/** * Edit a role and assign users and groups to this role * * @view /views/scripts/role/edit.phtml * @access public */ public function editAction() { $roleRow = new Admin_Model_DbRow_Role($this->dbRole->find($this->checkRoleIdParam())); $groups = array(); $users = array(); $inhterits = array(); foreach ($this->dbGroup->fetchAll() as $row) { $groups[] = new Admin_Model_DbRow_Group($row); } foreach ($this->dbUser->fetchAll() as $row) { $users[] = new Admin_Model_DbRow_User($row); } foreach ($this->dbRole->fetchAll() as $row) { $inherit = new Admin_Model_DbRow_Role($row); if ($inherit->get('id') !== $roleRow->get('id')) { $inhterits[] = $inherit; } } $form = new Admin_Form_Role_Edit($roleRow, $groups, $users, $inhterits); if ($this->getRequest()->isPost()) { if ($form->isValid($this->getRequest()->getParams())) { $selectedGroups = $form->getValue('groups'); $selectedUsers = $form->getValue('users'); $roleInheritance = $form->getValue('inherit'); $this->dbRole->update($roleRow->toDbArray(array('name', 'description')), $roleRow->get('id')); // delete current settings $this->dbRoleInherit->deleteWithRoleId($roleRow->get('id')); $this->dbRoleMember->deleteWithRoleId($roleRow->get('id')); // add the new setting foreach ($roleInheritance as $inherit) { // dont insert "no inheritance" in the database or self as inheritance if ($inherit == 0 || $inherit == $roleRow->get('id')) { continue; } $this->dbRoleInherit->insert($roleRow->get('id'), $inherit); } foreach ($selectedGroups as $group) { $this->dbRoleMember->insert($roleRow->get('id'), $group, Admin_Model_DbTable_Acl_RoleMember::MEMBER_TYPE_GROUP); } foreach ($selectedUsers as $user) { $this->dbRoleMember->insert($roleRow->get('id'), $user, Admin_Model_DbTable_Acl_RoleMember::MEMBER_TYPE_USER); } $this->_redirect('admin/role/index'); } } $form->getElement('groups')->setValue($this->dbRoleMember->getRoleBindingToId($roleRow->get('id'), Admin_Model_DbTable_Acl_RoleMember::MEMBER_TYPE_GROUP)); $form->getElement('users')->setValue($this->dbRoleMember->getRoleBindingToId($roleRow->get('id'), Admin_Model_DbTable_Acl_RoleMember::MEMBER_TYPE_USER)); $form->getElement('inherit')->setValue($this->dbRoleInherit->getInheritedRoles($roleRow->get('id'))); $this->view->form = $form; }
/** * loadthe Permissions for an action * * @return array */ public function loadActionPermissionsAction() { $ruleModel = new Admin_Model_DbTable_Acl_Rule(); $actionModel = new Admin_Model_DbTable_Acl_Action(); $roleModel = new Admin_Model_DbTable_Acl_Role(); $result = array(); $action = $actionModel->find($this->request->getParam('actionId', 0)); if ($action->count() === 1) { $actionRow = new Admin_Model_DbRow_Action($action->current()); foreach ($roleModel->fetchAll() as $role) { $role = new Admin_Model_DbRow_Role($role); $permissions = NULL; $permissions = $ruleModel->findRoleRules($role->get('id'), $actionRow->get('mcId'), $actionRow->get('id')); $aIdent = join("_", array($role->get('id'), $actionRow->get('mcId'), $actionRow->get('id'))); if ($permissions->count() > 0) { $permissions = new Admin_Model_DbRow_Rule($permissions->current()); if ($permissions->get('rule') === Admin_Model_DbTable_Acl_Rule::RULE_DB_ALLOW) { $rule = Admin_Model_DbTable_Acl_Rule::RULE_ALLOW; } elseif ($permissions->get('rule') === Admin_Model_DbTable_Acl_Rule::RULE_DB_DENY) { $rule = Admin_Model_DbTable_Acl_Rule::RULE_DENY; } else { $rule = -1; } $permissions->set('rule', $rule); } else { $permissions = new Admin_Model_DbRow_Rule(array('mcId' => $actionRow->get('mcId'), 'aId' => $actionRow->get('id'), 'roleId' => $role->get('id'), 'rule' => 0, 'roleName' => $role->get('name'))); } $result[] = array_merge(array('ident' => $aIdent, 'roleName' => $role->get('name')), $permissions->toJsonArray()); } return $this->responseSuccess(array('permissions' => $result)); } else { #FIXME: seems broken return $this->responseFailure('Failed Loading informations', 'Action Id is invalid'); } }