/**
* Ensures that there is at least an 'all' permission set for every resource
* @return void
*/
public static function create_permissions()
{
$actions = static::all_actions();
$actions[] = 'all';
$activeClasses = \CMF\Admin::activeClasses();
$activeClasses['user_defined'] = array_keys(\Config::get('cmf.auth.resources', array()));
$roles = Role::select('item')->getQuery()->getResult();
$em = \D::manager();
foreach ($activeClasses as $parent_class => $classes) {
foreach ($classes as $class_name) {
$count = intval(Permission::select("count(item)")->where("item.resource = '{$class_name}'")->andWhere("item.action = 'all'")->getQuery()->getSingleScalarResult());
if ($count == 0) {
$permission = new Permission();
$permission->set('action', 'all');
$permission->set('resource', $class_name);
$em->persist($permission);
foreach ($roles as $role) {
$role->add('permissions', $permission);
$em->persist($role);
}
}
}
}
$em->flush();
}
public function action_save_permissions($table_name, $role_id)
{
$class_name = \Admin::getClassForTable($table_name);
if ($class_name === false) {
return $this->show404(null, "type");
}
$post = \Input::post();
$ids = array_keys($post);
$role = \CMF\Model\Role::select('item')->where('item.id = ' . $role_id)->getQuery()->getResult();
if (count($role) === 0) {
return $this->show404(null, "role");
} else {
$role = $role[0];
}
$permissions = \CMF\Model\Permission::select('item')->leftJoin('item.roles', 'roles')->where("item.resource = '{$class_name}'")->andWhere("item.item_id IN(?1)")->andWhere("roles.id = {$role_id}")->setParameter(1, $ids)->getQuery()->getResult();
$em = \D::manager();
foreach ($permissions as $permission) {
$actions = isset($post[$permission->item_id]) ? $post[$permission->item_id] : array();
if (array_key_exists('all', $actions) && intval($actions['all']) === 1) {
if ($permission->action != 'none') {
$em->remove($permission);
}
$actions = array('all' => 1);
} elseif (!array_key_exists($permission->action, $actions) || intval($actions[$permission->action]) === 0) {
if ($permission->action != 'none') {
$em->remove($permission);
}
}
$post[$permission->item_id] = $actions;
}
foreach ($post as $item_id => $actions) {
$passed = 0;
foreach ($actions as $action => $action_value) {
if ($action != 'all' && intval($action_value) === 1) {
$permission = \CMF\Auth::get_permission($action, $class_name, $item_id);
$role->add('permissions', $permission);
$passed++;
} elseif ($action == 'all' && intval($action_value) === 1) {
$passed++;
}
}
$none_permission = \CMF\Auth::get_permission('none', $class_name, $item_id);
if ($passed === 0) {
$role->add('permissions', $none_permission);
} else {
$em->remove($none_permission);
}
}
$result = array('success' => true);
try {
$em->persist($role);
$em->flush();
} catch (\Exception $e) {
$result['success'] = false;
}
return \Response::forge(json_encode($result), $this->status, $this->headers);
}
