public function hasPermission($permission) { $allResource = BackofficeAcl::getResourceRole(); $groupId = false; if (is_int($permission)) { if (isset($allResource[$permission])) { $groupId = $permission; } } else { foreach ($allResource as $key => $ar) { if (isset($ar['event']) && $ar['event'] == $permission) { $groupId = $key; break; } } } if (!is_int($groupId)) { return false; } $service = $this->getServiceManager()->get('service_user'); $result = $service->getUsersGroup($this->getIdentity()->id, $groupId); if (!empty($result)) { return true; } return false; }
/** * Constructor * @param ServiceLocatorInterface $serviceLocator */ public function __construct($serviceLocator) { // define guest role $this->addRole(new Role(ROLE_GUEST)); // add hardcoded resources $this->addResource(new Resource('controller_backofficeuser_authentication')); $this->addResource(new Resource('cron')); $this->allow(ROLE_GUEST, 'controller_backofficeuser_authentication', ['login', 'logout', 'authenticate', 'google-signin']); $this->allow(ROLE_GUEST, 'cron', []); // user authentication service $authenticationService = $serviceLocator->get('library_backoffice_auth'); if ($authenticationService->hasIdentity()) { // user service $userService = $serviceLocator->get('service_user'); // define and add logged in user role $role = $authenticationService->getIdentity()->id; $this->addRole(new Role($role), ROLE_GUEST); // get all defined resources $definedResources = BackofficeAcl::getResourceRole(); // add resources that allowed to every authorized user $resourcesAllowedToEveryAuthorizedUser = $definedResources[0]; foreach ($resourcesAllowedToEveryAuthorizedUser as $row) { $resource = new Resource($row['controller']); $this->addResource($resource); $this->allow($role, $row['controller'], $row['action']); } // fetch user groups from database and generate array of resource IDs $userGroups = $userService->getUsersGroup($role); $userResourceIDs = []; foreach ($userGroups as $row) { $userResourceIDs[] = $row['group_id']; } // do extra checks, compare user resources with defined resources $userResources = []; foreach ($userResourceIDs as $resourceID) { if (isset($definedResources[$resourceID]) && $resourceID != 0) { $userResources[$resourceID] = $definedResources[$resourceID]; } } // construct filtered array of user resources $filteredResources = []; foreach ($userResources as $resourceID => $currentResourceItems) { foreach ($currentResourceItems as $resourceArray) { $check = true; // check if current resource is already in filtered resources foreach ($filteredResources as $key => $filteredResourceArray) { if ($filteredResourceArray['controller'] == $resourceArray['controller']) { // current resource is already in filtered resorces array $check = false; // check for action existance if (!empty($filteredResourceArray['action'])) { if (empty($resourceArray['action'])) { $filteredResources[$key]['action'] = []; } else { $filteredResources[$key]['action'] = array_merge((array) $filteredResources[$key]['action'], (array) $resourceArray['action']); } } } } if ($check) { $filteredResources[] = array_merge($resourceArray, ['resource_id' => $resourceID]); } } } // finally, generate ACL based on filtered resources foreach ($filteredResources as $resourceArray) { // add resources if (!$this->hasResource($resourceArray['controller'])) { $this->addResource(new Resource($resourceArray['controller'])); } if (in_array($resourceArray['resource_id'], $userResourceIDs)) { if (empty($resourceArray['action'])) { $this->allow($role, $resourceArray['controller']); } else { $this->allow($role, $resourceArray['controller'], $resourceArray['action']); } } } } }