/** * validacao se o controle está ativo * @param Zend_Acl_Resource_Interface $oResource * @param string $sPrivilegio */ protected function validaControleAtivo(Zend_Acl_Resource_Interface $oResource, $sPrivilegio) { $aIdentidadeControle = explode(':', $oResource->getResourceId()); $sIdentidadeControle = $aIdentidadeControle[1]; $sIdentidadeModulo = $aIdentidadeControle[0]; $oModulo = Administrativo_Model_Modulo::getByAttribute('identidade', $sIdentidadeModulo); $aControles = $oModulo->getControles(); foreach ($aControles as $oControle) { if ($oControle->getIdentidade() != $sIdentidadeControle) { continue; } if (!$oControle->getVisivel()) { return TRUE; } } return TRUE; }
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { $auth = Zend_Auth::getInstance(); if (!$auth->hasIdentity()) { return false; } $ident = $auth->getIdentity(); if ($resource->getResourceId() == 'projects_m_project') { foreach ($resource->Projects_Model_Leader as $leader) { if ($leader->user_id == $ident->id) { return true; } } return false; } else { $q = Doctrine_Query::create()->from('Projects_Model_Leader pl')->where('user_id = ?', $ident->id); if ($q->count()) { return true; } return false; } }
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { if (!$resource instanceof Issues_Model_Abstract) { throw new Issues_Model_Exception('Invalid resource for this assertion'); } list($resourceType, $resourceId) = explode('-', $resource->getResourceId()); if (!$resource->isPrivate()) { return $acl->isAllowed($role, $resourceType, $privilege); } $userService = Zend_Registry::get('Default_DiContainer')->getUserService(); $userRoles = $userService->getIdentity()->getRoles(); foreach ($userRoles as $i) { $roles[] = $i->getRoleId(); } $aclService = Zend_Registry::get('Default_DiContainer')->getAclService(); $records = $aclService->getResourceRecords($roles, $resourceType, $resourceId); if (count($records)) { return false; } else { return true; } }
/** * Returns the rules associated with a Resource and a Role, or null if no such rules exist * * If either $resource or $role is null, this means that the rules returned are for all Resources or all Roles, * respectively. Both can be null to return the default rule set for all Resources and all Roles. * * If the $create parameter is true, then a rule set is first created and then returned to the caller. * * @param Zend_Acl_Resource_Interface $resource * @param Zend_Acl_Role_Interface $role * @param boolean $create * @return array|null */ protected function &_getRules(Zend_Acl_Resource_Interface $resource = null, Zend_Acl_Role_Interface $role = null, $create = false) { // create a reference to null $null = null; $nullRef =& $null; // follow $resource do { if (null === $resource) { $visitor =& $this->_rules['allResources']; break; } $resourceId = $resource->getResourceId(); if (!isset($this->_rules['byResourceId'][$resourceId])) { if (!$create) { return $nullRef; } $this->_rules['byResourceId'][$resourceId] = array(); } $visitor =& $this->_rules['byResourceId'][$resourceId]; } while (false); // follow $role if (null === $role) { if (!isset($visitor['allRoles'])) { if (!$create) { return $nullRef; } $visitor['allRoles']['byPrivilegeId'] = array(); } return $visitor['allRoles']; } $roleId = $role->getRoleId(); if (!isset($visitor['byRoleId'][$roleId])) { if (!$create) { return $nullRef; } $visitor['byRoleId'][$roleId]['byPrivilegeId'] = array(); $visitor['byRoleId'][$roleId]['allPrivileges'] = array('type' => null, 'assert' => null); } return $visitor['byRoleId'][$roleId]; }
/** * Checks the Acl to see if this $user (role) can preform this $action on this $resource. If no specific rules have been defined for this $resource, the resource's type will be found * and it will be checked. * * @param string|Zend_Acl_Role_Interface $user The user to check * @param string|Zend_Acl_Resource_Interface $resource The resource to check * @param string $action The privilege to check * @return boolean */ function isAllowed($user, $resource, $action) { //Store role for use by assertions if ($user instanceof Zend_Acl_Role_Interface) { $this->acl->_entrada_last_query_role = $user; } else { $this->acl->_entrada_last_query_role = new Zend_Acl_Role($user); } //Grab resource ID and store resource for use by assertions if ($resource instanceof Zend_Acl_Resource_Interface) { $resource_id = $resource->getResourceId(); $this->acl->_entrada_last_query = $resource; } else { $resource_id = $resource; $this->acl->_entrada_last_query = new Zend_Acl_Resource($resource); } $resourcetype = preg_replace('/[0-9]+/', '', $resource_id); if ($this->acl->has($resource)) { return $this->acl->isAllowed($user, $resource, $action); } else { if ($this->acl->has($resourcetype)) { if ($resource instanceof Zend_Acl_Resource_Interface) { $resourcetype = $resource; $resourcetype->specific = false; } return $this->acl->isAllowed($user, $resourcetype, $action); } } return false; }
/** * Removes a Resource and all of its children * * The $resource parameter can either be a Resource or a Resource identifier. * * @param Zend_Acl_Resource_Interface|string $resource * @throws {@link Zend_Acl_Exception} * @return Zend_Acl Provides a fluent interface */ public function remove($resource) { if ($this->hasCachingAdapter()) { $this->_checkCaching(); } $resourceId = $resource instanceof Zend_Acl_Resource_Interface ? $resource->getResourceId() : (string) $resource; $this->_setResourceUnloaded($resourceId); $arrResources = $this->_getAdapter()->removeResource($resourceId); foreach ($arrResources as $resource) { if ($this->has($resource) && $resource != $resourceId) { parent::remove($role); } if ($this->hasResourceLoaded($resource)) { $this->_setResourceUnloaded($resource); } //Zum Cachen freigeben: if ($this->hasCachingAdapter()) { $this->_getCachingAdapter()->change(null, $resource); } } //Zum Cachen freigeben: if ($this->hasCachingAdapter()) { $this->_getCachingAdapter()->change(null, $resourceId); } return parent::remove($resourceId); }
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { global $db; //If asserting is off then return true right away if (isset($resource->assert) && $resource->assert == false || isset($acl->_entrada_last_query) && isset($acl->_entrada_last_query->assert) && $acl->_entrada_last_query->assert == false) { return true; } if (isset($resource->eform_id)) { $eform_id = $resource->eform_id; } else { if (isset($acl->_entrada_last_query->eform_id)) { $eform_id = $acl->_entrada_last_query->eform_id; } else { //Parse out the user ID and course ID $resource_id = $resource->getResourceId(); $resource_type = preg_replace('/[0-9]+/', "", $resource_id); if ($resource_type !== "evaluationform") { //This only asserts for users authoring evaluation forms. return false; } $eform_id = preg_replace('/[^0-9]+/', "", $resource_id); } } $role_id = $role->getRoleId(); $access_id = preg_replace('/[^0-9]+/', "", $role_id); $query = "SELECT `user_id` FROM `" . AUTH_DATABASE . "`.`user_access`\n\t\t\t\t\tWHERE `id` = " . $db->qstr($access_id); $user_id = $db->GetOne($query); if (!isset($user_id) || !$user_id) { $role_id = $acl->_entrada_last_query_role->getRoleId(); $access_id = preg_replace('/[^0-9]+/', "", $role_id); $query = "SELECT `user_id` FROM `" . AUTH_DATABASE . "`.`user_access`\n\t\t\t\t\t\tWHERE `id` = " . $db->qstr($access_id); $user_id = $db->GetOne($query); } $permissions = Models_Evaluation::getFormAuthorPermissions($eform_id); if ($permissions) { return true; } else { return false; } }
/** * <p>Lädt eine Resource.</p> * <p>Der zurückgegebene Array sieht ist wie folgt aufgebaut: * <code> * $array = array( * 0 => array( * 0 => 'resource1', * 1 => null * ), * 1 => array( * 0 => 'resource2', * 1 => null * ), * 2 => array( * 0 => 'resource3', * 1 => 'resource1' * ), * 3 => array( * 0 => 'resource4', * 1 => 'resource2' * ) * ); * </code> * </p> * @param Zend_Acl_Resource_Interface|string|null $resource * @return array */ public function loadResource($resource) { $resourceId = $resource instanceof Zend_Acl_Resource_Interface ? $resource->getResourceId() : (string) $resource; $arrResources = $this->_loadResources($resourceId); $arrReturn = array(); foreach ($arrResources as $arrResource) { $arrReturn[] = array(0 => $arrResource[$this->_getResourceColumn(self::RESOURCE_NAME)], 1 => isset($arrResource[$this->_getResourceColumn(self::RESOURCE_PARENT)]) ? $arrResource[$this->_getResourceColumn(self::RESOURCE_PARENT)] : null); } return $arrReturn; }