/** * Checks if the given $aro has access to action $action in $aco * Check returns true once permissions are found, in following order: * User node * User::parentNode() node * Groupnodes of Groups that User has habtm links to * * @param string $aro ARO The requesting object identifier. * @param string $aco ACO The controlled object identifier. * @param string $action Action (defaults to *) * @return boolean Success (true if ARO has access to action in ACO, false otherwise) */ public function check($aro, $aco, $action = "*") { if (parent::check($aro, $aco, $action)) { return true; } extract($this->settings); $User = ClassRegistry::init($userModel); list($plugin, $groupAlias) = pluginSplit($groupAlias); list($joinModel) = $User->joinModel($User->hasAndBelongsToMany[$groupAlias]['with']); $userField = $User->hasAndBelongsToMany[$groupAlias]['foreignKey']; $groupField = $User->hasAndBelongsToMany[$groupAlias]['associationForeignKey']; $node = $this->Acl->Aro->node($aro); $userId = Hash::extract($node, '0.Aro.foreign_key'); $groupIDs = ClassRegistry::init($joinModel)->find('list', array('fields' => array($groupField), 'conditions' => array($userField => $userId), 'recursive' => -1)); foreach ((array) $groupIDs as $groupID) { $aro = array('model' => $groupAlias, 'foreign_key' => $groupID); $allowed = parent::check($aro, $aco, $action); if ($allowed) { return true; } } return false; }
public function after($event = array()) { static $createdTables = 0; // tracks number of created tables // determines how many tables are in this schema class $totalTables = 0; $refclass = new ReflectionClass($this); foreach ($refclass->getProperties() as $property) { if ($property->class === $refclass->name) { ++$totalTables; } } // when called from the console schema utility, the connection parameter is // a string, but when it's called from the web installer it's an object if (is_string($this->connection)) { $dataSourceName = $this->connection; } else { $dataSourceName = ConnectionManager::getSourceName($this->connection); } $db = ConnectionManager::getDataSource($dataSourceName); $db->cacheSources = false; // must be disabled to populate the tables // handle create table events if (isset($event['create'])) { ++$createdTables; switch ($event['create']) { case 'roles': // Create hierarchical roles $role = ClassRegistry::init('Role'); $role->setDataSource($dataSourceName); $parent_id = null; $role_names = $role->getRoleNames(); foreach ($role_names as $role_name) { $role->create(); $role->save(array('name' => $role_name, 'display_name' => $role->getDisplayNameFor($role_name), 'parent_id' => $parent_id)); $parent_id = $role->id; } break; case 'users': // Create default user $user = ClassRegistry::init('User'); $user->setDataSource($dataSourceName); $user->create(); $user->save(array('name' => 'Admin')); break; case 'aros': // Create ARO root node for users and collection memberships $aro = ClassRegistry::init('Aro'); $aro->setDataSource($dataSourceName); $aro->create(); $aro->save(array('alias' => 'users')); break; case 'acos': // Create ACO root node for the role hierarchy $aco = ClassRegistry::init('Aco'); $aco->setDataSource($dataSourceName); $aco->create(); $aco->save(array('alias' => 'role')); break; case 'aros_acos': break; } // final step -- requires all tables to be created if ($createdTables === $totalTables) { $acl = new DbAcl(); // component object $acl->allow('users', 'role/super/admin/mod/user'); $acl->allow(array('model' => 'User', 'foreign_key' => 1), 'role/super'); } } return true; }