private function installUser(\Pimcore\Model\User\Role $userRole)
{
$userM = new \Pimcore\Model\User();
$user = $userM->getByName('kunde');
if ($user !== FALSE) {
return $user;
}
$user = \Pimcore\Model\User::create(array('parentId' => 0, 'name' => 'kunde', 'password' => \Pimcore\Tool\Authentication::getPasswordHash('kunde', 'kunde'), 'active' => 1, 'language' => 'de', 'admin' => FALSE, 'roles' => array(0 => $userRole->getId())));
$user->save();
return $user;
}
public function roleGetAction()
{
$role = User\Role::getById(intval($this->getParam("id")));
// workspaces
$types = ["asset", "document", "object"];
foreach ($types as $type) {
$workspaces = $role->{"getWorkspaces" . ucfirst($type)}();
foreach ($workspaces as $workspace) {
$el = Element\Service::getElementById($type, $workspace->getCid());
if ($el) {
// direct injection => not nice but in this case ok ;-)
$workspace->path = $el->getRealFullPath();
}
}
}
// get available permissions
$availableUserPermissionsList = new User\Permission\Definition\Listing();
$availableUserPermissions = $availableUserPermissionsList->load();
$availablePerspectives = \Pimcore\Config::getAvailablePerspectives(null);
$this->_helper->json(["success" => true, "role" => $role, "permissions" => $role->generatePermissionList(), "classes" => $role->getClasses(), "docTypes" => $role->getDocTypes(), "availablePermissions" => $availableUserPermissions, "availablePerspectives" => $availablePerspectives]);
}
/** Returns a list of available perspectives for the given user
* @param Model\User $user
* @return array
*/
public static function getAvailablePerspectives($user)
{
$currentConfigName = null;
$masterConfig = self::getPerspectivesConfig()->toArray();
if ($user instanceof Model\User) {
if ($user->isAdmin()) {
$config = self::getPerspectivesConfig()->toArray();
} else {
$config = [];
$roleIds = $user->getRoles();
$userIds = [$user->getId()];
$userIds = array_merge($userIds, $roleIds);
foreach ($userIds as $userId) {
if (in_array($userId, $roleIds)) {
$userOrRoleToCheck = Model\User\Role::getById($userId);
} else {
$userOrRoleToCheck = Model\User::getById($userId);
}
$perspectives = $userOrRoleToCheck->getPerspectives();
if ($perspectives) {
foreach ($perspectives as $perspectiveName) {
$masterDef = $masterConfig[$perspectiveName];
if ($masterDef) {
$config[$perspectiveName] = $masterDef;
}
}
}
}
if (!$config) {
$config = self::getPerspectivesConfig()->toArray();
}
}
if ($config) {
$tmpConfig = [];
$validPerspectiveNames = array_keys($config);
// sort the stuff
foreach ($masterConfig as $masterConfigName => $masterConfiguration) {
if (in_array($masterConfigName, $validPerspectiveNames)) {
$tmpConfig[$masterConfigName] = $masterConfiguration;
}
}
$config = $tmpConfig;
}
$currentConfigName = $user->getActivePerspective();
if ($config && !in_array($currentConfigName, array_keys($config))) {
$currentConfigName = reset(array_keys($config));
}
} else {
$config = self::getPerspectivesConfig()->toArray();
}
$result = [];
foreach ($config as $configName => $configItem) {
$item = ["name" => $configName, "icon" => isset($configItem["icon"]) ? $configItem["icon"] : null, "iconCls" => isset($configItem["iconCls"]) ? $configItem["iconCls"] : null];
if ($user) {
$item["active"] = $configName == $currentConfigName;
}
$result[] = $item;
}
return $result;
}
/**
* find all elements which the user may not list and therefore may never be shown to the user
* @param string $type asset|object|document
* @return array
*/
public static function findForbiddenPaths($type, $user)
{
if ($user->isAdmin()) {
return array();
}
// get workspaces
$workspaces = $user->{"getWorkspaces" . ucfirst($type)}();
foreach ($user->getRoles() as $roleId) {
$role = Model\User\Role::getById($roleId);
$workspaces = array_merge($workspaces, $role->{"getWorkspaces" . ucfirst($type)}());
}
$forbidden = array();
if (count($workspaces) > 0) {
foreach ($workspaces as $workspace) {
if (!$workspace->getList()) {
$forbidden[] = $workspace->getCpath();
}
}
} else {
$forbidden[] = "/";
}
return $forbidden;
}
/**
* @param String $key
* @return boolean
*/
public function isAllowed($key, $type = "permission")
{
if ($this->isAdmin()) {
return true;
}
if ($type == "permission") {
if (!$this->getPermission($key)) {
// check roles
foreach ($this->getRoles() as $roleId) {
$role = User\Role::getById($roleId);
if ($role->getPermission($key)) {
return true;
}
}
}
return $this->getPermission($key);
} elseif ($type == "class") {
$classes = $this->getClasses();
foreach ($this->getRoles() as $roleId) {
$role = User\Role::getById($roleId);
$classes = array_merge($classes, $role->getClasses());
}
if (!empty($classes)) {
return in_array($key, $classes);
} else {
return true;
}
} elseif ($type == "docType") {
$docTypes = $this->getDocTypes();
foreach ($this->getRoles() as $roleId) {
$role = User\Role::getById($roleId);
$docTypes = array_merge($docTypes, $role->getDocTypes());
}
if (!empty($docTypes)) {
return in_array($key, $docTypes);
} else {
return true;
}
} elseif ($type == "perspective") {
//returns true if required perspective is allowed to use by the user
return in_array($key, $this->getMergedPerspectives());
}
return false;
}
