/** * Load rules * * @param Mage_Admin_Model_Acl $acl * @param array $rulesArr * @return Mage_Admin_Model_Mysql4_Acl */ function loadRules(Mage_Admin_Model_Acl $acl, array $rulesArr) { foreach ($rulesArr as $rule) { $role = $rule['role_type'] . $rule['role_id']; $resource = $rule['resource_id']; $privileges = !empty($rule['privileges']) ? explode(',', $rule['privileges']) : null; $assert = null; if (0 != $rule['assert_id']) { $assertClass = Mage::getSingleton('admin/config')->getAclAssert($rule['assert_type'])->getClassName(); $assert = new $assertClass(unserialize($rule['assert_data'])); } try { if ($rule['permission'] == 'allow') { if ($resource === self::ACL_ALL_RULES) { $acl->allow($role, null, $privileges, $assert); } $acl->allow($role, $resource, $privileges, $assert); } else { if ($rule['permission'] == 'deny') { $acl->deny($role, $resource, $privileges, $assert); } } } catch (Exception $e) { //$m = $e->getMessage(); //if ( eregi("^Resource '(.*)' not found", $m) ) { // Deleting non existent resource rule from rules table //$cond = $this->_write->quoteInto('resource_id = ?', $resource); //$this->_write->delete(Mage::getSingleton('core/resource')->getTableName('admin/rule'), $cond); //} else { //TODO: We need to log such exceptions to somewhere like a system/errors.log //} } /* switch ($rule['permission']) { case Mage_Admin_Model_Acl::RULE_PERM_ALLOW: $acl->allow($role, $resource, $privileges, $assert); break; case Mage_Admin_Model_Acl::RULE_PERM_DENY: $acl->deny($role, $resource, $privileges, $assert); break; } */ } return $this; }
/** * Loads role rules into ACL for admin user * * @param Mage_Admin_Model_User $user * @param Mage_Admin_Model_Acl $acl * @param array $allowedResources * * @return $this */ public function loadRules(Mage_Admin_Model_User $user, Mage_Admin_Model_Acl $acl, array $allowedResources = array()) { $userRole = Mage::getModel('admin/acl_role_user', Mage_Admin_Model_Acl::ROLE_TYPE_USER . $user->getId()); $acl->addRole($userRole); if (empty($allowedResources)) { $acl->allow($userRole); $acl->allow($userRole, $acl->getResources()); return $this; } $aclResources = $acl->getResources(); $allow = array(); foreach ($allowedResources as $resource) { $childResources = array_filter($aclResources, function ($entry) use($resource) { return strpos($entry, 'admin/' . $resource) === 0; }); $allow = array_merge($allow, $childResources); } $deny = array(); foreach ($aclResources as $resource) { if (!in_array($resource, $allow)) { $deny[] = $resource; } } $acl->allow($userRole, $allow); $acl->deny($userRole, $deny); return $this; }