/**
* Inserts/Updates a permission in the access list
*
* @param string $roleName
* @param string $resourceName
* @param string $accessName
* @param integer $action
* @return boolean
* @throws \Phalcon\Acl\Exception
*/
protected function insertOrUpdateAccess($roleName, $resourceName, $accessName, $action)
{
/**
* Check if the access is valid in the resource
*/
$sql = "SELECT COUNT(*) FROM {$this->resourcesAccesses} WHERE resources_name = ? AND access_name = ?";
$exists = $this->connection->fetchOne($sql, null, [$resourceName, $accessName]);
if (!$exists[0]) {
throw new Exception("Access '{$accessName}' does not exist in resource '{$resourceName}' in ACL");
}
/**
* Update the access in access_list
*/
$sql = "SELECT COUNT(*) FROM {$this->accessList} " . " WHERE roles_name = ? AND resources_name = ? AND access_name = ?";
$exists = $this->connection->fetchOne($sql, null, [$roleName, $resourceName, $accessName]);
if (!$exists[0]) {
$sql = "INSERT INTO {$this->accessList} VALUES (?, ?, ?, ?)";
$params = [$roleName, $resourceName, $accessName, $action];
} else {
$sql = "UPDATE {$this->accessList} SET allowed = ? " . "WHERE roles_name = ? AND resources_name = ? AND access_name = ?";
$params = [$action, $roleName, $resourceName, $accessName];
}
$this->connection->execute($sql, $params);
/**
* Update the access '*' in access_list
*/
$sql = "SELECT COUNT(*) FROM {$this->accessList} " . "WHERE roles_name = ? AND resources_name = ? AND access_name = ?";
$exists = $this->connection->fetchOne($sql, null, [$roleName, $resourceName, '*']);
if (!$exists[0]) {
$sql = "INSERT INTO {$this->accessList} VALUES (?, ?, ?, ?)";
$this->connection->execute($sql, [$roleName, $resourceName, '*', $this->_defaultAccess]);
}
return true;
}
/**
* {@inheritdoc}
*
* @param string $sessionId
* @param string $data
* @return boolean
*/
public function write($sessionId, $data)
{
$options = $this->getOptions();
$row = $this->connection->fetchOne(sprintf('SELECT COUNT(*) FROM %s WHERE %s = ?', $this->connection->escapeIdentifier($options['table']), $this->connection->escapeIdentifier($options['column_session_id'])), Db::FETCH_NUM, [$sessionId]);
if (!empty($row) && intval($row[0]) > 0) {
return $this->connection->execute(sprintf('UPDATE %s SET %s = ?, %s = ? WHERE %s = ?', $this->connection->escapeIdentifier($options['table']), $this->connection->escapeIdentifier($options['column_data']), $this->connection->escapeIdentifier($options['column_modified_at']), $this->connection->escapeIdentifier($options['column_session_id'])), [$data, time(), $sessionId]);
} else {
return $this->connection->execute(sprintf('INSERT INTO %s (%s, %s, %s, %s) VALUES (?, ?, ?, NULL)', $this->connection->escapeIdentifier($options['table']), $this->connection->escapeIdentifier($options['column_session_id']), $this->connection->escapeIdentifier($options['column_data']), $this->connection->escapeIdentifier($options['column_created_at']), $this->connection->escapeIdentifier($options['column_modified_at'])), [$sessionId, $data, time()]);
}
}
/**
* {@inheritdoc}
*
* @param string $keyName
* @param string $lifetime
* @return bool
*/
public function exists($keyName = null, $lifetime = null)
{
$prefixedKey = $this->getPrefixedIdentifier($keyName);
$sql = "SELECT lifetime FROM {$this->table} WHERE key_name = ?";
$cache = $this->db->fetchOne($sql, Db::FETCH_ASSOC, [$prefixedKey]);
if (!$cache) {
return false;
}
// Remove the cache if expired
if ($cache['lifetime'] < time()) {
$this->db->execute("DELETE FROM {$this->table} WHERE key_name = ?", [$prefixedKey]);
return false;
}
return true;
}
/**
* Find if entity with those constraint is exist
*
* @return bool true if exist
*/
private function isEntityExist(array $field, $withField = [])
{
if (!$this->getOption('table')) {
throw new Exception("table option is required");
}
$query = "SELECT id FROM {$this->getOption('table')} WHERE {$field['id']} = '{$field['value']}'";
if (sizeof($withField) > 0) {
$query .= "AND {$withField['id']} = '{$withField['value']}'";
}
$result = $this->db->fetchOne($query);
// Check is it itself
// If yess, pass
$entity = $this->getOption('entity');
if ($entity) {
if (!property_exists($entity, 'id')) {
throw new Exception('Entity must have public id property');
}
// In datastore is itself, so pass
if ((int) $result['id'] === (int) $entity->id) {
return false;
}
}
return (bool) $result;
}
