/**
* Deletes a role from the ACL
*
*/
public function deleteAction()
{
$roleId = $this->_getParam('roleId', null);
if (is_null($roleId)) {
throw new Ot_Exception_Input('msg-error-roleIdNotSet');
}
$role = new Ot_Model_DbTable_Role();
$thisRole = $role->find($roleId);
if (is_null($thisRole)) {
throw new Ot_Exception_Data('msg-error-noRole');
}
if ($thisRole->editable != 1) {
throw new Ot_Exception_Access('msg-error-unallowedRoleEdit');
}
$availableRoles = $this->_acl->getAvailableRoles();
if (!isset($availableRoles[$roleId])) {
throw new Ot_Exception_Data('msg-error-noRole');
}
$account = new Ot_Model_DbTable_Account();
$affectedAccounts = $account->getAccountsForRole($get->roleId);
$defaultRole = $this->_helper->configVar('defaultRole');
if (!isset($availableRoles[$defaultRole])) {
throw new Ot_Exception_Data('msg-error-noDefaultRole');
}
if ($defaultRole == $roleId) {
throw new Ot_Exception_Data('msg-error-deleteDefaultRole');
}
$inheritedRoles = array();
$inheritedRoles = $this->_acl->getChildrenOfRole($roleId);
if (count($inheritedRoles) > 0) {
throw new Ot_Exception_Data($this->view->translate('msg-error-dependedRoleCannotDelete', $roleList));
}
if ($this->_request->isPost()) {
$role = new Ot_Model_DbTable_Role();
$accountRoles = new Ot_Model_DbTable_AccountRoles();
$dba = $role->getAdapter();
$dba->beginTransaction();
try {
$role->deleteRole($roleId);
} catch (Exception $e) {
$dba->rollback();
throw $e;
}
// aList is an array of all the affected accountIds
$aList = array();
if (count($affectedAccounts) > 0) {
foreach ($affectedAccounts as $a) {
$aList[] = $a->accountId;
}
if (count($aList) > 0) {
// get a list of all the accounts that still have a role after removing one so we can diff()
// it to find the accounts that no longer have a role
$accountRolesDba = $accountRoles->getAdapter();
$where = $accountRolesDba->quoteInto('accountId IN(?)', $aList);
$affectedAccountsStillWithRoles = $accountRoles->fetchAll($where);
$affectedAccountsStillWithRolesIds = array();
foreach ($affectedAccountsStillWithRoles as $a) {
$affectedAccountsStillWithRolesIds[] = $a->accountId;
}
// here's the list of accounts that don't have a role, so we have to add $defaultRole to them.
$affectedAccountsWithNoRoles = array_diff($aList, $affectedAccountsStillWithRolesIds);
try {
foreach ($affectedAccountsWithNoRoles as $a) {
$accountRoles->insert(array('accountId' => $a, 'roleId' => $defaultRole));
}
} catch (Exception $e) {
$dba->rollback();
throw $e;
}
}
}
$dba->commit();
$logOptions = array('attributeName' => 'accessRole', 'attributeId' => $roleId);
$this->_helper->log(Zend_Log::INFO, 'Role ' . $thisRole['name'] . ' was deleted', $logOptions);
$this->_helper->messenger->addWarning('Role was deleted successfully');
$this->_helper->redirector->gotoRoute(array('controller' => 'acl'), 'ot', true);
} else {
throw new Ot_Exception_Access('You can not access this method directly');
}
}
