/** * Budowanie uprawnień do formularzy * * @return Zend_Acl */ public function getAcl() { $oddzial = ODDZIAL_ID; $profil = $this->getCurrentProfile(); $aclProfileId = $profil ? $profil->id : 'none'; $cm = $this->getBootstrap()->getResource('cachemanager'); $cache = $cm->getCache('rolecache'); $branch_name = is_numeric(ODDZIAL_ID) && ODDZIAL_ID > 0 ? '_' . ODDZIAL_ID : ''; if (!($this->acl = $cache->load('form_acl_profile_' . $aclProfileId . $branch_name))) { $this->acl = new Base_Acl(); $this->_groups = $all_groups = $grupy = $this->getGroups(); $this->_roles = $all_roles = $role = $this->getRoles($profil); foreach ($grupy as $grupa) { $this->addAclRole($grupa, 'group'); } $profil = $this->getCurrentProfile(); foreach ($role as $rola) { $this->addAclRole($rola, 'role'); } $tmp = $this->getResources(array('form', 'filter')); $rupModel = new GroupFormResource(); $rup = $rupModel->fetchAll()->toArray(); $up = $tmp['form']->toArray(); $upArray = array(); foreach ($up as $u) { $upArray[$u['id']] = $u; $module = $u['module']; $controller = $u['form_class']; $action = $u['form_element']; if ('*' == $controller) { $resource = $this->buildResourceName('form', $module); $parent = null; } elseif ('*' == $action) { $resource = $this->buildResourceName('form', $module, $controller); $parent = preg_replace('/\\.[_a-zA-Z]*$/', '', $resource); } elseif ('*' != $action and $action) { $resource = $this->buildResourceName('form', $module, $controller, $action); $parent = preg_replace('/\\.[_a-zA-Z]*$/', '', $resource); } if ($parent && !$this->acl->has($parent)) { $this->acl->add(new Zend_Acl_Resource($parent), preg_replace('/\\.[_a-zA-Z]*$/', '', $parent)); } if (!$this->acl->has($resource)) { $this->acl->add(new Zend_Acl_Resource($resource), $parent); } } $acl_feed = array(); foreach ($rup as $r) { $module = $upArray[$r['id_resource']]['module']; $controller = $upArray[$r['id_resource']]['form_class']; $action = $upArray[$r['id_resource']]['form_element']; $role = 'group_' . (int) $all_groups[$r['id_group']]['priority'] . "_" . $r['id_group']; if ('*' == $controller) { $resource = $this->buildResourceName('form', $module); } elseif ('*' == $action) { $resource = $this->buildResourceName('form', $module, $controller); } elseif ('*' != $action and $action) { $resource = $this->buildResourceName('form', $module, $controller, $action); } if ($r['deny']) { $this->acl->deny($role, $resource); } else { $this->acl->allow($role, $resource); } } /** * Domyślnie allow na wszystkie formularze */ $this->acl->allow(null, 'form:default'); $rupModel = new RoleFilterResource(); $rup = $rupModel->fetchAll()->toArray(); $up = $tmp['filter']->toArray(); $upArray = array(); $resource = $this->buildResourceName('filter', 'default'); if (!$this->acl->has($resource)) { $this->acl->add(new Zend_Acl_Resource($resource)); } foreach ($up as $u) { $upArray[$u['id']] = $u; $filter = $u['id']; $resource = $this->buildResourceName('filter', 'default', $filter); $parent = $this->buildResourceName('filter', 'default'); if (!$this->acl->has($resource)) { $this->acl->add(new Zend_Acl_Resource($resource), $parent); } } $acl_feed = array(); foreach ($rup as $r) { $filter = $upArray[$r['id_filter']]['id']; $role = 'role_' . (int) $all_roles[$r['id_role']]['priority'] . '_' . $r['id_role']; $resource = $this->buildResourceName('filter', 'default', $filter); if ($this->acl->hasRole($role)) { $this->acl->allow($role, $resource); } } $cache->save($this->acl, 'form_acl_profile_' . $aclProfileId . $branch_name); } /** * Domyślnie deny na wszystkie filtry */ $this->acl->deny(null, 'filter:default'); $identity = Zend_Auth::getInstance()->getIdentity(); $data = array(); $roles = array(); if (!$identity) { $defaultRole = $this->getDefaultRole(); $data['roles'][] = $defaultRole; } else { if (!($data = $cache->load('user_data_' . $identity->id . '_profile_' . $aclProfileId . $branch_name))) { $profilModel = new Profile(); $profil = $profilModel->fetchRow(array("id_user = {$identity->id}", "id_branch = {$oddzial}", 'ghost = false')); // $profil = $this->getCurrentProfile(); if ($profil->id) { $profil = $profil->toArray(); $profil['parents']['role'] = array(); $profil['parents']['group'] = array(); $profilRola = new ProfileRole(); $ru = $profilRola->fetchAll("id_profile = {$profil['id']}")->toArray(); foreach ($ru as $r) { $roles[] = 'role_' . (int) $all_roles[$r['id_role']]['priority'] . '_' . $r['id_role']; $profil['parents']['role'][] = array('id' => $r['id_role'], 'priority' => (int) $all_roles[$r['id_role']]['priority']); } $profilGrupa = new ProfileGroup(); $gu = $profilGrupa->fetchAll("id_profile = {$profil['id']}")->toArray(); foreach ($gu as $g) { $roles[] = 'group_' . (int) $all_groups[$g['id_group']]['priority'] . "_" . $g['id_group']; $profil['parents']['group'][] = array('id' => $g['id_group'], 'priority' => (int) $all_groups[$g['id_group']]['priority']); } $this->addAclRole($profil, 'profile'); } $data['roles'] = $roles; $data['profil'] = $profil; $cache->save($data, 'user_data_' . $identity->id . '_profile_' . $aclProfileId . $branch_name); } else { // FROM CACHE if ($data['profil']['id']) { $this->addAclRole($data['profil'], 'profile'); } } } return $this->acl; }
public function getAcl() { $profil = $this->getCurrentProfile(); $aclProfileId = $profil ? $profil->id : 'none'; $cm = $this->getBootstrap()->getResource('cachemanager'); $cache = $cm->getCache('rolecache'); $front = Zend_Controller_Front::getInstance(); $pluginAcl = $front->getPlugin('Base_Controller_Plugin_Acl'); $branch_name = is_numeric(ODDZIAL_ID) && ODDZIAL_ID > 0 ? '_' . ODDZIAL_ID : ''; $this->acl = $cache->load('vacl_profile_' . $aclProfileId . $branch_name); if (!$this->acl) { $this->acl = new Base_Acl(); $this->_groups = $all_groups = $grupy = $this->getGroups(); $this->_roles = $all_roles = $role = $this->getRoles($profil); foreach ($grupy as $grupa) { $this->addAclRole($grupa, 'group'); } foreach ($role as $rola) { $this->addAclRole($rola, 'role'); } $uprawnienia = new Logic_Privileges(); $rupModel = new GroupVirtualResource(); $rup = $rupModel->fetchAll()->toArray(); $tmp = $uprawnienia->getResources(array('vresource')); $up = $tmp['vresource']->toArray(); $upArray = array(); /** * Dla każdego zasobu dodajemy do acl'ki resource */ foreach ($up as $u) { $upArray[$u['id']] = $u; $resource = $u['resource_name']; if (!$this->acl->has($resource)) { $this->acl->add(new Zend_Acl_Resource($resource)); } } /** * Dodawanie resource'ów do ról/grup */ foreach ($rup as $r) { $resource = $upArray[$r['id_resource']]['resource_name']; $role = 'group_' . (int) $all_groups[$r['id_group']]['priority'] . "_" . $r['id_group']; $this->acl->allow($role, $resource); } $identity = Zend_Auth::getInstance()->getIdentity(); /** * Budowanie uprawnień dla danego profilu, jeśli istnieje. * Jeśli nie istnieje ustawienie roli na domyślną (ustawioną w configu). */ $data = array(); $data['roles'] = array(); $roles = array(); if (!$identity) { $defaultRole = $this->getDefaultRole(); $data['roles'][] = $defaultRole; } else { $data = $cache->load('user_data_' . $identity->id . '_profile_' . $aclProfileId . $branch_name); if (!$data) { if ($profil->id) { $profil = $profil->toArray(); $profil['parents']['role'] = array(); $profil['parents']['group'] = array(); $profilRola = new ProfileRole(); $ru = $profilRola->fetchAll("id_profile = {$profil['id']}")->toArray(); foreach ($ru as $r) { $roles[] = 'role_' . $r['id_role']; $profil['parents']['role'][] = array('id' => $r['id_role'], 'priority' => (int) $all_roles[$r['id_role']]['priority']); } $profilGrupa = new ProfileGroup(); $gu = $profilGrupa->fetchAll("id_profile = {$profil['id']}")->toArray(); foreach ($gu as $g) { $roles[] = 'group_' . $g['id_group']; $profil['parents']['group'][] = array('id' => $g['id_group'], 'priority' => (int) $all_groups[$g['id_group']]['priority']); } $this->addAclRole($profil, 'profile'); $pluginAcl->setRole(new Zend_Acl_Role('profile_' . $profil['id'])); $identity->profile_id = $profil['id']; } else { $pluginAcl->setRole(new Zend_Acl_Role($defaultRole)); } $data['roles'] = $roles; $data['profil'] = $profil; $cache->save($data, 'user_data_' . $identity->id . '_profile_' . $aclProfileId . $branch_name); } else { // FROM CACHE if ($data['profil']['id']) { $this->addAclRole($data['profil'], 'profile'); $pluginAcl->setRole(new Zend_Acl_Role('profile_' . $data['profil']['id'])); $identity->profile_id = $data['profil']['id']; } else { $pluginAcl->setRole(new Zend_Acl_Role($defaultRole)); } } } $cache->save($this->acl, 'vacl_profile_' . $aclProfileId . $branch_name); } return $this->acl; }
/** * Budowanie uprawnień do kontrolerów/akcji * * Wszystkie zasoby dziedziczą po swoich przodkach (kontroler.akcja po kontrolerze, kontroler po module), podobnie role i grupy uprawnień. * Rola użytkownika (w sensie ACL) to "profil_{id_profilu}" i do profilu przywiązane są grupy uprawnień i role. * * @return Zend_Acl */ public function getAcl() { $oddzial = ODDZIAL_ID; $profil = $this->getCurrentProfile(); $aclProfileId = $profil ? $profil->id : 'none'; $cm = $this->getBootstrap()->getResource('cachemanager'); $cache = $cm->getCache('rolecache'); $front = Zend_Controller_Front::getInstance(); $pluginAcl = $front->getPlugin('Base_Controller_Plugin_Acl'); $branch_name = is_numeric(ODDZIAL_ID) && ODDZIAL_ID > 0 ? '_' . ODDZIAL_ID : ''; $this->acl = $cache->load('acl_profile_' . $aclProfileId . $branch_name); if (!$this->acl) { $this->acl = new Base_Acl(); $this->_groups = $all_groups = $grupy = $this->getGroups(); $this->_roles = $all_roles = $role = $this->getRoles($profil); foreach ($grupy as $grupa) { $this->addAclRole($grupa, 'group'); } foreach ($role as $rola) { $this->addAclRole($rola, 'role'); } $rupModel = new GroupLinkResource(); $rup = $rupModel->fetchAll()->toArray(); $tmp = $this->getResources(); $up = $tmp['mvc']->toArray(); $upArray = array(); /** * Dla każdego zasobu dodajemy resource z odpowiednim przodkiem */ foreach ($up as $u) { $upArray[$u['id']] = $u; $module = $u['module']; $controller = $u['controller']; $action = $u['action']; if ('*' == $controller) { $resource = $this->buildResourceName('mvc', $module); $parent = null; } if ('*' == $action) { $resource = $this->buildResourceName('mvc', $module, $controller); $parent = $this->buildResourceName('mvc', $module); if (!$this->acl->has($parent)) { $this->acl->add(new Zend_Acl_Resource($parent), null); } } if ('*' != $action and $action) { $resource = $this->buildResourceName('mvc', $module, $controller, $action); $parent = $this->buildResourceName('mvc', $module, $controller); if (!$this->acl->has($parent)) { $this->acl->add(new Zend_Acl_Resource($parent), null); } } if (!$this->acl->has($resource)) { $this->acl->add(new Zend_Acl_Resource($resource), $parent); } } /** * Dodawanie resource'ów do ról/grup */ foreach ($rup as $r) { $module = $upArray[$r['id_resource']]['module']; $controller = $upArray[$r['id_resource']]['controller']; $action = $upArray[$r['id_resource']]['action']; $role = 'group_' . (int) $all_groups[$r['id_group']]['priority'] . "_" . $r['id_group']; if ('*' == $controller) { $resource = $this->buildResourceName('mvc', $module); } elseif ('*' == $action) { $resource = $this->buildResourceName('mvc', $module, $controller); } elseif ('*' != $action and $action) { $resource = $this->buildResourceName('mvc', $module, $controller, $action); } $this->acl->allow($role, $resource); } $cache->save($this->acl, 'acl_profile_' . $aclProfileId . $branch_name); } $identity = Zend_Auth::getInstance()->getIdentity(); /** * Budowanie uprawnień dla danego profilu, jeśli istnieje. * Jeśli nie istnieje ustawienie roli na domyślną (ustawioną w configu). */ $data = array(); $data['roles'] = array(); $roles = array(); if (!$identity) { $defaultRole = $this->getDefaultRole(); $data['roles'][] = $defaultRole; $pluginAcl->setRole(new Zend_Acl_Role($defaultRole)); } else { $data = $cache->load('user_data_' . $identity->id . '_profile_' . $aclProfileId . $branch_name); if (!$data) { if ($profil->id) { $profil = $profil->toArray(); $profil['parents']['role'] = array(); $profil['parents']['group'] = array(); $profilRola = new ProfileRole(); $ru = $profilRola->fetchAll("ghost = false and id_profile = {$profil['id']}")->toArray(); foreach ($ru as $r) { $roles[] = 'role_' . (int) $all_roles[$r['id_role']]['priority'] . '_' . $r['id_role']; $profil['parents']['role'][] = array('id' => $r['id_role'], 'priority' => (int) $all_roles[$r['id_role']]['priority']); } $profilGrupa = new ProfileGroup(); $gu = $profilGrupa->fetchAll("ghost = false and id_profile = {$profil['id']}")->toArray(); foreach ($gu as $g) { $roles[] = 'group_' . (int) $all_groups[$g['id_group']]['priority'] . "_" . $g['id_group']; $profil['parents']['group'][] = array('id' => $g['id_group'], 'priority' => (int) $all_groups[$g['id_group']]['priority']); } $this->addAclRole($profil, 'profile'); $pluginAcl->setRole(new Zend_Acl_Role('profile_' . $profil['id'])); $identity->profile_id = $profil['id']; } else { $pluginAcl->setRole(new Zend_Acl_Role($defaultRole)); } $data['roles'] = $roles; $data['profil'] = $profil; $cache->save($data, 'user_data_' . $identity->id . '_profile_' . $aclProfileId . $branch_name); } else { // diee($data); // FROM CACHE if ($data['profil']['id']) { $this->addAclRole($data['profil'], 'profile'); $pluginAcl->setRole(new Zend_Acl_Role('profile_' . $data['profil']['id'])); $identity->profile_id = $data['profil']['id']; } else { $pluginAcl->setRole(new Zend_Acl_Role($defaultRole)); } } } $pluginAcl->setAcl($this->acl); $pluginAcl->setErrorHandlerModule('default'); $pluginAcl->setErrorHandlerController('error'); $pluginAcl->setErrorHandlerAction('error'); $pluginAcl->setResourcePrefix('mvc:'); $pluginAcl->setResourceSeparator('.'); $pluginAcl->setLoginPage('login', 'auth'); $config = Zend_Registry::get('config'); if ($oddzial < 0) { if ($config['resources']['branch']['branch_after_login']) { if (isset($_GET['set_login_page']) && $_GET['set_login_page'] == true) { $pluginAcl->setLoginPage('selectbranchafterlogin', 'branch'); } } else { $pluginAcl->setLoginPage('select', 'branch'); } } return $this->acl; }
public function createUserImport($form, $sendEmail = true) { $values = $form->getValues(); $pass = Base_PasswordGenerator::generate(); $values['password'] = $pass['hashed']; if ($values['symbol'] != '') { /** * 1. odnalezenia brancha o podanym symbolu (pole "symbol") w polu profil w danych z csv. * 2. dopisanie do profile "id_branch", "id_user", "landing" zawsze na /contact * 3. dopisanie uprawnien dla usera do grupy uprawnien "logowanie" * 4. dopisanie uprawnien dla usera do konkretnej roli szukanej po nazwie podanej w danych z csv z userami w polu "rola". */ $branchModel = new Branch(); $branch = $branchModel->getBranchBySymbol($values['symbol']); if (isset($branch['id'])) { $valuesProfile['id_branch'] = $branch['id']; $valuesProfile['landing'] = '/contact'; } if ($values['rola'] != '') { $roleModel = new Role(); $rola = $roleModel->getRoleByName($values['rola']); if (isset($rola['id'])) { $valuesRole['id_role'] = $rola['id']; $valuesRole['id_profile'] = ''; // po dodaniu profilu wstawiamy jego id. } } } if (isset($values['symbol'])) { unset($values['symbol']); } if (isset($values['rola'])) { unset($values['rola']); } $user = new User(); $row = $user->createRow($values); $id_user = $row->save(); if (is_array($valuesProfile)) { $valuesProfile['id_user'] = $id_user; $profile = new Profile(); $rowProfile = $profile->createRow($valuesProfile); $id_profile = $rowProfile->save(); if (isset($id_profile) && isset($valuesRole['id_role'])) { $valuesRole['id_profile'] = $id_profile; $role = new ProfileRole(); $rowRole = $role->createRow($valuesRole); $id_role = $rowRole->save(); $valuesProfileGroup['id_profile'] = $id_profile; $valuesProfileGroup['id_group'] = 5; $profileGroup = new ProfileGroup(); $rowProfileGroup = $profileGroup->createRow($valuesProfileGroup); $id_profile_group = $rowProfileGroup->save(); } } $passwordData['id_user'] = $id_user; $passwordData['password'] = $pass['hashed']; $userPassword = new UserPassword(); $rowPassword = $userPassword->createRow($passwordData); $rowPassword->save(); /* if($sendEmail == true) { $mailer = new Logic_Mailer(Zend_Controller_Front::getInstance()->getParam('bootstrap')->getResource('view'), $translate); $user_row = $user->findOne($id_user); $mailer->userPass($pass['clean'], $user_row); } */ }