/**
* This function constructs the Acl list and checks whether all Rights are
* registered and returned correctly
*/
public function testRegisterRights()
{
$acl = Phprojekt_Acl::getInstance();
$this->assertTrue($acl->has(2));
$this->assertFalse($acl->has(4));
$this->assertTrue($acl->has(1));
$this->assertTrue($acl->has(3));
$this->assertTrue($acl->isAllowed('1', 1, 'write'));
$this->assertTrue($acl->isAllowed('1', 2, 'write'));
$this->assertTrue($acl->isAllowed('1', 3, 'write'));
}
/**
* Return all the modules in an array and the access if exists.
*
* @param integer $roleId The role ID.
*
* @return array Array with 'id', 'name', 'label' and the access.
*/
public function getRoleModulePermissionsById($roleId)
{
$modules = array();
$model = new Phprojekt_Module_Module();
foreach ($model->fetchAll('(save_type = 0 OR save_type = 2)', 'name ASC') as $module) {
$modules['data'][$module->id] = array();
$modules['data'][$module->id]['id'] = $module->id;
$modules['data'][$module->id]['name'] = $module->name;
$modules['data'][$module->id]['label'] = Phprojekt::getInstance()->translate($module->label, null, $module->name);
$modules['data'][$module->id] = array_merge($modules['data'][$module->id], Phprojekt_Acl::convertBitmaskToArray(0));
}
$where = 'role_module_permissions.role_id = ' . (int) $roleId;
foreach ($this->fetchAll($where) as $right) {
if (isset($modules['data'][$right->moduleId])) {
$modules['data'][$right->moduleId] = array_merge($modules['data'][$right->moduleId], Phprojekt_Acl::convertBitmaskToArray($right->access));
}
}
return $modules;
}
/**
* Returns the rights for all the users of a moduleId-ItemId pair.
*
* @param string $moduleId The module ID.
* @param integer $itemId The item ID.
*
* @return array Array with 'moduleId', 'itemId', 'userId' and all the access key.
*/
public function getUsersRights($moduleId, $itemId)
{
$values = array();
$where = sprintf('module_id = %d AND item_id = %d', (int) $moduleId, (int) $itemId);
$rows = $this->fetchAll($where)->toArray();
foreach ($rows as $row) {
$access = Phprojekt_Acl::convertBitmaskToArray($row['access']);
$values[$row['user_id']] = array_merge($access, array('moduleId' => (int) $moduleId, 'itemId' => (int) $itemId, 'userId' => (int) $row['user_id']));
}
return $values;
}
/**
* Assign all rights to Zend_Acls.
*
* @return void
*/
private function _registerRights()
{
$role = new Phprojekt_Role_RoleModulePermissions();
$rights = array();
foreach ($role->fetchAll(null, 'role_id ASC') as $right) {
$access = Phprojekt_Acl::convertBitmaskToArray($right->access);
foreach ($access as $name => $value) {
if ($value) {
$rights[$right->roleId][$name][] = $right->moduleId;
}
}
}
foreach ($rights as $roleId => $accessData) {
foreach ($accessData as $access => $modules) {
foreach ($modules as $moduleId) {
$resources = array();
if (!$this->has($moduleId)) {
$this->add(new Zend_Acl_Resource($moduleId));
}
$resources[] = $moduleId;
}
$this->allow($roleId, $modules, $access);
}
}
}
/**
* Returns project-module && user-role-project permissions.
*
* Returns the permissions,
* ("none", "read", "write", "access", "create", "copy", "delete", "download", "admin")
* for each module that have the project,
* for the current logged user,
* depending on their role and access, in the project.
*
* REQUIRES request parameters:
* <pre>
* - integer <b>nodeId</b> The projectId for consult.
* </pre>
*
* The return is in JSON format.
*
* @return void
*/
public function jsonGetModulesPermissionAction()
{
$projectId = (int) $this->getRequest()->getParam('nodeId');
$relation = Phprojekt_Loader::getModel('Project', 'ProjectModulePermissions');
$modules = $relation->getProjectModulePermissionsById($projectId);
if ($projectId == 0) {
$data = array();
// there is no rights or invalid project
} else {
$allowedModules = array();
$rights = new Phprojekt_RoleRights($projectId);
foreach ($modules['data'] as $module) {
if ($module['inProject']) {
$tmpPermission = Phprojekt_Acl::NONE;
if ($rights->hasRight('admin', $module['id'])) {
$tmpPermission = $tmpPermission | Phprojekt_Acl::ADMIN;
}
if ($rights->hasRight('create', $module['id'])) {
$tmpPermission = $tmpPermission | Phprojekt_Acl::CREATE;
}
if ($rights->hasRight('write', $module['id'])) {
$tmpPermission = $tmpPermission | Phprojekt_Acl::WRITE;
}
if ($rights->hasRight('read', $module['id'])) {
$tmpPermission = $tmpPermission | Phprojekt_Acl::READ;
}
// Return modules with at least one access
if ($tmpPermission != Phprojekt_Acl::NONE) {
$module['rights'] = Phprojekt_Acl::convertBitmaskToArray($tmpPermission);
$allowedModules[] = $module;
}
}
}
$data = $allowedModules;
}
Phprojekt_Converter_Json::echoConvert($data);
}
/**
* Return a list of projects with the necessary info to make the gantt chart.
*
* OPTIONAL request parameters:
* <pre>
* - integer <b>nodeId</b> List all the items with projectId == nodeId.
* </pre>
*
* The return have:
* <pre>
* - projects => A list of projects.
* - rights => Write access only if all the projects have write access.
* - min => First startDate of all the projects.
* - max => Last endDate of all the projects.
* - step => Number of days in the year of the min value.
* </pre>
*
* For each project in the list, the data have:
* <pre>
* - id => id of the project.
* - level => Child level * 10.
* - parent => id of the parent project.
* - childs => Number of children.
* - caption => Title of the project.
* - start => Timestamp of the startDate.
* - end => Timestamp of the endDate.
* - startD => Day of startDate.
* - startM => Month of startDate.
* - startY => Year of startDate.
* - endD => Day of endDate.
* - endM => Month of endDate.
* - endY => Year of endDate.
* </pre>
*
* The return is in JSON format.
*
* @return void
*/
public function jsonGetProjectsAction()
{
$projectId = (int) $this->getRequest()->getParam('nodeId', null);
$data['data'] = array();
$activeRecord = Phprojekt_Loader::getModel('Project', 'Project');
$tree = new Phprojekt_Tree_Node_Database($activeRecord, $projectId);
$tree = $tree->setup();
$min = gmmktime(0, 0, 0, 12, 31, 2030);
$max = gmmktime(0, 0, 0, 1, 1, 1970);
$ids = array();
foreach ($tree as $node) {
if ($node->id != self::INVISIBLE_ROOT) {
$key = $node->id;
$parent = $node->getParentNode() ? $node->getParentNode()->id : 0;
if (strstr($node->startDate, '-') && strstr($node->endDate, '-')) {
list($startYear, $startMonth, $startDay) = explode("-", $node->startDate);
list($endYear, $endMonth, $endDay) = explode("-", $node->endDate);
$start = gmmktime(10, 0, 0, $startMonth, $startDay, $startYear);
$end = gmmktime(0, 0, 0, $endMonth, $endDay, $endYear);
if ($start < $min) {
$min = $start;
}
if ($end > $max) {
$max = $end;
}
$key = (int) $key;
$ids[] = $key;
$data['data']["projects"][$key] = array('id' => $key, 'level' => (int) $node->getDepth() * 10, 'parent' => (int) $parent, 'childs' => (int) count($node->getChildren()), 'caption' => $node->title, 'start' => (int) $start, 'end' => (int) $end, 'startD' => $startDay, 'startM' => $startMonth, 'startY' => $startYear, 'endD' => $endDay, 'endM' => $endMonth, 'endY' => $endYear);
}
}
}
// Define right access for each project
// Also define the general write access for display the save button
// (only if at least one project different than the parent have write or hight access)
$data['data']['rights']["currentUser"]["write"] = false;
if (count($ids) > 0) {
$rights = Phprojekt_Loader::getLibraryClass('Phprojekt_Item_Rights');
$where = sprintf('user_id = %d AND item_id IN (%s) AND module_id = 1', Phprojekt_Auth::getUserId(), implode(", ", $ids));
$access = $rights->fetchAll($where)->toArray();
foreach ($access as $right) {
$itemRights = Phprojekt_Acl::convertBitmaskToArray($right['access']);
$itemRight = $itemRights['write'] === true;
// Mix the item_right with the role
if ($itemRight) {
$roleRights = new Phprojekt_RoleRights($data['data']["projects"][$right['item_id']]['parent'], 1, $right['item_id']);
$roleRightWrite = $roleRights->hasRight('write');
$roleRightCreate = $roleRights->hasRight('create');
$roleRightAdmin = $roleRights->hasRight('admin');
$mixedRight = $roleRightWrite || $roleRightCreate || $roleRightAdmin;
} else {
$mixedRight = false;
}
$data['data']['rights']["currentUser"][$right['item_id']] = $mixedRight;
if ($data['data']['rights']["currentUser"]["write"] === false && $projectId != $right['item_id'] && $mixedRight) {
$data['data']['rights']["currentUser"]["write"] = true;
}
}
}
$data['data']['min'] = gmmktime(0, 0, 0, 1, 1, date("Y", $min));
$data['data']['max'] = gmmktime(0, 0, 0, 12, 31, date("Y", $max));
$data['data']['step'] = date("L", $min) ? 366 : 365;
if (date("Y", $min) < date("Y", $max)) {
while (date("Y", $min) != date("Y", $max)) {
$data['data']['step'] += date("L", $max) ? 366 : 365;
$max = gmmktime(0, 0, 0, 5, 5, date("Y", $max) - 1);
}
}
// Remove index for the json data
$data['data']["projects"] = array_values($data['data']["projects"]);
Phprojekt_Converter_Json::echoConvert($data);
}
/**
* testGetAcl().
*/
public function testGetAcl()
{
$this->assertSame(Phprojekt_Acl::getInstance(), $this->_object->getAcl());
}
/**
* Setter for acl
*
* @return void
*/
private function _setAcl()
{
$this->_acl = Phprojekt_Acl::getInstance();
}
/**
* Convert a model or a model information into a json stream.
*
* @param Phprojekt_Interface_Model | array $models The model(s) to convert.
* @param integer $order A Phprojekt_ModelInformation_Default::ORDERING_* const that
* defines the ordering for the convert.
*
* @return string Data in JSON format.
*/
private static function _convertModel($models, $order = Phprojekt_ModelInformation_Default::ORDERING_DEFAULT)
{
if (empty($models)) {
throw new Exception('Called with empty value');
}
// TODO: Are we sure every model is of the same type and have the same
// parent?
if (!is_array($models)) {
$models = array($models);
}
$information = $models[0]->getInformation($order);
$fieldDefinition = $information->getFieldDefinition($order);
$datas = array();
$itemIds = array();
foreach ($models as $model) {
if (!$model instanceof Phprojekt_Model_Interface) {
throw new Exception("A given model does not implement the\n model interface.");
}
$data = array();
$data['id'] = (int) $model->id;
$itemIds[] = $data['id'];
foreach ($fieldDefinition as $field) {
$key = $field['key'];
$value = $model->{$key};
$data[$key] = self::_convertModelValue($value, $field);
}
$data['rights'] = array();
$datas[] = $data;
}
$userId = (int) Phprojekt_Auth_Proxy::getEffectiveUserId();
$moduleId = Phprojekt_Module::getId($models[0]->getModelName());
// Okay we got real models and stuff that pretends to be a model
// so we try to guess if we the model has rights that we can access
if ($models[0] instanceof Phprojekt_Item_Abstract) {
if ($models[0] instanceof Project_Models_Project) {
$projectId = $models[0]->id;
} else {
$projectId = $models[0]->projectId;
}
// TODO: we still asume that the getModelName call works
$rights = Phprojekt_Right::getRightsForItems($moduleId, $projectId, $userId, $itemIds);
// We need the $idx to modify the $datas elements instead of just copies.
foreach ($datas as $index => $data) {
$datas[$index]['rights'][$userId] = Phprojekt_Acl::convertBitmaskToArray($rights[$datas[$index]['id']]);
}
}
$data = array('metadata' => $fieldDefinition, 'data' => $datas, 'numRows' => (int) count($datas));
return self::_makeJsonString($data);
}
/**
* Parse the rights for all the users and return it into a bitmask per user.
*
* @param array $params The post values.
* @param string $type Type of right, for users or modules.
* @param string $moduleId The module ID.
* @param boolean $newItem If is a new item or not.
* @param integer $ownerId The owner ID or 0 for the current user.
*
* @return array Array with user IDs per access.
*/
private static function getRights($params, $type, $moduleId = 0, $newItem = false, $ownerId = 0)
{
$right = array();
$rights = array();
if (isset($params['dataAccess'])) {
$ids = array_keys($params['dataAccess']);
foreach ($ids as $accessId) {
$right = array();
$right['none'] = self::_checked($params, 'checkNoneAccess', $accessId);
$right['read'] = self::_checked($params, 'checkReadAccess', $accessId);
$right['write'] = self::_checked($params, 'checkWriteAccess', $accessId);
$right['access'] = self::_checked($params, 'checkAccessAccess', $accessId);
$right['create'] = self::_checked($params, 'checkCreateAccess', $accessId);
$right['copy'] = self::_checked($params, 'checkCopyAccess', $accessId);
$right['delete'] = self::_checked($params, 'checkDeleteAccess', $accessId);
$right['download'] = self::_checked($params, 'checkDownloadAccess', $accessId);
$right['admin'] = self::_checked($params, 'checkAdminAccess', $accessId);
$rights[$accessId] = Phprojekt_Acl::convertArrayToBitmask($right);
}
}
if ($type == self::ITEM_TYPE) {
// Only set the full access if is a new item
if ($newItem) {
if ($ownerId == 0) {
$ownerId = Phprojekt_Auth::getUserId();
}
$rights[$ownerId] = Phprojekt_Acl::ALL;
}
// Return access only for allowed users
$activeRecord = Phprojekt_Loader::getLibraryClass('Phprojekt_User_User');
$result = $activeRecord->getAllowedUsers();
$resultRights = array();
foreach ($result as $node) {
if (isset($rights[$node['id']])) {
$resultRights[$node['id']] = $rights[$node['id']];
}
}
if (isset($params['dataAccess'])) {
$moduleType = Phprojekt_Module::getSaveType($moduleId);
if ($moduleType != 1) {
// Items under a project => add admin with full access
$resultRights[1] = Phprojekt_Acl::ALL;
}
}
} else {
$resultRights = $rights;
}
return $resultRights;
}
/**
* Parse the rights for all the users and return it into a bitmask per user.
*
* @param array $params The post values.
* @param string $type Type of right, for users or modules.
* @param string $moduleId The module ID.
* @param boolean $newItem If is a new item or not.
* @param integer $ownerId The owner ID or 0 for the current user.
*
* @return array Array with user IDs per access.
*/
public static function getRights($params)
{
$right = array();
$rights = array();
if (isset($params['dataAccess'])) {
$ids = array_keys($params['dataAccess']);
foreach ($ids as $accessId) {
$right = array();
$right['none'] = self::_checked($params, 'checkNoneAccess', $accessId);
$right['read'] = self::_checked($params, 'checkReadAccess', $accessId);
$right['write'] = self::_checked($params, 'checkWriteAccess', $accessId);
$right['access'] = self::_checked($params, 'checkAccessAccess', $accessId);
$right['create'] = self::_checked($params, 'checkCreateAccess', $accessId);
$right['copy'] = self::_checked($params, 'checkCopyAccess', $accessId);
$right['delete'] = self::_checked($params, 'checkDeleteAccess', $accessId);
$right['download'] = self::_checked($params, 'checkDownloadAccess', $accessId);
$right['admin'] = self::_checked($params, 'checkAdminAccess', $accessId);
$rights[$accessId] = Phprojekt_Acl::convertArrayToBitmask($right);
}
}
return $rights;
}
private function _getDefaultRightsForProject($projectId)
{
$model = new Project_Models_Project();
$record = $model->find($projectId);
$rights = $record->getUsersRights();
foreach ($rights as $userId => $accessArray) {
$rights[$userId] = Phprojekt_Acl::convertArrayToBitmask($accessArray);
}
return $rights;
}
/**
* Returns the rights for all the users of a moduleId-ItemId pair.
*
* @param string $moduleId The module ID.
* @param integer $itemId The item ID.
*
* @return array Array with 'moduleId', 'itemId', 'userId' and all the access key.
*/
public function getUsersRights($moduleId, $itemId)
{
// Cache the query
$sessionName = 'Phprojekt_Item_Rights-getUsersRights' . '-' . $moduleId . '-' . $itemId;
$rightNamespace = new Zend_Session_Namespace($sessionName);
if (!isset($rightNamespace->right)) {
$values = array();
$currentUserId = (int) Phprojekt_Auth::getUserId();
// Set the current User
// Use for an empty rights, if not, will be re-write
$values['currentUser']['moduleId'] = (int) $moduleId;
$values['currentUser']['itemId'] = (int) $itemId;
$values['currentUser']['userId'] = $currentUserId;
$access = Phprojekt_Acl::convertBitmaskToArray((int) Phprojekt_Acl::ALL);
$values['currentUser'] = array_merge($values['currentUser'], $access);
$where = sprintf('module_id = %d AND item_id = %d', (int) $moduleId, (int) $itemId);
$rows = $this->fetchAll($where)->toArray();
foreach ($rows as $row) {
$access = Phprojekt_Acl::convertBitmaskToArray($row['access']);
if ($currentUserId == $row['user_id']) {
$values['currentUser'] = array_merge($values['currentUser'], $access);
} else {
$values[$row['user_id']]['moduleId'] = (int) $moduleId;
$values[$row['user_id']]['itemId'] = (int) $itemId;
$values[$row['user_id']]['userId'] = (int) $row['user_id'];
$values[$row['user_id']] = array_merge($values[$row['user_id']], $access);
}
}
$rightNamespace->right = $values;
}
return $rightNamespace->right;
}
