/**
* Checks if the given $aro has access to action $action in $aco
* Check returns true once permissions are found, in following order:
* User node
* User::parentNode() node
* Groupnodes of Groups that User has habtm links to
*
* @param string $aro ARO The requesting object identifier.
* @param string $aco ACO The controlled object identifier.
* @param string $action Action (defaults to *)
* @return boolean Success (true if ARO has access to action in ACO, false otherwise)
*/
public function check($aro, $aco, $action = "*")
{
if (parent::check($aro, $aco, $action)) {
return true;
}
extract($this->settings);
$User = ClassRegistry::init($userModel);
list($plugin, $groupAlias) = pluginSplit($groupAlias);
list($joinModel) = $User->joinModel($User->hasAndBelongsToMany[$groupAlias]['with']);
$userField = $User->hasAndBelongsToMany[$groupAlias]['foreignKey'];
$groupField = $User->hasAndBelongsToMany[$groupAlias]['associationForeignKey'];
$node = $this->Acl->Aro->node($aro);
$userId = Hash::extract($node, '0.Aro.foreign_key');
$groupIDs = ClassRegistry::init($joinModel)->find('list', array('fields' => array($groupField), 'conditions' => array($userField => $userId), 'recursive' => -1));
foreach ((array) $groupIDs as $groupID) {
$aro = array('model' => $groupAlias, 'foreign_key' => $groupID);
$allowed = parent::check($aro, $aco, $action);
if ($allowed) {
return true;
}
}
return false;
}
public function after($event = array())
{
static $createdTables = 0;
// tracks number of created tables
// determines how many tables are in this schema class
$totalTables = 0;
$refclass = new ReflectionClass($this);
foreach ($refclass->getProperties() as $property) {
if ($property->class === $refclass->name) {
++$totalTables;
}
}
// when called from the console schema utility, the connection parameter is
// a string, but when it's called from the web installer it's an object
if (is_string($this->connection)) {
$dataSourceName = $this->connection;
} else {
$dataSourceName = ConnectionManager::getSourceName($this->connection);
}
$db = ConnectionManager::getDataSource($dataSourceName);
$db->cacheSources = false;
// must be disabled to populate the tables
// handle create table events
if (isset($event['create'])) {
++$createdTables;
switch ($event['create']) {
case 'roles':
// Create hierarchical roles
$role = ClassRegistry::init('Role');
$role->setDataSource($dataSourceName);
$parent_id = null;
$role_names = $role->getRoleNames();
foreach ($role_names as $role_name) {
$role->create();
$role->save(array('name' => $role_name, 'display_name' => $role->getDisplayNameFor($role_name), 'parent_id' => $parent_id));
$parent_id = $role->id;
}
break;
case 'users':
// Create default user
$user = ClassRegistry::init('User');
$user->setDataSource($dataSourceName);
$user->create();
$user->save(array('name' => 'Admin'));
break;
case 'aros':
// Create ARO root node for users and collection memberships
$aro = ClassRegistry::init('Aro');
$aro->setDataSource($dataSourceName);
$aro->create();
$aro->save(array('alias' => 'users'));
break;
case 'acos':
// Create ACO root node for the role hierarchy
$aco = ClassRegistry::init('Aco');
$aco->setDataSource($dataSourceName);
$aco->create();
$aco->save(array('alias' => 'role'));
break;
case 'aros_acos':
break;
}
// final step -- requires all tables to be created
if ($createdTables === $totalTables) {
$acl = new DbAcl();
// component object
$acl->allow('users', 'role/super/admin/mod/user');
$acl->allow(array('model' => 'User', 'foreign_key' => 1), 'role/super');
}
}
return true;
}
