/**
* Manage permissions
*/
protected function adminPermissions()
{
$resource = new \core_kernel_classes_Resource($this->getRequestParameter('id'));
$accessRights = AdminService::getUsersPermissions($resource->getUri());
$userList = $this->getUserList();
$roleList = $this->getRoleList();
$this->setData('privileges', PermissionProvider::getRightLabels());
$userData = array();
foreach (array_keys($accessRights) as $uri) {
if (isset($userList[$uri])) {
$userData[$uri] = array('label' => $userList[$uri], 'isRole' => false);
unset($userList[$uri]);
} elseif (isset($roleList[$uri])) {
$userData[$uri] = array('label' => $roleList[$uri], 'isRole' => true);
unset($roleList[$uri]);
} else {
\common_Logger::d('unknown user ' . $uri);
}
}
$this->setData('users', $userList);
$this->setData('roles', $roleList);
$this->setData('userPrivileges', $accessRights);
$this->setData('userData', $userData);
$this->setData('uri', $resource->getUri());
$this->setData('label', _dh($resource->getLabel()));
$this->setView('AdminAccessController/index.tpl');
}
/**
* (non-PHPdoc)
* @see \oat\generis\model\data\PermissionInterface::onResourceCreated()
*/
public function onResourceCreated(\core_kernel_classes_Resource $resource)
{
$dbAccess = new DataBaseAccess();
// test if class
$class = new \core_kernel_classes_Class($resource);
foreach (array_merge($resource->getTypes(), $class->getParentClasses()) as $parent) {
foreach (AdminService::getUsersPermissions($parent->getUri()) as $userUri => $rights) {
$dbAccess->addPermissions($userUri, $resource->getUri(), $rights);
}
}
}
/**
*
* @param string $currentVersion
* @return string $versionUpdatedTo
*/
public function update($initialVersion)
{
$currentVersion = $initialVersion;
if ($currentVersion == '1.0') {
$impl = new PermissionProvider();
// add read access to Items
$class = new \core_kernel_classes_Class(TAO_ITEM_CLASS);
AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, array('READ'));
// add backoffice user rights to Tests
$class = new \core_kernel_classes_Class(TAO_TEST_CLASS);
AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, $impl->getSupportedRights());
$currentVersion = '1.0.1';
}
return $currentVersion;
}
/**
* (non-PHPdoc)
* @see \oat\generis\model\data\PermissionInterface::onResourceCreated()
*/
public function onResourceCreated(\core_kernel_classes_Resource $resource)
{
$dbAccess = new DataBaseAccess();
// verify resource is created
$permissions = $dbAccess->getResourcePermissions($resource->getUri());
if (empty($permissions)) {
// treat resources as classes without parent classes
$class = new \core_kernel_classes_Class($resource);
foreach (array_merge($resource->getTypes(), $class->getParentClasses()) as $parent) {
foreach (AdminService::getUsersPermissions($parent->getUri()) as $userUri => $rights) {
$dbAccess->addPermissions($userUri, $resource->getUri(), $rights);
}
}
}
}
/**
*
* @param string $currentVersion
* @return string $versionUpdatedTo
*/
public function update($initialVersion)
{
$currentVersion = $initialVersion;
if ($currentVersion == '1.0') {
$impl = new PermissionProvider();
// add read access to Items
$class = new \core_kernel_classes_Class(TAO_ITEM_CLASS);
AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, array('READ'));
// add backoffice user rights to Tests
$class = new \core_kernel_classes_Class(TAO_TEST_CLASS);
AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, $impl->getSupportedRights());
$currentVersion = '1.0.1';
}
if ($currentVersion == '1.0.1') {
$currentVersion = '1.0.2';
}
if ($currentVersion == '1.0.2') {
$taoClass = new \core_kernel_classes_Class(TAO_OBJECT_CLASS);
$classAdmin = new AdminAction();
ClassActionRegistry::getRegistry()->registerAction($taoClass, $classAdmin);
$currentVersion = '1.1';
}
if ($currentVersion == '1.1') {
$classesToAdd = array(new \core_kernel_classes_Class(CLASS_GENERIS_USER), new \core_kernel_classes_Class(CLASS_ROLE));
// add admin to new instances
$classAdmin = new AdminAction();
foreach ($classesToAdd as $class) {
ClassActionRegistry::getRegistry()->registerAction($class, $classAdmin);
}
// add base permissions to new classes
$taoClass = new \core_kernel_classes_Class(TAO_OBJECT_CLASS);
foreach ($taoClass->getSubClasses(false) as $class) {
if (!in_array($class->getUri(), array(TAO_ITEM_CLASS, TAO_TEST_CLASS))) {
$classesToAdd[] = $class;
}
}
$rights = PermissionManager::getPermissionModel()->getSupportedRights();
foreach ($classesToAdd as $class) {
if (count(AdminService::getUsersPermissions($class->getUri())) == 0) {
AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, $rights);
} else {
\common_Logger::w('Unexpected rights present for ' . $class->getUri());
}
}
$currentVersion = '1.2.0';
}
return $currentVersion;
}
/**
* Manage permissions
* @requiresRight id GRANT
*/
public function adminPermissions()
{
$resource = new \core_kernel_classes_Resource($this->getRequestParameter('id'));
$accessRights = AdminService::getUsersPermissions($resource->getUri());
$this->setData('privileges', PermissionProvider::getRightLabels());
$users = array();
$roles = array();
foreach ($accessRights as $uri => $privileges) {
$identity = new \core_kernel_classes_Resource($uri);
if ($identity->isInstanceOf(\tao_models_classes_RoleService::singleton()->getRoleClass())) {
$roles[$uri] = array('label' => $identity->getLabel(), 'privileges' => $privileges);
} else {
$users[$uri] = array('label' => $identity->getLabel(), 'privileges' => $privileges);
}
}
$this->setData('users', $users);
$this->setData('roles', $roles);
$this->setData('isClass', $resource->isClass());
$this->setData('uri', $resource->getUri());
$this->setData('label', _dh($resource->getLabel()));
$this->setView('AdminAccessController/index.tpl');
}
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* Copyright (c) 2013 (original work) Open Assessment Technologies SA (under the project TAO-PRODUCT);
*
*
*/
use oat\taoDacSimple\model\DataBaseAccess;
use oat\generis\model\data\permission\PermissionManager;
use oat\taoDacSimple\model\PermissionProvider;
use oat\taoDacSimple\model\AdminService;
$persistence = common_persistence_Manager::getPersistence('default');
$schemaManager = $persistence->getDriver()->getSchemaManager();
$schema = $schemaManager->createSchema();
$fromSchema = clone $schema;
$table = $schema->createtable(DataBaseAccess::TABLE_PRIVILEGES_NAME);
$table->addColumn('user_id', "string", array("notnull" => null, "length" => 255));
$table->addColumn('resource_id', "string", array("notnull" => null, "length" => 255));
$table->addColumn('privilege', "string", array("notnull" => null, "length" => 255));
$table->setPrimaryKey(array("user_id", "resource_id", "privilege"));
$queries = $persistence->getPlatform()->getMigrateSchemaSql($fromSchema, $schema);
foreach ($queries as $query) {
$persistence->exec($query);
}
$impl = new PermissionProvider();
PermissionManager::setPermissionModel($impl);
$rights = $impl->getSupportedRights();
foreach (PermissionProvider::getSupportedRootClasses() as $class) {
AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, $rights);
}
