/**
* PreDispatch method for ACL Plugin. It checks if current user has privileges for resources requested
* @see Zend_Controller_Plugin_Abstract::preDispatch()
* @param Zend_Controller_Request_Abstract $request
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
try {
$frontendOptions = array('lifetime' => 43200, 'automatic_serialization' => true);
$backendOptions = array('cache_dir' => APPLICATION_CACHE_PATH);
$cache = Zend_Cache::factory('Core', 'File', $frontendOptions, $backendOptions);
// fetch the current user
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$identity = $auth->getIdentity();
$objRole->id = $identity->role_id;
// get an instance of Zend_Session_Namespace used by Zend_Auth
#$authns = new Zend_Session_Namespace($auth->getStorage()->getNamespace());
// set an expiration on the Zend_Auth namespace where identity is held
#$authns->setExpirationSeconds(60 * 30); // expire auth storage after 30 min
} else {
$objRole->id = 3;
# guess
}
$cacheACL = false;
if ($cache->load('cacheACL_' . $objRole->id) && $cache->test('cacheACL_' . $objRole->id)) {
$cacheACL = $cache->load('cacheACL_' . $objRole->id);
}
if ($cacheACL == false) {
// set up acl
$acl = new Zend_Acl();
$mdlRole = new Acl_Model_Role();
$mdlResource = new Acl_Model_Resource();
$mdlPermission = new Acl_Model_Permission();
#$role = $mdlRole->createRow();
$acl->addRole(new Zend_Acl_Role($objRole->id));
$role = $mdlRole->find($objRole->id)->current();
#var_dump($role, $objRole->id);
#die();
if ($role == null) {
throw new Zend_Exception('Role not found');
}
$select = $mdlRole->select()->order('priority DESC')->limit(1);
$childRole = $role->findDependentRowset('Acl_Model_Role', null, $select)->current();
$resources = $mdlResource->getRegisteredList();
#if ( !$resources ) throw new Zend_Exception('Resources not available');
if ($resources->count() > 0) {
foreach ($resources as $resource) {
$resourceTemp = strtolower($resource->module . ':' . $resource->controller);
if (!$acl->has(new Zend_Acl_Resource($resourceTemp))) {
$acl->addResource(new Zend_Acl_Resource($resourceTemp));
}
}
} else {
throw new Zend_Exception('Resources not available');
}
if ($resources->count() > 0) {
foreach ($resources as $resource) {
$resourceTemp = strtolower($resource->module . ':' . $resource->controller);
$childPrivilege = $childRole ? $mdlPermission->getByResource($resource, $childRole) : null;
$rolePrivilege = $mdlPermission->getByResource($resource, $role);
if ($objRole->id < 2) {
$acl->allow($objRole->id, $resourceTemp, $resource->actioncontroller);
} elseif (!$childRole && !$rolePrivilege || strcasecmp($rolePrivilege->privilege, 'deny') == 0 || $childPrivilege && strcasecmp($childPrivilege->privilege, 'deny') == 0 && !$rolePrivilege) {
$acl->deny($objRole->id, $resourceTemp, $resource->actioncontroller);
} elseif (strcasecmp($rolePrivilege->privilege, 'allow') == 0 || $childPrivilege && strcasecmp($childPrivilege->privilege, 'allow') == 0 && !$rolePrivilege) {
$acl->allow($objRole->id, $resourceTemp, $resource->actioncontroller);
}
}
# foreach ( $resources as $resource )
}
# if ( $resources->count() > 0 )
$cache->save($acl, 'cacheACL_' . $objRole->id);
Zend_Registry::set('ZendACL', $acl);
} else {
Zend_Registry::set('ZendACL', $cacheACL);
}
Zend_Registry::set('cacheACL', $cache);
} catch (Exception $e) {
try {
$writer = new Zend_Log_Writer_Stream(APPLICATION_LOG_PATH . 'plugins.log');
$logger = new Zend_Log($writer);
$logger->log($e->getMessage(), Zend_Log::ERR);
} catch (Exception $e) {
}
}
}
/**
* Update action for permission controller
* @throws Zend_Exception
* @return NULL
*/
public function updateAction()
{
// action body
try {
$translate = Zend_Registry::get('Zend_Translate');
$roleId = $this->getRequest()->getParam('id', 0);
$mdlRole = new Acl_Model_Role();
$role = $mdlRole->find($roleId)->current();
if (!$role) {
throw new Exception($translate->translate("LBL_ROW_NOT_FOUND"));
}
#Zend_Debug::dump( $this->getRequest()->getParams() );
$mdlPermission = new Acl_Model_Permission();
#$resources = $this->getRequest()->getParam( 'hrs');
$hrs = new Zend_Session_Namespace('resourceDataIds');
$resources = $hrs->hrs;
zend_session::namespaceUnset('resourceDataIds');
$arrResources = explode(',', $resources);
#$mdlPermission->deleteByRole($role);
$permissions = $role->findDependentRowset('Acl_Model_Permission', 'Role');
foreach ($permissions as $perm) {
#$perm = $mdlPermission->find()->current();
$perm->delete();
}
foreach ($arrResources as $resourceId) {
#echo $this->getRequest()->getParam('cb_res_'.$resourceId, 'deny')."<br>";
$permission = $mdlPermission->createRow();
$permission->role_id = $role->id;
$permission->resource_id = $resourceId;
$permission->privilege = $this->getRequest()->getParam('cb_res_' . $resourceId, 'deny');
$permission->save();
}
/* @var $cache Zend_Cache_Backend_File */
$cache = Zend_Registry::get('cacheACL');
$mdlRole = new Acl_Model_Role();
$roles = $mdlRole->getList();
foreach ($roles as $role) {
if ($cache->test('cacheACL_' . $role->id)) {
$cache->remove('cacheACL_' . $role->id);
}
}
$this->_helper->flashMessenger->addMessage(array('type' => 'info', 'header' => '', 'message' => $translate->translate("LBL_CHANGES_SAVED")));
//$this->_helper->redirector( "manage", "permission", "acl", array('role'=>$role->id) );
$this->_helper->redirector("list", "role", "acl");
} catch (Exception $e) {
$this->_helper->flashMessenger->addMessage(array('type' => 'error', 'header' => '', 'message' => $e->getMessage()));
$this->_helper->redirector("list", "role", "acl");
}
return null;
}
