/** * @param String $key * @return boolean */ public function isAllowed($key) { if (!$this->getPermission($key)) { // check roles foreach ($this->getRoles() as $roleId) { $role = User_Role::getById($roleId); if ($role->getPermission($key)) { return true; } } } return $this->getPermission($key); }
/** * find all elements which the user may not list and therefore may never be shown to the user * @param string $type asset|object|document * @return array */ public static function findForbiddenPaths($type, $user) { if ($user->isAdmin()) { return array(); } // get workspaces $workspaces = $user->{"getWorkspaces" . ucfirst($type)}(); foreach ($user->getRoles() as $roleId) { $role = User_Role::getById($roleId); $workspaces = array_merge($workspaces, $role->{"getWorkspaces" . ucfirst($type)}()); } $forbidden = array(); if (count($workspaces) > 0) { foreach ($workspaces as $workspace) { if (!$workspace->getList()) { $forbidden[] = $workspace->getCpath(); } } } else { $forbidden[] = "/"; } return $forbidden; }
public function roleGetAction() { $role = User_Role::getById(intval($this->_getParam("id"))); // workspaces $types = array("asset", "document", "object"); foreach ($types as $type) { $workspaces = $role->{"getWorkspaces" . ucfirst($type)}(); foreach ($workspaces as $workspace) { $el = Element_Service::getElementById($type, $workspace->getCid()); if ($el) { // direct injection => not nice but in this case ok ;-) $workspace->path = $el->getFullPath(); } } } // get available permissions $availableUserPermissionsList = new User_Permission_Definition_List(); $availableUserPermissions = $availableUserPermissionsList->load(); $this->_helper->json(array("success" => true, "role" => $role, "permissions" => $role->generatePermissionList(), "availablePermissions" => $availableUserPermissions)); }