public function render() { $template = $this->getTemplate(); $template->setFile(__DIR__ . '/roleDefinition.latte'); $resultSet = $this->userFacade->fetchAccessDefinitions(new AccessDefinitionQuery()); $template->accessDefinitions = $this->sortAccessDefinitions($resultSet->toArray()); $permissionsResultSet = $this->userFacade->fetchPermissions((new PermissionQuery())->byRole($this->role->getId())); $template->permissions = $this->sortRolePermissions($permissionsResultSet->toArray()); $template->role = $this->role->getName(); $template->render(); }
/** * @param Role $role * @throws ForeignKeyConstraintViolationException */ public function remove(Role $role) { try { $roleID = $role->getId(); $this->em->remove($role); $this->em->flush(); $this->onSuccessRoleRemoval($role, $roleID); } catch (ForeignKeyConstraintViolationException $e) { throw $e; } }
public function removeRole(SubmitButton $button) { if (!$this->authorizator->isAllowed($this->user, 'user_role', 'remove')) { $this->flashMessage('authorization.noPermission', FlashMessage::WARNING); $this->redirect('this'); } try { $this->userFacade->removeRole($this->role); $this->onSuccessRoleRemoval($this->role); } catch (ForeignKeyConstraintViolationException $e) { $this->flashMessage('users.roleRemoval.messages.roleInUse', FlashMessage::WARNING, ['roleName' => $this->role->getName()]); $this->redirect('this'); } }
public function onSuccessRolePermissionsEditing(Role $role) { $this->appEventLogger->saveLog(sprintf('User [%s#%s] <b>has EDITED</b> permissions of Role [%s#%s]', $this->user->getId(), $this->user->getUsername(), $role->getId(), $role->getName()), 'user_role_editing', $this->user->getId()); }
/** * @return string */ public function getParentRoleName() { return $this->role->getParentName(); }
public function onSuccessRoleRemoval(Role $role) { $this->flashMessage('users.roleRemoval.messages.success', FlashMessage::SUCCESS, ['roleName' => $role->getName()]); $this->redirect('Users:roles'); }
/** * @param Role $role * @param array $permissionDefinitions * @throws DBALException * @throws \Exception */ public function save(Role $role, array $permissionDefinitions) { $resources = $this->em->createQuery('SELECT r FROM ' . Resource::class . ' r INDEX BY r.id')->execute(); $privileges = $this->em->createQuery('SELECT p FROM ' . Privilege::class . ' p INDEX BY p.id')->execute(); try { $this->em->beginTransaction(); $this->em->createQuery('DELETE ' . Permission::class . ' p WHERE p.role = :role')->execute(['role' => $role->getId()]); $parentRole = null; if ($role->hasParent()) { /** @var Role $parentRole */ $parentRole = $this->em->find(Role::class, $role->getParentId()); } foreach ($permissionDefinitions as $definition => $isAllowed) { $isAllowed = (bool) $isAllowed; $x = explode('-', $definition); // eg. 1-3 /** @var \Users\Authorization\Resource $resource */ $resource = $resources[$x[0]]; /** @var Privilege $privilege */ $privilege = $privileges[$x[1]]; // check Users\Authorization\Authorizator ACL assembling // Role without parent // privilege: allowed -> must be in database // privilege: denied -> does NOT have to be in database // Role with parent (all depths) /* ------------------------------------------------------------ parent | descendant | should be persisted? ------------------------------------------------------------ allowed allowed NO allowed denied YES denied denied NO denied allowed YES ------------------------------------------------------------ We save records where permission and denial differ */ if ($parentRole !== null) { // has parent if ($this->authorizator->isAllowed($parentRole, $resource->getName(), $privilege->getName()) === $isAllowed) { continue; } } else { // doesn't have parent if ($isAllowed === false) { continue; } } $permission = new Permission($role, $resource, $privilege, $isAllowed); $this->em->persist($permission); } $this->em->flush(); $this->em->commit(); $this->cache->remove('acl'); $this->onSuccessRolePermissionsEditing($role); } catch (\Exception $e) { $this->em->rollback(); $this->em->close(); // todo log error throw new $e(); } }