/** * Load role privileges * * @service * @anonym * @param Gpf_Rpc_Params $params * @return Gpf_Data_RecordSet */ public function loadRolePrivileges(Gpf_Rpc_Params $params) { if (!Gpf_Session::getAuthUser()->hasPrivilege(Gpf_Privileges::ROLE, Gpf_Privileges::P_READ) && !Gpf_Session::getAuthUser()->hasPrivilege(Gpf_Privileges::ROLE, Pap_Privileges::P_READ_OWN)) { throw new Gpf_Rpc_PermissionDeniedException('Gpf_Role_RolePrivilegesForm', 'loadRolePrivileges'); } $role = new Gpf_Db_Role(); $role->setId($params->get('roleid')); $role->load(); $defaultPrivileges = Gpf_Application::getInstance()->getDefaultPrivilegesByRoleType($role->getRoleType()); $result = new Gpf_Data_RecordSet(); $result->addColumn('object'); $result->addColumn('objectName'); $result->addColumn('possiblePrivileges'); $result->addColumn('activePrivileges'); $rolePrivileges = Gpf_Privileges::loadPrivileges($role->getId()); foreach ($defaultPrivileges->getDefaultPrivileges() as $object => $privileges) { $record = new Gpf_Data_Record($result->getHeader()); $record->add('object', $object); $record->add('objectName', ucfirst(str_replace('_', ' ', strtolower($object)))); $allTypes = $defaultPrivileges->getObjectToTypeRelation(); $record->add('possiblePrivileges', implode(',', $allTypes[$object])); if (array_key_exists($object, $rolePrivileges)) { $record->add('activePrivileges', implode(',', array_keys($rolePrivileges[$object]))); } else { $record->add('activePrivileges', ''); } $result->addRecord($record); } $result->sort('objectName'); return $result; }
/** * Validate Db_Row * * @param Gpf_DbEngine_Row $row * @throws Gpf_DbEngine_Row_ConstraintException */ public function validate(Gpf_DbEngine_Row $row) { $role = new Gpf_Db_Role(); $role->setId($row->getRoleId()); $role->load(); $select = new Gpf_SqlBuilder_SelectBuilder(); $select->select->add('r.' . Gpf_Db_Table_Roles::TYPE); $select->from->add(Gpf_Db_Table_Users::getName(), 'u'); $select->from->addInnerJoin(Gpf_Db_Table_Roles::getName(), 'r', 'u.' . Gpf_Db_Table_Users::ROLEID . '=r.' . Gpf_Db_Table_Roles::ID); $select->where->add('u.' . Gpf_Db_Table_Users::AUTHID, '=', $row->getAuthId()); $select->where->add('u.' . Gpf_Db_Table_Users::ACCOUNTID, '=', $row->getAccountId()); $select->where->add('r.' . Gpf_Db_Table_Roles::TYPE, '=', $role->getRoleType()); $select->where->add('u.' . Gpf_Db_Table_Users::ID, '<>', $row->getPrimaryKeyValue()); try { $select->getOneRow(); } catch (Gpf_DbEngine_NoRowException $e) { return; } catch (Gpf_DbEngine_TooManyRowsException $e) { } throw new Gpf_DbEngine_Row_ConstraintException('username', $this->_('Selected username already exists')); }
/** * @service role add * @return Gpf_Rpc_Form */ public function add(Gpf_Rpc_Params $params) { $form = new Gpf_Rpc_Form($params); $origRole = new Gpf_Db_Role(); $origRole->setId($form->getFieldValue('roleid')); $origRole->load(); $newRole = new Gpf_Db_Role(); $newRole->setName($form->getFieldValue('name')); $newRole->setAccountId(Gpf_Session::getInstance()->getAuthUser()->getAccountId()); $newRole->setRoleType($origRole->getRoleType()); $newRole->insert(); if (strlen($origRole->getAccountId())) { //it is custom role, copy privileges from db $select = new Gpf_SqlBuilder_SelectBuilder(); $select->select->addConstant($newRole->getId(), 'roleid'); $select->select->add(Gpf_Db_Table_RolePrivileges::OBJECT, Gpf_Db_Table_RolePrivileges::OBJECT); $select->select->add(Gpf_Db_Table_RolePrivileges::PRIVILEGE, Gpf_Db_Table_RolePrivileges::PRIVILEGE); $select->from->add(Gpf_Db_Table_RolePrivileges::getName()); $select->where->add(Gpf_Db_Table_Roles::ID, '=', $origRole->getId()); $insert = new Gpf_SqlBuilder_InsertBuilder(); $insert->setTable(Gpf_Db_Table_RolePrivileges::getInstance()); $insert->fromSelect($select); $insert->execute(); } else { //it is default role, copy privileges from php settings $privileges = Gpf_Application::getInstance()->getRoleDefaultPrivileges($origRole->getId()); foreach ($privileges as $objectName => $privilegeList) { foreach ($privilegeList as $right) { $privilege = new Gpf_Db_RolePrivilege(); $privilege->setRoleId($newRole->getId()); $privilege->setObject($objectName); $privilege->setPrivilege($right); $privilege->insert(); } } } return $form; }
/** * Return default privileges by role type * * @param string $roleType * @return Gpf_Privileges */ public function getDefaultPrivilegesByRoleType($roleType) { foreach ($this->rolePrivileges as $roleid => $className) { $objRole = new Gpf_Db_Role(); $objRole->setId($roleid); $objRole->load(); if ($objRole->getRoleType() == $roleType) { return new $className(); } } return false; }