public function getAccountsForRole($roleId, $order = null, $count = null, $offset = null) { $rolesDb = new Ot_Model_DbTable_AccountRoles(); $where = $rolesDb->getAdapter()->quoteInto('roleId = ?', $roleId); $roles = $rolesDb->fetchAll($where)->toArray(); $accountIds = array(); foreach ($roles as $role) { $accountIds[] = $role['accountId']; } if (count($accountIds) > 0) { $where = $this->getAdapter()->quoteInto('accountId IN (?)', $accountIds); return $this->fetchAll($where, $order, $count, $offset); } return null; }
/** * Deletes a role from the ACL * */ public function deleteAction() { $roleId = $this->_getParam('roleId', null); if (is_null($roleId)) { throw new Ot_Exception_Input('msg-error-roleIdNotSet'); } $role = new Ot_Model_DbTable_Role(); $thisRole = $role->find($roleId); if (is_null($thisRole)) { throw new Ot_Exception_Data('msg-error-noRole'); } if ($thisRole->editable != 1) { throw new Ot_Exception_Access('msg-error-unallowedRoleEdit'); } $availableRoles = $this->_acl->getAvailableRoles(); if (!isset($availableRoles[$roleId])) { throw new Ot_Exception_Data('msg-error-noRole'); } $account = new Ot_Model_DbTable_Account(); $affectedAccounts = $account->getAccountsForRole($get->roleId); $defaultRole = $this->_helper->configVar('defaultRole'); if (!isset($availableRoles[$defaultRole])) { throw new Ot_Exception_Data('msg-error-noDefaultRole'); } if ($defaultRole == $roleId) { throw new Ot_Exception_Data('msg-error-deleteDefaultRole'); } $inheritedRoles = array(); $inheritedRoles = $this->_acl->getChildrenOfRole($roleId); if (count($inheritedRoles) > 0) { throw new Ot_Exception_Data($this->view->translate('msg-error-dependedRoleCannotDelete', $roleList)); } if ($this->_request->isPost()) { $role = new Ot_Model_DbTable_Role(); $accountRoles = new Ot_Model_DbTable_AccountRoles(); $dba = $role->getAdapter(); $dba->beginTransaction(); try { $role->deleteRole($roleId); } catch (Exception $e) { $dba->rollback(); throw $e; } // aList is an array of all the affected accountIds $aList = array(); if (count($affectedAccounts) > 0) { foreach ($affectedAccounts as $a) { $aList[] = $a->accountId; } if (count($aList) > 0) { // get a list of all the accounts that still have a role after removing one so we can diff() // it to find the accounts that no longer have a role $accountRolesDba = $accountRoles->getAdapter(); $where = $accountRolesDba->quoteInto('accountId IN(?)', $aList); $affectedAccountsStillWithRoles = $accountRoles->fetchAll($where); $affectedAccountsStillWithRolesIds = array(); foreach ($affectedAccountsStillWithRoles as $a) { $affectedAccountsStillWithRolesIds[] = $a->accountId; } // here's the list of accounts that don't have a role, so we have to add $defaultRole to them. $affectedAccountsWithNoRoles = array_diff($aList, $affectedAccountsStillWithRolesIds); try { foreach ($affectedAccountsWithNoRoles as $a) { $accountRoles->insert(array('accountId' => $a, 'roleId' => $defaultRole)); } } catch (Exception $e) { $dba->rollback(); throw $e; } } } $dba->commit(); $logOptions = array('attributeName' => 'accessRole', 'attributeId' => $roleId); $this->_helper->log(Zend_Log::INFO, 'Role ' . $thisRole['name'] . ' was deleted', $logOptions); $this->_helper->messenger->addWarning('Role was deleted successfully'); $this->_helper->redirector->gotoRoute(array('controller' => 'acl'), 'ot', true); } else { throw new Ot_Exception_Access('You can not access this method directly'); } }