public function assert(Core_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { $auth = Zend_Auth::getInstance(); if (!$auth->hasIdentity()) { return false; } $controller = Controlador::getInstance(); $usuario = $controller->usuario; $somenteUltimo = false; $contexto = $resource->getContexto($somenteUltimo); // Se houver um contexto, e o usuario tem permissao para o recurso if (!is_null($contexto)) { // Checa se o usuario tem permissao de acessar o recurso if (!$controller->cache->test('privilegio_' . $usuario->ID . '_' . $resource->id)) { // não existe o cache, pegar o valor do banco $privilegio = DaoRecurso::getPrivilegioByUsuario($usuario, $resource); $controller->cache->save($privilegio, 'privilegio_' . $usuario->ID . '_' . $resource->id, array('acl_usuario_' . $usuario->ID, 'acl_unidade_' . $usuario->ID_UNIDADE)); } else { $privilegio = $controller->cache->load('privilegio_' . $usuario->ID . '_' . $resource->id); } if ($privilegio) { foreach ($contexto as $umContexto) { // checa se o objeto do contexto tem a mesma area de trabalho do usuario if ($umContexto['id_unid_area_trabalho'] == $usuario->ID_UNIDADE) { return true; } } } } return false; }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { switch (true) { case $resource instanceof CommercialGroupModel: //return the restricted boolean value of the commercial group return $resource->getRestricted(); } }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } if (!$resource instanceof App_ListFilter) { throw new Exception('Resource must be an instance of App_ListFilter'); } $filter = $resource->getOneFilterByFieldName(SimFilterFields::SERVICE_PROVIDER_COMM); if (!$filter) { return false; } return $filter->getValue() == $role->getOrganizationId(); }
/** * This assertion should receive the actual User objects. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $user * @param Zend_Acl_Resource_Interface $model * @param $privilege * @return bool */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $user = null, Zend_Acl_Resource_Interface $model = null, $privilege = null) { $feedbackId = $model->getFeedbackId(); //$request = Zend_Controller_Front::getInstance()->getRequest(); //$param = $request->getParam('id'); $post = $model->getPostArray(); // posted feedback id $param = $post['id']; // check if posted feedbackId is the same as feedbackId retrieved from cookie if ($param !== null && $param == $feedbackId) { return true; } else { return false; } }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } if (!$resource instanceof UserModel) { throw new Exception('Resource must be an instance of UserModel'); } return $role->getRoleId() === $resource->getRoleId(); }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } if (!$resource instanceof OrgModelAbstract) { throw new Exception('Resource must be an instance of OrgModelAbstract'); } $type = $resource->getType(); if (!isset($this->_types[$type])) { throw new Exception('Resource has an undefined organization type'); } $org = $role->getOrganization(); $orgType = $org->getType(); return $this->_diff($this->_types[$orgType], $this->_types[$type]); }
/** * validacao se o controle está ativo * @param Zend_Acl_Resource_Interface $oResource * @param string $sPrivilegio */ protected function validaControleAtivo(Zend_Acl_Resource_Interface $oResource, $sPrivilegio) { $aIdentidadeControle = explode(':', $oResource->getResourceId()); $sIdentidadeControle = $aIdentidadeControle[1]; $sIdentidadeModulo = $aIdentidadeControle[0]; $oModulo = Administrativo_Model_Modulo::getByAttribute('identidade', $sIdentidadeModulo); $aControles = $oModulo->getControles(); foreach ($aControles as $oControle) { if ($oControle->getIdentidade() != $sIdentidadeControle) { continue; } if (!$oControle->getVisivel()) { return TRUE; } } return TRUE; }
/** * This assertion should receive the actual Presentation objects. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $user * @param Zend_Acl_Resource_Interface $model * @param $privilege * @return bool */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $user = null, Zend_Acl_Resource_Interface $model = null, $privilege = null) { if ($user) { $presentations = $user->getMyPresentations(); } else { return false; } $request = Zend_Controller_Front::getInstance()->getRequest(); $param = $request->getParam('id') ? $request->getParam('id') : $request->getParam('presentation_id'); $presentation = $model->getPresentationById($param); // perform check if ($param !== null && $presentation->isBeforeEditDeadline() && in_array((int) $param, $presentations, true)) { return true; } else { return false; } }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof Model\UserModel) { throw new Exception('Role must be an instance of UserModel'); } switch (true) { case $resource instanceof \Application\Model\Organization\OrgServiceProviderModel: case $resource instanceof \Application\Model\Organization\OrgCustomerModel: return $resource->getSubscriptionCount() === 0; default: throw new Exception('Resource must be an instance of OrgServiceProviderModel or OrgCustomerModel'); } }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } switch (true) { case $resource instanceof Model\PreBillModel: return $resource->getPublished(); case $resource instanceof Model\ServicePackModel: case $resource instanceof Model\SupplServicesModel: return $resource->getPublished() === Model\ServicePackModel::STATUS_PUBLISHED; } throw new Exception('Resource must be an instance of ServicePack or PreBill'); }
/** * This assertion should receive the actual User objects. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $user * @param Zend_Acl_Resource_Interface $model * @param $privilege * @return bool */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $user = null, Zend_Acl_Resource_Interface $model = null, $privilege = null) { $request = Zend_Controller_Front::getInstance()->getRequest(); // have to hack this because of the 'oneitem' route all controller/action combo's will execute this assertion // @todo: change this in the oneitem route somehow? if ($request->getControllerName() !== 'user') { return true; } $param = $request->getParam('id', null); if (!$param) { return true; } // perform check if ($model->getUserById($param)->hasRole(array('presenter', 'chair'))) { return true; } else { return false; } }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { if (NULL === $role || NULL === $resource) { return false; } if (!$role instanceof \Application\Model\UserModel) { throw new Exception('Role must be an instance of UserModel'); } if (!$resource instanceof \Application\Model\Organization\OrgCustomerModel) { throw new Exception('Org must be an instance of OrgCustomerModel'); } foreach ($resource->getAllBillingAccounts() as $billing) { // Basic info billing cycle start day is not modifiable if one of // billings is inheriting this value and it is not modifiable if (empty($billing->billingCycleStartDay) && !$billing->billingCycleModifiable) { return false; } } return true; }
/** * This assertion should receive the actual User objects. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $user * @param Zend_Acl_Resource_Interface $model * @param $privilege * @return bool */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $user = null, Zend_Acl_Resource_Interface $model = null, $privilege = null) { if ($user) { $presentations = $user->getMyPresentations(); } else { return false; } $param = Zend_Controller_Front::getInstance()->getRequest()->getParam('id', null); if (!$param) { return false; } // get presentation_id $presentation = $model->getResource('presentationsusers')->getItemById($param)->presentation_id; // perform check if ($presentation !== null && in_array((int) $presentation, $presentations, true)) { return true; } else { return false; } }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof Model\UserModel) { throw new Exception('Role must be an instance of UserModel'); } $orgId = $role->getOrganizationId(); switch (true) { case $resource instanceof OrgModelAbstract: $parent = OrgService::getInstance()->load($resource->getParentId()); if ($parent) { return $orgId === $parent->getParentId(); } return false; } throw new Exception('Resource must be an instance of OrgModelAbstract'); }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } $orgId = $role->getOrganizationId(); $org = Service\OrgService::getInstance()->load($orgId); if (!$org) { return false; } switch (true) { case $resource instanceof Model\ServicePackModel: return $org->getParentId() === $resource->getServiceProvider(); } throw new Exception('Resource must be an instance of ServicePack'); }
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { $auth = Zend_Auth::getInstance(); if (!$auth->hasIdentity()) { return false; } $ident = $auth->getIdentity(); if ($resource->getResourceId() == 'projects_m_project') { foreach ($resource->Projects_Model_Leader as $leader) { if ($leader->user_id == $ident->id) { return true; } } return false; } else { $q = Doctrine_Query::create()->from('Projects_Model_Leader pl')->where('user_id = ?', $ident->id); if ($q->count()) { return true; } return false; } }
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { if (!$resource instanceof Issues_Model_Abstract) { throw new Issues_Model_Exception('Invalid resource for this assertion'); } list($resourceType, $resourceId) = explode('-', $resource->getResourceId()); if (!$resource->isPrivate()) { return $acl->isAllowed($role, $resourceType, $privilege); } $userService = Zend_Registry::get('Default_DiContainer')->getUserService(); $userRoles = $userService->getIdentity()->getRoles(); foreach ($userRoles as $i) { $roles[] = $i->getRoleId(); } $aclService = Zend_Registry::get('Default_DiContainer')->getAclService(); $records = $aclService->getResourceRecords($roles, $resourceType, $resourceId); if (count($records)) { return false; } else { return true; } }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } if (!$resource instanceof SimModel) { throw new Exception('Resource must be a sim'); } $org = $resource->getCustomer(); if (!$org) { $org = $role->getOrganization(); if (!$org instanceof OrgCustomerModel) { return false; } } return $org ? $org->timeAndConsumptionVoucherIsEnabled : false; }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } if ($resource instanceof WatcherModel) { if ($role instanceof \Application\Model\CurrentUserModel && $role->isApiAuthUser()) { return $role->apiId == $resource->owner; } return $role->id === $resource->owner; } if ($resource instanceof UserConfigModel) { return $role->id === $resource->userId; } if (!$resource instanceof UserModel) { throw new Exception('Resource must be an instance of UserModel'); } return $role->getId() === $resource->getId(); }
/** * Returns true if and only if the assertion conditions are met * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param null $privilege * @return bool * @throws Exception */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } $orgId = $role->getOrganizationId(); switch (true) { case $resource instanceof OrgModelAbstract: return $orgId === $resource->getParentId(); case $resource instanceof Model\PreBillModel: return true; //TODO: we need serviceProviderId from ericsson return $orgId === $resource->getServiceProvider()->getId(); case $resource instanceof UserModel: try { $org = $resource->getOrganization(); if (NULL !== $org) { return $orgId === $org->getParentId(); } App::log()->err("User (" . $resource->getId() . ") organization (" . $resource->getOrganizationId() . ") doesn't exist"); return false; } catch (Exception $e) { return false; } case $resource instanceof Model\CommercialGroupModel: // customerId is one of service provider customers? // TODO aggregatorId case? $org = OrgService::getInstance()->load($resource->getCustomerId()); return $org && $orgId === $org->getParentId(); case $resource instanceof Model\ReportModel: $params = $resource->getParams(); if (isset($params['orgId']) && !empty($params['orgId'])) { $org = OrgService::getInstance()->load($params['orgId']); return $org && $orgId === $org->getParentId(); } else { return true; } } throw new Exception('Resource must be an instance of OrgModelAbstract or UserModel'); }
/** * Returns the rules associated with a Resource and a Role, or null if no such rules exist * * If either $resource or $role is null, this means that the rules returned are for all Resources or all Roles, * respectively. Both can be null to return the default rule set for all Resources and all Roles. * * If the $create parameter is true, then a rule set is first created and then returned to the caller. * * @param Zend_Acl_Resource_Interface $resource * @param Zend_Acl_Role_Interface $role * @param boolean $create * @return array|null */ protected function &_getRules(Zend_Acl_Resource_Interface $resource = null, Zend_Acl_Role_Interface $role = null, $create = false) { // create a reference to null $null = null; $nullRef =& $null; // follow $resource do { if (null === $resource) { $visitor =& $this->_rules['allResources']; break; } $resourceId = $resource->getResourceId(); if (!isset($this->_rules['byResourceId'][$resourceId])) { if (!$create) { return $nullRef; } $this->_rules['byResourceId'][$resourceId] = array(); } $visitor =& $this->_rules['byResourceId'][$resourceId]; } while (false); // follow $role if (null === $role) { if (!isset($visitor['allRoles'])) { if (!$create) { return $nullRef; } $visitor['allRoles']['byPrivilegeId'] = array(); } return $visitor['allRoles']; } $roleId = $role->getRoleId(); if (!isset($visitor['byRoleId'][$roleId])) { if (!$create) { return $nullRef; } $visitor['byRoleId'][$roleId]['byPrivilegeId'] = array(); $visitor['byRoleId'][$roleId]['allPrivileges'] = array('type' => null, 'assert' => null); } return $visitor['byRoleId'][$roleId]; }
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { if (ProfileTable::PUBLIC_FLAG_FRIEND == $resource->getPublicFlag()) { return 'self' === $role->getRoleId() || 'friend' === $role->getRoleId(); } if (ProfileTable::PUBLIC_FLAG_PRIVATE == $resource->getPublicFlag()) { return 'self' === $role->getRoleId(); } return true; }
/** * <p>Lädt eine Resource.</p> * <p>Der zurückgegebene Array sieht ist wie folgt aufgebaut: * <code> * $array = array( * 0 => array( * 0 => 'resource1', * 1 => null * ), * 1 => array( * 0 => 'resource2', * 1 => null * ), * 2 => array( * 0 => 'resource3', * 1 => 'resource1' * ), * 3 => array( * 0 => 'resource4', * 1 => 'resource2' * ) * ); * </code> * </p> * @param Zend_Acl_Resource_Interface|string|null $resource * @return array */ public function loadResource($resource) { $resourceId = $resource instanceof Zend_Acl_Resource_Interface ? $resource->getResourceId() : (string) $resource; $arrResources = $this->_loadResources($resourceId); $arrReturn = array(); foreach ($arrResources as $arrResource) { $arrReturn[] = array(0 => $arrResource[$this->_getResourceColumn(self::RESOURCE_NAME)], 1 => isset($arrResource[$this->_getResourceColumn(self::RESOURCE_PARENT)]) ? $arrResource[$this->_getResourceColumn(self::RESOURCE_PARENT)] : null); } return $arrReturn; }
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { global $db; //If asserting is off then return true right away if (isset($resource->assert) && $resource->assert == false || isset($acl->_entrada_last_query) && isset($acl->_entrada_last_query->assert) && $acl->_entrada_last_query->assert == false) { return true; } if (isset($resource->eform_id)) { $eform_id = $resource->eform_id; } else { if (isset($acl->_entrada_last_query->eform_id)) { $eform_id = $acl->_entrada_last_query->eform_id; } else { //Parse out the user ID and course ID $resource_id = $resource->getResourceId(); $resource_type = preg_replace('/[0-9]+/', "", $resource_id); if ($resource_type !== "evaluationform") { //This only asserts for users authoring evaluation forms. return false; } $eform_id = preg_replace('/[^0-9]+/', "", $resource_id); } } $role_id = $role->getRoleId(); $access_id = preg_replace('/[^0-9]+/', "", $role_id); $query = "SELECT `user_id` FROM `" . AUTH_DATABASE . "`.`user_access`\n\t\t\t\t\tWHERE `id` = " . $db->qstr($access_id); $user_id = $db->GetOne($query); if (!isset($user_id) || !$user_id) { $role_id = $acl->_entrada_last_query_role->getRoleId(); $access_id = preg_replace('/[^0-9]+/', "", $role_id); $query = "SELECT `user_id` FROM `" . AUTH_DATABASE . "`.`user_access`\n\t\t\t\t\t\tWHERE `id` = " . $db->qstr($access_id); $user_id = $db->GetOne($query); } $permissions = Models_Evaluation::getFormAuthorPermissions($eform_id); if ($permissions) { return true; } else { return false; } }
/** * Checks the Acl to see if this $user (role) can preform this $action on this $resource. If no specific rules have been defined for this $resource, the resource's type will be found * and it will be checked. * * @param string|Zend_Acl_Role_Interface $user The user to check * @param string|Zend_Acl_Resource_Interface $resource The resource to check * @param string $action The privilege to check * @return boolean */ function isAllowed($user, $resource, $action) { //Store role for use by assertions if ($user instanceof Zend_Acl_Role_Interface) { $this->acl->_entrada_last_query_role = $user; } else { $this->acl->_entrada_last_query_role = new Zend_Acl_Role($user); } //Grab resource ID and store resource for use by assertions if ($resource instanceof Zend_Acl_Resource_Interface) { $resource_id = $resource->getResourceId(); $this->acl->_entrada_last_query = $resource; } else { $resource_id = $resource; $this->acl->_entrada_last_query = new Zend_Acl_Resource($resource); } $resourcetype = preg_replace('/[0-9]+/', '', $resource_id); if ($this->acl->has($resource)) { return $this->acl->isAllowed($user, $resource, $action); } else { if ($this->acl->has($resourcetype)) { if ($resource instanceof Zend_Acl_Resource_Interface) { $resourcetype = $resource; $resourcetype->specific = false; } return $this->acl->isAllowed($user, $resourcetype, $action); } } return false; }
/** * Removes a Resource and all of its children * * The $resource parameter can either be a Resource or a Resource identifier. * * @param Zend_Acl_Resource_Interface|string $resource * @throws {@link Zend_Acl_Exception} * @return Zend_Acl Provides a fluent interface */ public function remove($resource) { if ($this->hasCachingAdapter()) { $this->_checkCaching(); } $resourceId = $resource instanceof Zend_Acl_Resource_Interface ? $resource->getResourceId() : (string) $resource; $this->_setResourceUnloaded($resourceId); $arrResources = $this->_getAdapter()->removeResource($resourceId); foreach ($arrResources as $resource) { if ($this->has($resource) && $resource != $resourceId) { parent::remove($role); } if ($this->hasResourceLoaded($resource)) { $this->_setResourceUnloaded($resource); } //Zum Cachen freigeben: if ($this->hasCachingAdapter()) { $this->_getCachingAdapter()->change(null, $resource); } } //Zum Cachen freigeben: if ($this->hasCachingAdapter()) { $this->_getCachingAdapter()->change(null, $resourceId); } return parent::remove($resourceId); }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } $orgId = $role->getOrganizationId(); switch (true) { case $resource instanceof OrgModelAbstract: return $orgId === $resource->getId(); case $resource instanceof UserModel: case $resource instanceof TemplateModel: return $orgId === $resource->getOrganizationId(); case $resource instanceof Async\Model\AsyncResponse: $cOrgId = \Application\Model\Mapper\OrganizationMapper::cleanOrgId($orgId); return $orgId === $resource->getOrganizationId() || $cOrgId === $resource->getOrganizationId(); case $resource instanceof Model\TariffPlanLifeCycleModel: case $resource instanceof Model\TariffPlanServicesModel: case $resource instanceof Model\RestrictionModel: case $resource instanceof Model\ServicePackModel: $orgType = Model\Mapper\OrganizationMapper::getTypeByOrgId($orgId); switch ($orgType) { case Model\Organization\OrgServiceProviderModel::ORG_TYPE: return $orgId === $resource->getServiceProviderId(); case Model\Organization\OrgCustomerModel::ORG_TYPE: // $spList = Service\ServicePackService::getInstance()->listAll(); // foreach ($spList->getItems() as $sp) { // if ($sp->getId() === $resource->getId()) { // return true; // } // } /* * There is no way to know if only one ServicePack is assigned to a customer, * only retrieving all servicePacks assigned. It is too much slow. In Ericsson we trust. */ return true; default: return false; } case $resource instanceof Model\SupplServicesModel: return $orgId === $resource->getServiceProviderId() || $orgId === $resource->getCustomerId(); case $resource instanceof Model\CommercialGroupModel: case $resource instanceof Model\SupervisionGroupModel: return $orgId === $resource->getCustomerId(); case $resource instanceof SimModel: /** @var $resource \Application\Model\SimModel */ return $orgId === $resource->getMasterId() || $orgId === $resource->getServiceProviderCommercialId() || $orgId === $resource->getServiceProviderEnablerId() || $orgId === $resource->getAggregatorId() || $orgId === $resource->getCustomerId() || $orgId === $resource->getEndUserId(); case $resource instanceof Model\ReportModel: $params = $resource->getParams(); if (isset($params['orgId']) && !empty($params['orgId'])) { return $orgId === $params['orgId']; } else { return true; } } throw new Exception('Resource must be an instance of OrgModelAbstract, UserModel or SimModel'); }