$row['file']] = $row['run_at'];
}
return $this;
}
/**
* Check whether a role is allowed to access an action from a resource
*
* <code>
* //Does Andres have access to the customers resource to create?
* $acl->isAllowed('Andres', 'Products', 'create');
*
* //Do guests have access to any resource to edit?
* $acl->isAllowed('guests', '*', 'edit');
* </code>
*
* @param string $roleName
* @param string $resourceName
* @param mixed $accessName
* @return boolean
*/
public function isAllowed($roleName, $resourceName, $accessName)
{
$exists = $this->_db->fetchOne('SELECT id FROM ' . $this->_options['roles'] . " WHERE name = ?", null, [$roleName]);
if (!array_key_exists(0, $exists)) {
throw new \Engine\Exception("Role '" . $roleName . "' does not exist in ACL");
}
$roleId = $exists[0];
$exists = $this->_db->fetchOne('SELECT id FROM ' . $this->_options['resources'] . " WHERE name = ?", null, [$resourceName]);
if (!$exists[0]) {
throw new \Engine\Exception("Resource '" . $resourceName . "' does not exist in ACL");
}
$resourceId = $exists[0];
$sql = 'SELECT id FROM ' . $this->_options['resourcesAccesses'] . " WHERE resource_id = ? AND name = ?";
$exists = $this->_db->fetchOne($sql, null, [$resourceId, $accessName]);
if (!$exists[0]) {
throw new \Engine\Exception("Access '" . $accessName . "' does not exist in resource '" . $resourceName . "' in ACL");
}
$accessId = $exists[0];
$sql = 'SELECT id FROM ' . $this->_options['resourcesAccesses'] . " WHERE resource_id = ? AND name = ?";
$exists = $this->_db->fetchOne($sql, null, [$resourceId, '*']);
if (!$exists[0]) {
throw new \Engine\Exception("Access '*' does not exist in resource '" . $resourceName . "' in ACL");
}
$accessIdZero = $exists[0];
/**
* Check if there is a specific rule for that resource/access
*/
$sql = 'SELECT allowed FROM ' . $this->_options['accessList'] . " WHERE role_id = ? AND resource_id = ? AND access_id = ?";
$allowed = $this->_db->fetchOne($sql, \Phalcon\Db::FETCH_NUM, [$roleId, $resourceId, $accessId]);
if (is_array($allowed)) {
return (int) $allowed[0];
}
/**
* Check if there is an common rule for that resource
*/
/*$sql = 'SELECT COUNT(*) FROM '.$this->_options['accessList']." WHERE role_id = ? AND resource_id = ? AND access_id = ?";
$allowed = $this->_db->fetchOne($sql, \Phalcon\Db::FETCH_NUM, [$roleId, $resourceId, $accessIdZero]);
if (is_array($allowed)) {
return (int) $allowed[0];
}*/
$sql = 'SELECT inherit_role_id FROM ' . $this->_options['rolesInherits'] . ' WHERE role_id = ?';
$inheritedRoles = $this->_db->fetchAll($sql, \Phalcon\Db::FETCH_NUM, [$roleId]);
/**
* Check inherited roles for a specific rule
*/
foreach ($inheritedRoles as $row) {
$sql = 'SELECT allowed FROM ' . $this->_options['accessList'] . " WHERE role_id = ? AND resource_id = ? AND access_id = ?";
$allowed = $this->_db->fetchOne($sql, \Phalcon\Db::FETCH_NUM, [$row[0], $resourceId, $accessId]);
if (is_array($allowed)) {
return (int) $allowed[0];
}
}
/**
* Check if there is a common rule for that access
*/
$exists = $this->_db->fetchOne('SELECT id FROM ' . $this->_options['resources'] . " WHERE name = ?", null, ['*']);
if (!$exists[0]) {
throw new \Engine\Exception("Resource '*' does not exist in ACL");
}
$resourceIdZero = $exists[0];
$sql = 'SELECT allowed FROM ' . $this->_options['accessList'] . " WHERE role_id = ? AND resource_id = ? AND access_id = ?";
$allowed = $this->_db->fetchOne($sql, \Phalcon\Db::FETCH_NUM, [$roleId, $resourceIdZero, $accessId]);
if (is_array($allowed)) {
return (int) $allowed[0];
}
/**
* Return the default access action
*/
return $this->_defaultAccess;
}
