/**
*
* @param Admin_Model_DbRow_Controller $controller
*/
public function __construct(Admin_Model_DbRow_Controller $controller)
{
$this->addElements(array(new Zend_Form_Element_Text('module', array('ignore' => true, 'label' => 'Module:', 'attribs' => array('class' => 'text span-4', 'readonly' => 'true'), 'value' => $controller->get('moduleName'), 'order' => 1)), new Zend_Form_Element_Text('controller', array('ignore' => true, 'label' => 'Controller:', 'attribs' => array('class' => 'text span-4', 'readonly' => 'true'), 'value' => $controller->get('controllerName'), 'order' => 2)), new Zend_Form_Element_Text('action', array('ignore' => true, 'label' => 'Action:', 'attribs' => array('class' => 'text span-4', 'readonly' => 'true'), 'value' => '', 'order' => 3)), new Zend_Form_Element_Textarea('description', array('label' => 'Description:', 'filters' => array('StripTags'), 'attribs' => array('class' => 'text span-6'), 'order' => 4)), new Zend_Form_Element_Submit('saveBtn', array('label' => 'Save', 'order' => 10))));
parent::__construct();
}
/**
* Save the permissions for all actions of the given module/controller id
*
* @return array
* @todo need some error handling and returning the error to grid
* there are threads open in the extjs forums, that no error handling on .sync() is really working
*/
public function saveControllerPermissionsAction()
{
$contrModel = new Admin_Model_DbTable_Acl_ModuleController();
$ruleModel = new Admin_Model_DbTable_Acl_Rule();
$roleModel = new Admin_Model_DbTable_Acl_Role();
$actionModel = new Admin_Model_DbTable_Acl_Action();
$data = Zend_Json::decode($this->request->getParam('permissions', array()));
$return = array();
if (!is_array($data) || !empty($data['mcId'])) {
// if we have no array or the controller id is directly in the array
// we nest the array in an array to get the foreach to work
// extjs is sending object if only 1 row has changed and an array of object
// if multiple changes occure
$data = array($data);
}
foreach ($data as $el) {
$role = $roleModel->find($el['roleId']);
$controller = $contrModel->find($el['mcId']);
// not a controller provided or multiple controller found
if ($controller->count() !== 1) {
continue;
}
// not a roleId provided or multiple roles found
if ($role->count() !== 1) {
continue;
}
$controller = new Admin_Model_DbRow_Controller($controller->current());
$role = new Admin_Model_DbRow_Role($role->current());
if ($el['rule'] == Admin_Model_DbTable_Acl_Rule::RULE_DENY) {
$rule = Admin_Model_DbTable_Acl_Rule::RULE_DB_DENY;
} elseif ($el['rule'] == Admin_Model_DbTable_Acl_Rule::RULE_ALLOW) {
$rule = Admin_Model_DbTable_Acl_Rule::RULE_DB_ALLOW;
} else {
$rule = NULL;
}
$ruleModel->deleteWithControllerRole($controller->get('id'), $role->get('id'));
if ($rule !== NULL) {
// select all actions from this controller, and set the rule
foreach ($actionModel->findActionByControllerId($controller->get('id')) as $actionRow) {
$action = new Admin_Model_DbRow_Action($actionRow);
$ruleModel->addRule($controller->get('id'), $action->get('id'), $role->get('id'), $rule);
}
}
$return[] = array('ident' => join("_", array($role->get('id'), $controller->get('id'), $controller->get('controllerName'))), 'mcId' => $controller->get('id'), 'roleName' => $role->get('name'), 'roleId' => $role->get('id'), 'rule' => $el['rule']);
}
return array('success' => TRUE, 'message' => 'Successfully changed permissions', 'permissions' => $return);
}
/**
* Change the Status of a controller (enabled/disabled)
*
* @view views/scripts/controller/status.phtml
* @access public
*/
public function statusAction()
{
$ctrlRow = new Admin_Model_DbRow_Controller($this->dbCtrl->find($this->checkControllerIdParam()));
$ctrlRow->set('enabled', $ctrlRow->get('enabled') == 1 ? 0 : 1);
$this->dbCtrl->update($ctrlRow->toDbArray(array('enabled')), $ctrlRow->get('id'));
// disabled all actions too, they are relevant in the ACL
if ($ctrlRow->get('enabled') === 0) {
$actionRow = new Admin_Model_DbRow_Action(array('enabled' => 0));
$actionDbModel = new Admin_Model_DbTable_Acl_Action();
$actionDbModel->updateWithControllerId($actionRow->toDbArray(array('enabled')), $ctrlRow->get('id'));
}
$this->_redirect('admin/controller/index');
}
/**
* change to permission for this action
*
* @view views/scripts/action/permission.phtml
* @access public
*/
public function permissionAction()
{
$actionRow = new Admin_Model_DbRow_Action($this->dbAction->find($this->checkActionIdParam()));
$ctrlRow = new Admin_Model_DbRow_Controller($this->dbController->find($actionRow->get('mcId')));
$dbRoles = new Admin_Model_DbTable_Acl_Role();
$dbRules = new Admin_Model_DbTable_Acl_Rule();
$roles = array();
$rules = array();
$allowRules = array();
$denyRules = array();
foreach ($dbRoles->fetchActiveRoles() as $row) {
$roles[] = new Admin_Model_DbRow_Role($row);
}
foreach ($dbRules->fetchRulesForAction($actionRow->get('id')) as $row) {
$rules[] = new Admin_Model_DbRow_Rule($row);
}
foreach ($rules as $rule) {
if ($rule->get('rule') === Admin_Model_DbTable_Acl_Rule::RULE_DB_ALLOW) {
$allowRules[] = $rule->get('roleId');
} elseif ($rule->get('rule') === Admin_Model_DbTable_Acl_Rule::RULE_DB_DENY) {
$denyRules[] = $rule->get('roleId');
}
}
$form = new Admin_Form_Action_Permission($ctrlRow, $actionRow, $roles, $allowRules, $denyRules);
$form->setAction('/noc/admin/action/permission');
if ($this->getRequest()->isPost()) {
if ($form->isValid($this->getRequest()->getParams()) && $form->hasPermissionCollision($this->getRequest()) === FALSE) {
$dbRules->deleteByActionId($actionRow->get('id'));
$allow = (array) $form->getElement('rolesallow')->getValue();
$deny = (array) $form->getElement('rolesdeny')->getValue();
foreach ($allow as $roleId) {
$dbRules->addRule($ctrlRow->get('id'), $actionRow->get('id'), $roleId, Admin_Model_DbTable_Acl_Rule::RULE_DB_ALLOW);
}
foreach ($deny as $roleId) {
$dbRules->addRule($ctrlRow->get('id'), $actionRow->get('id'), $roleId, Admin_Model_DbTable_Acl_Rule::RULE_DB_DENY);
}
$this->_redirect(sprintf('admin/action/index/control/%d/id/%d', $ctrlRow->get('id'), $actionRow->get('id')));
} else {
$form->addError('Mindestens eine Rolle wurde der Zugriff erlaubt und verweigert.');
}
}
$this->view->form = $form;
$this->view->controller = $ctrlRow;
}
