/** * Retrieves the list of the roles that are available on the Environment */ public function describeAction() { $this->checkScopedPermissions('ROLES'); $r = new Entity\Role(); $re = new Entity\RoleEnvironment(); $ri = new Entity\RoleImage(); $criteria = []; $criteria[Entity\Role::STMT_DISTINCT] = true; $criteria[Entity\Role::STMT_FROM] = $r->table() . " LEFT JOIN " . $re->table() . " ON {$r->columnId} = {$re->columnRoleId}\n LEFT JOIN " . $ri->table() . " ON {$r->columnId} = {$ri->columnRoleId}"; switch ($this->getScope()) { case ScopeInterface::SCOPE_ENVIRONMENT: $criteria[Entity\Role::STMT_WHERE] = "({$r->columnAccountId} IS NULL AND {$ri->columnRoleId} IS NOT NULL\n OR {$r->columnAccountId} = '" . $this->getUser()->accountId . "' AND {$r->columnEnvId} IS NULL\n AND ({$re->columnEnvId} IS NULL OR {$re->columnEnvId} = '" . $this->getEnvironment()->id . "')\n OR {$r->columnEnvId} = '" . $this->getEnvironment()->id . "'\n ) AND {$r->columnGeneration} = 2"; break; case ScopeInterface::SCOPE_ACCOUNT: $criteria[Entity\Role::STMT_WHERE] = "({$r->columnAccountId} IS NULL AND {$ri->columnRoleId} IS NOT NULL OR " . "{$r->columnAccountId} = '" . $this->getUser()->accountId . "' AND {$r->columnEnvId} IS NULL) AND {$r->columnGeneration} = 2"; break; case ScopeInterface::SCOPE_SCALR: $criteria = [['envId' => null], ['accountId' => null]]; break; } return $this->adapter('role')->getDescribeResult($criteria); }
/** * Return array of environments where this role is allowed explicitly. * Empty array means everywhere. * * @return array Array of envId */ public function getAllowedEnvironments() { $r = new RoleEnvironment(); return $this->db()->GetCol("SELECT {$r->columnEnvId} FROM {$r->table()} WHERE {$r->columnRoleId} = ?", [$this->id]); }
/** * @param int $roleId * @param string $name * @param string $description * @param string $osId * @param int $catId * @param bool $isQuickStart * @param bool $isDeprecated * @param bool $isScalarized * @param JsonData $behaviors * @param JsonData $images * @param JsonData $scripts * @param JsonData $variables * @param JsonData $chef * @param JsonData $environments * @throws Exception * @throws Scalr_Exception_Core * @throws Scalr_Exception_InsufficientPermissions */ public function xSaveAction($roleId = 0, $name, $description, $osId, $catId, $isQuickStart = false, $isDeprecated = false, $isScalarized = true, JsonData $behaviors, JsonData $images, JsonData $scripts, JsonData $variables, JsonData $chef, JsonData $environments) { $this->request->restrictAccess('ROLES', 'MANAGE'); $accountId = $this->user->getAccountId() ?: NULL; if (!Role::isValidName($name)) { throw new Exception(_("Role name is incorrect")); } if (Role::isNameUsed($name, $accountId, $this->getEnvironmentId(true), $roleId)) { throw new Exception('Selected role name is already used. Please select another one.'); } if (!$catId) { throw new Exception('Role category is required'); } if ($roleId == 0) { if (!Os::findPk($osId)) { throw new Exception(sprintf('%s is not valid osId', $osId)); } $role = new Role(); $role->generation = 2; $role->origin = $this->user->isScalrAdmin() ? ROLE_TYPE::SHARED : ROLE_TYPE::CUSTOM; $role->accountId = $accountId; $role->envId = $this->getEnvironmentId(true); $role->name = $name; $role->catId = $catId; $role->osId = $osId; $role->isScalarized = $isScalarized ? 1 : 0; $role->addedByUserId = $this->user->getId(); $role->addedByEmail = $this->user->getEmail(); $role->setBehaviors((array) $behaviors); $role->save(); } else { $role = Role::findPk($roleId); if (!$role) { throw new Scalr_Exception_Core(sprintf(_("Role ID#%s not found in database"), $roleId)); } $this->request->checkPermissions($role, true); $role->name = $name; $role->catId = $catId; } $globalVariables = new Scalr_Scripting_GlobalVariables($this->user->getAccountId(), $this->getEnvironmentId(true), ScopeInterface::SCOPE_ROLE); $globalVariables->setValues($variables, $role->id); foreach (RoleProperty::find([['roleId' => $role->id], ['name' => ['$like' => ['chef.%']]]]) as $prop) { $prop->delete(); } foreach ($chef as $name => $value) { $prop = new RoleProperty(); $prop->roleId = $role->id; $prop->name = $name; $prop->value = $value; $prop->save(); } $role->description = $description; $role->isQuickStart = $isQuickStart; $role->isDeprecated = $isDeprecated; foreach ($images as $i) { if (isset($i['platform']) && isset($i['cloudLocation']) && isset($i['imageId'])) { $role->setImage($i['platform'], $i['cloudLocation'], $i['imageId'], $this->user->getId(), $this->user->getEmail()); } } $role->setScripts((array) $scripts); $role->save(); if ($this->request->getScope() == ScopeInterface::SCOPE_ACCOUNT) { foreach (RoleEnvironment::find([['roleId' => $roleId]]) as $re) { $re->delete(); } $accountEnvironments = []; $allowedEnvironments = []; foreach (Environment::find([['accountId' => $this->user->getAccountId()]]) as $env) { $accountEnvironments[] = $env->id; } foreach ($environments as $e) { if ($e['enabled'] == 1 && in_array($e['id'], $accountEnvironments)) { $allowedEnvironments[] = $e['id']; } } if (count($allowedEnvironments) < count($accountEnvironments)) { foreach ($allowedEnvironments as $id) { $re = new RoleEnvironment(); $re->roleId = $role->id; $re->envId = $id; $re->save(); } } } $this->response->data(['role' => $this->getInfo($role->id, true), 'categories' => $this->listRoleCategories(true)]); $this->response->success('Role saved'); }