/** * Compatibility class for old implementation * * @param string $extension * @param string $controller * @param string $action * @param array $parameters * @return boolean * @deprecated */ public function hasAccess($action, $controller, $extension, $parameters = array()) { $user = common_session_SessionManager::getSession()->getUser(); $uri = funcAcl_models_classes_ModuleAccessService::singleton()->makeEMAUri($extension, $controller); $controllerClassName = funcAcl_helpers_Map::getControllerFromUri($uri); return self::accessPossible($user, $controllerClassName, $action); }
/** * Short description of method remove * * @access public * @author Jehan Bihin, <*****@*****.**> * @param string roleUri * @param string accessUri * @return mixed */ public function remove($roleUri, $accessUri) { $uri = explode('#', $accessUri); list($type, $ext, $mod, $act) = explode('_', $uri[1]); $role = new core_kernel_classes_Class($roleUri); $actionAccessProperty = new core_kernel_classes_Property(funcAcl_models_classes_AccessService::PROPERTY_ACL_GRANTACCESS); $module = new core_kernel_classes_Resource($this->makeEMAUri($ext, $mod)); $controllerClassName = funcAcl_helpers_Map::getControllerFromUri($module->getUri()); // access via controller? $controllerAccess = funcAcl_helpers_Cache::getControllerAccess($controllerClassName); if (in_array($roleUri, $controllerAccess['module'])) { // remove access to controller funcAcl_models_classes_ModuleAccessService::singleton()->remove($roleUri, $module->getUri()); // add access to all other actions foreach (funcAcl_helpers_Model::getActions($module) as $action) { if ($action->getUri() != $accessUri) { $this->add($roleUri, $action->getUri()); $this->getEventManager()->trigger(new AccessRightAddedEvent($roleUri, $action->getUri())); } } } elseif (isset($controllerAccess['actions'][$act]) && in_array($roleUri, $controllerAccess['actions'][$act])) { // remove action only $role->removePropertyValues($actionAccessProperty, array('pattern' => $accessUri)); $this->getEventManager()->trigger(new AccessRightRemovedEvent($roleUri, $accessUri)); funcAcl_helpers_Cache::flushControllerAccess($controllerClassName); } }
/** * Short description of method remove * * @access public * @author Jehan Bihin, <*****@*****.**> * @param string roleUri * @param string accessUri * @return mixed */ public function remove($roleUri, $accessUri) { $uri = explode('#', $accessUri); list($type, $extId) = explode('_', $uri[1]); // Remove the access to the extension for this role. $extManager = common_ext_ExtensionsManager::singleton(); $extension = $extManager->getExtensionById($extId); $role = new core_kernel_classes_Resource($roleUri); $role->removePropertyValues(new core_kernel_classes_Property(PROPERTY_ACL_GRANTACCESS), array('pattern' => $accessUri)); funcAcl_helpers_Cache::flushExtensionAccess($extId); // also remove access to all the controllers $moduleAccessProperty = new core_kernel_classes_Property(PROPERTY_ACL_GRANTACCESS); $moduleAccessService = funcAcl_models_classes_ModuleAccessService::singleton(); $grantedModules = $role->getPropertyValues($moduleAccessProperty); foreach ($grantedModules as $gM) { $gM = new core_kernel_classes_Resource($gM); $uri = explode('#', $gM->getUri()); list($type, $ext) = explode('_', $uri[1]); if ($extId == $ext) { $moduleAccessService->remove($role->getUri(), $gM->getUri()); } } }
public function revokeModuleAccess(core_kernel_classes_Resource $role, $ext, $mod) { $accessUri = $this->makeEMAUri($ext, $mod); funcAcl_models_classes_ModuleAccessService::singleton()->remove($role->getUri(), $accessUri); }
public function testFuncACL() { $baseRole = $this->testrole; $srv = tao_models_classes_UserService::singleton(); $generisUser = new core_kernel_users_GenerisUser($this->user); $this->assertTrue(LoginService::startSession($generisUser)); // -- Test uri creation $emauri = FUNCACL_NS . '#a_tao_Users_add'; $emaurimod = FUNCACL_NS . '#m_tao_Users'; $makeemauri = funcAcl_models_classes_AccessService::singleton()->makeEMAUri('tao', 'Users', 'add'); $makeemaurimod = funcAcl_models_classes_AccessService::singleton()->makeEMAUri('tao', 'Users'); $this->assertEquals($emauri, $makeemauri); $this->assertEquals($emaurimod, $makeemaurimod); $funcAclImp = new funcAcl_models_classes_FuncAcl(); // -- Try to access a restricted action $this->assertFalse($funcAclImp->hasAccess('add', 'Users', 'tao')); // -- Try to access a unrestricted action // (BACKOFFICE has access to the backend login action because it includes the TAO Role) $this->assertTrue($funcAclImp->hasAccess('login', 'Main', 'tao')); // -- Try to access an action that does not exist. $this->assertFalse($funcAclImp->hasAccess('action', 'Unknown', 'tao')); // -- Try to access a unrestricted action // Add access for this action to the Manager role. funcAcl_models_classes_ActionAccessService::singleton()->add($this->testRole->getUri(), $makeemauri); // Add the Manager role the the currently tested user tao_models_classes_UserService::singleton()->attachRole($this->user, $this->testRole); // Logoff/login, to refresh roles cache $this->assertTrue(LoginService::startSession($generisUser)); // Ask for access $this->assertTrue($funcAclImp->hasAccess('add', 'Users', 'tao')); // Remove the access to this action from the Manager role funcAcl_models_classes_ActionAccessService::singleton()->remove($this->testRole->getUri(), $makeemauri); // We should not have access anymore to this action with the Manager role $this->assertFalse($funcAclImp->hasAccess('add', 'Users', 'tao')); // -- Give access to the entire module and try to access the previously tested action funcAcl_models_classes_ModuleAccessService::singleton()->add($this->testRole->getUri(), $makeemaurimod); $this->assertTrue($funcAclImp->hasAccess('add', 'Users', 'tao')); // -- Remove the entire module access and try again funcAcl_models_classes_ModuleAccessService::singleton()->remove($this->testRole->getUri(), $makeemaurimod); $this->assertFalse($funcAclImp->hasAccess('add', 'Users', 'tao')); // reset funcAcl_models_classes_ModuleAccessService::singleton()->add($this->testRole->getUri(), $makeemaurimod); // Unattach role from user tao_models_classes_UserService::singleton()->unnatachRole($this->user, $this->testRole); }
public function addModuleAccess() { if (!tao_helpers_Request::isAjax()) { throw new Exception("wrong request mode"); } else { $role = $this->getRequestParameter('role'); $uri = $this->getRequestParameter('uri'); $moduleService = funcAcl_models_classes_ModuleAccessService::singleton(); $moduleService->add($role, $uri); echo json_encode(array('uri' => $uri)); } }