function OnPageLoad()
{
if (is_object($this->data_object)) {
echo new XhtmlElement('h1', Html::Encode('Delete role: ' . $this->data_object->getRoleName()));
} else {
echo new XhtmlElement('h1', 'Delete role');
$this->deleted = true;
}
if ($this->deleted) {
?>
<p>The role has been deleted.</p>
<p><a href="roles.php">View all roles</a></p>
<?php
} else {
?>
<p>Deleting a role cannot be undone.</p>
<p>Are you sure you want to delete this role?</p>
<form method="post" class="deleteButtons">
<div>
<input type="submit" value="Delete role" name="delete" />
<input type="submit" value="Cancel" name="cancel" />
</div>
</form>
<?php
$this->AddSeparator();
require_once 'stoolball/user-edit-panel.class.php';
$panel = new UserEditPanel($this->GetSettings(), 'this role');
$panel->AddLink('edit this role', "role.php?item=" . $this->data_object->getRoleId());
echo $panel;
}
}
public function testMostSpecificRuleAppliesIfNoExactRuleIsFound()
{
$this->repository->addRule($this->role1, $this->resource1, true);
$this->repository->addRule($this->role1, $this->resource2, false);
$rule = $this->repository->getMostApplyingRule($this->role2, $this->resource2);
$this->assertSame($this->role1->getRoleId(), $rule->getRoleId());
$this->assertSame($this->resource2->getResourceId(), $rule->getResourceId());
}
/**
* Returns the rule, that applies most to $role and $resource
*
* @param \gatekeeper\Role $role Role to search for
* @param \gatekeeper\Resource $resource Resource to search for
* @return \gatekeeper\Rule
* @throws \gatekeeper\ThereIsNoApplyingRuleException if the is no applying
* rule
*/
public function getMostApplyingRule(Role $role, Resource $resource)
{
do {
$roleId = $role->getRoleId();
foreach ($this->getRules() as $rule) {
if ($rule->getRoleId() !== $roleId) {
continue;
}
$tmpResource = $resource;
do {
/// Perhaps breadth first search?!
$resourceId = $tmpResource->getResourceId();
if ($rule->getResourceId() === $resourceId) {
return $rule;
}
try {
$tmpResource = $tmpResource->getParentResource();
} catch (HasNoParentResourceException $e) {
$tmpResource = null;
}
} while ($tmpResource !== null);
}
try {
$role = $role->getParentRole();
} catch (HasNoParentRoleException $e) {
$role = null;
}
} while ($role !== null);
throw new ThereIsNoApplyingRuleException();
}
/**
* Returns the rules associated with a Resource and a Role, or null if no such rules exist
*
* If either $resource or $role is null, this means that the rules returned are for all Resources or all Roles,
* respectively. Both can be null to return the default rule set for all Resources and all Roles.
*
* If the $create parameter is true, then a rule set is first created and then returned to the caller.
*
* @param Zend\Acl\Resource $resource
* @param Zend\Acl\Role $role
* @param boolean $create
* @return array|null
*/
protected function &_getRules(Resource $resource = null, Role $role = null, $create = false)
{
// create a reference to null
$null = null;
$nullRef =& $null;
// follow $resource
do {
if (null === $resource) {
$visitor =& $this->_rules['allResources'];
break;
}
$resourceId = $resource->getResourceId();
if (!isset($this->_rules['byResourceId'][$resourceId])) {
if (!$create) {
return $nullRef;
}
$this->_rules['byResourceId'][$resourceId] = array();
}
$visitor =& $this->_rules['byResourceId'][$resourceId];
} while (false);
// follow $role
if (null === $role) {
if (!isset($visitor['allRoles'])) {
if (!$create) {
return $nullRef;
}
$visitor['allRoles']['byPrivilegeId'] = array();
}
return $visitor['allRoles'];
}
$roleId = $role->getRoleId();
if (!isset($visitor['byRoleId'][$roleId])) {
if (!$create) {
return $nullRef;
}
$visitor['byRoleId'][$roleId]['byPrivilegeId'] = array();
}
return $visitor['byRoleId'][$roleId];
}
/**
* Exclude object from result
*
* @param Role $role Object to remove from the list of results
*
* @return RoleQuery The current query, for fluid interface
*/
public function prune($role = null)
{
if ($role) {
$this->addUsingAlias(RolePeer::ROLE_ID, $role->getRoleId(), Criteria::NOT_EQUAL);
}
return $this;
}
/**
* Adds an object to the instance pool.
*
* Propel keeps cached copies of objects in an instance pool when they are retrieved
* from the database. In some cases -- especially when you override doSelect*()
* methods in your stub classes -- you may need to explicitly add objects
* to the cache in order to ensure that the same objects are always returned by doSelect*()
* and retrieveByPK*() calls.
*
* @param Role $value A Role object.
* @param string $key (optional) key to use for instance map (for performance boost if key was already calculated externally).
*/
public static function addInstanceToPool(Role $obj, $key = null)
{
if (Propel::isInstancePoolingEnabled()) {
if ($key === null) {
$key = (string) $obj->getRoleId();
}
// if key === null
self::$instances[$key] = $obj;
}
}
/**
* Saves a security role
* @param $role Role
*/
public function SaveRole(Role $role)
{
$roles = $this->GetSettings()->GetTable('Role');
$permissions_table = $this->GetSettings()->GetTable('PermissionRoleLink');
# if no id, it's a new object; otherwise update the object
if ($role->getRoleId()) {
$sql = "UPDATE {$roles} SET \r\n role = " . Sql::ProtectString($this->GetDataConnection(), $role->getRoleName()) . " \r\n WHERE role_id = " . Sql::ProtectNumeric($role->getRoleId());
$this->LoggedQuery($sql);
# Remove existing permissions
$sql = "DELETE FROM {$permissions_table} WHERE role_id = " . Sql::ProtectNumeric($role->getRoleId());
$this->LoggedQuery($sql);
} else {
$sql = "INSERT INTO {$roles} SET role = " . Sql::ProtectString($this->GetDataConnection(), $role->getRoleName());
$this->LoggedQuery($sql);
$role->setRoleId($this->GetDataConnection()->insertID());
}
# Add replacement permissions
$role_id = Sql::ProtectNumeric($role->getRoleId());
$permissions = $role->Permissions()->ToArray();
foreach ($permissions as $permission => $scopes) {
foreach ($scopes as $scope => $ignore_value) {
$resource_uri = $scope == PermissionType::GLOBAL_PERMISSION_SCOPE ? "NULL" : Sql::ProtectString($this->GetDataConnection(), $scope);
$sql = "INSERT INTO {$permissions_table} SET \r\n permission_id = " . Sql::ProtectNumeric($permission) . ",\r\n resource_uri = {$resource_uri}, \r\n role_id = {$role_id}";
$this->LoggedQuery($sql);
}
}
}
