public static function processRule(App_Acl $acl, $role, $rule) { $resources = App_Util_String::cleanCsvParam($rule, 'resource', array()); $actions = App_Util_String::cleanCsvParam($rule, 'action', array()); if (isset($rule->fields) || isset($rule->default)) { if (isset($rule->default)) { if (filter_var($rule->default, FILTER_VALIDATE_BOOLEAN)) { $asserts = array(); } else { if (isset($rule->default)) { $asserts = 'NotAllowed'; } } $defaultActions = $actions; array_walk($defaultActions, function (&$item) { $item .= '_default'; }); self::createPermission($acl, $role, $resources, $defaultActions, $asserts); } $fields = App_Util_String::cleanCsvParam($rule, 'fields', array()); $newActions = array(); foreach ($fields as $field) { $fieldActions = $actions; array_walk($fieldActions, function (&$item) use($field) { $item .= '_' . $field; }); $newActions = array_merge($newActions, $fieldActions); } $actions = $newActions; } $asserts = App_Util_String::cleanCsvParam($rule, 'assert', array()); self::createPermission($acl, $role, $resources, $actions, $asserts); }
public function removePermissions($ns, $removes) { $mapper = PermissionMapper::getInstance(); $defualtRoles = $mapper->findAllRoles($ns); $defaultResources = $mapper->findAllResources($ns); foreach ($removes as $rule) { $roles = \App_Util_String::cleanCsvParam($rule, 'role', $defualtRoles); $resources = \App_Util_String::cleanCsvParam($rule, 'resource', null); if ($resources === null) { foreach ($roles as $role) { try { $mapper->removeRoleId($role, $ns); \App::log()->notice("Removed role '{$role}' on namespace '{$ns}'"); } catch (NotFoundException $ex) { } } continue; } $actions = \App_Util_String::cleanCsvParam($rule, 'action', array()); foreach ($roles as $role) { foreach ($resources as $resource) { if (empty($actions)) { $mapper->unsetResource($ns, $role, $resource); \App::log()->notice("Removed resource '{$resource}' for role '{$role}' on namespace '{$ns}'"); } else { foreach ($actions as $action) { $mapper->unsetPermission($ns, $role, $resource, $action); \App::log()->notice("Removed permission '{$action}' of resource '{$resource}' for role '{$role}' on namespace '{$ns}'"); } } } } } }