/**
* Edit a role and assign users and groups to this role
*
* @view /views/scripts/role/edit.phtml
* @access public
*/
public function editAction()
{
$roleRow = new Admin_Model_DbRow_Role($this->dbRole->find($this->checkRoleIdParam()));
$groups = array();
$users = array();
$inhterits = array();
foreach ($this->dbGroup->fetchAll() as $row) {
$groups[] = new Admin_Model_DbRow_Group($row);
}
foreach ($this->dbUser->fetchAll() as $row) {
$users[] = new Admin_Model_DbRow_User($row);
}
foreach ($this->dbRole->fetchAll() as $row) {
$inherit = new Admin_Model_DbRow_Role($row);
if ($inherit->get('id') !== $roleRow->get('id')) {
$inhterits[] = $inherit;
}
}
$form = new Admin_Form_Role_Edit($roleRow, $groups, $users, $inhterits);
if ($this->getRequest()->isPost()) {
if ($form->isValid($this->getRequest()->getParams())) {
$selectedGroups = $form->getValue('groups');
$selectedUsers = $form->getValue('users');
$roleInheritance = $form->getValue('inherit');
$this->dbRole->update($roleRow->toDbArray(array('name', 'description')), $roleRow->get('id'));
// delete current settings
$this->dbRoleInherit->deleteWithRoleId($roleRow->get('id'));
$this->dbRoleMember->deleteWithRoleId($roleRow->get('id'));
// add the new setting
foreach ($roleInheritance as $inherit) {
// dont insert "no inheritance" in the database or self as inheritance
if ($inherit == 0 || $inherit == $roleRow->get('id')) {
continue;
}
$this->dbRoleInherit->insert($roleRow->get('id'), $inherit);
}
foreach ($selectedGroups as $group) {
$this->dbRoleMember->insert($roleRow->get('id'), $group, Admin_Model_DbTable_Acl_RoleMember::MEMBER_TYPE_GROUP);
}
foreach ($selectedUsers as $user) {
$this->dbRoleMember->insert($roleRow->get('id'), $user, Admin_Model_DbTable_Acl_RoleMember::MEMBER_TYPE_USER);
}
$this->_redirect('admin/role/index');
}
}
$form->getElement('groups')->setValue($this->dbRoleMember->getRoleBindingToId($roleRow->get('id'), Admin_Model_DbTable_Acl_RoleMember::MEMBER_TYPE_GROUP));
$form->getElement('users')->setValue($this->dbRoleMember->getRoleBindingToId($roleRow->get('id'), Admin_Model_DbTable_Acl_RoleMember::MEMBER_TYPE_USER));
$form->getElement('inherit')->setValue($this->dbRoleInherit->getInheritedRoles($roleRow->get('id')));
$this->view->form = $form;
}
/**
* loadthe Permissions for an action
*
* @return array
*/
public function loadActionPermissionsAction()
{
$ruleModel = new Admin_Model_DbTable_Acl_Rule();
$actionModel = new Admin_Model_DbTable_Acl_Action();
$roleModel = new Admin_Model_DbTable_Acl_Role();
$result = array();
$action = $actionModel->find($this->request->getParam('actionId', 0));
if ($action->count() === 1) {
$actionRow = new Admin_Model_DbRow_Action($action->current());
foreach ($roleModel->fetchAll() as $role) {
$role = new Admin_Model_DbRow_Role($role);
$permissions = NULL;
$permissions = $ruleModel->findRoleRules($role->get('id'), $actionRow->get('mcId'), $actionRow->get('id'));
$aIdent = join("_", array($role->get('id'), $actionRow->get('mcId'), $actionRow->get('id')));
if ($permissions->count() > 0) {
$permissions = new Admin_Model_DbRow_Rule($permissions->current());
if ($permissions->get('rule') === Admin_Model_DbTable_Acl_Rule::RULE_DB_ALLOW) {
$rule = Admin_Model_DbTable_Acl_Rule::RULE_ALLOW;
} elseif ($permissions->get('rule') === Admin_Model_DbTable_Acl_Rule::RULE_DB_DENY) {
$rule = Admin_Model_DbTable_Acl_Rule::RULE_DENY;
} else {
$rule = -1;
}
$permissions->set('rule', $rule);
} else {
$permissions = new Admin_Model_DbRow_Rule(array('mcId' => $actionRow->get('mcId'), 'aId' => $actionRow->get('id'), 'roleId' => $role->get('id'), 'rule' => 0, 'roleName' => $role->get('name')));
}
$result[] = array_merge(array('ident' => $aIdent, 'roleName' => $role->get('name')), $permissions->toJsonArray());
}
return $this->responseSuccess(array('permissions' => $result));
} else {
#FIXME: seems broken
return $this->responseFailure('Failed Loading informations', 'Action Id is invalid');
}
}
