public function execute($request)
{
parent::execute($request);
$this->permissions = array();
if (null != $this->resource->id) {
// Get term permissions for this group
$criteria = new Criteria();
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$criteria->add(QubitAclPermission::GROUP_ID, $this->resource->id);
$c1 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c2 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitTerm');
$c1->addOr($c2);
$criteria->add($c1);
$criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS);
$criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID);
if (0 < count($permissions = QubitAclPermission::get($criteria))) {
$this->permissions = $permissions;
}
}
// List of actions without create or translate
$this->basicActions = QubitAcl::$ACTIONS;
unset($this->basicActions['read']);
unset($this->basicActions['translate']);
if ($request->isMethod('post')) {
$this->form->bind($request->getPostParameters());
if ($this->form->isValid()) {
$this->processForm();
$this->redirect(array($this->resource, 'module' => 'aclGroup', 'action' => 'indexTermAcl'));
}
}
}
protected function earlyExecute()
{
$this->form->getValidatorSchema()->setOption('allow_extra_fields', true);
$this->resource = new QubitUser();
if (isset($this->getRoute()->resource)) {
$this->resource = $this->getRoute()->resource;
}
// Always include root actor permissions
$this->actors = array(QubitActor::ROOT_ID => null);
// Get actor permissions for this group
$criteria = new Criteria();
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$criteria->add(QubitAclPermission::USER_ID, $this->resource->id);
$c1 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c2 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitActor');
$c1->addOr($c2);
$criteria->add($c1);
if (null !== ($permissions = QubitAclPermission::get($criteria))) {
foreach ($permissions as $item) {
$this->actors[$item->objectId][$item->action] = $item;
}
}
// List of actions without translate
$this->basicActions = QubitAcl::$ACTIONS;
unset($this->basicActions['translate']);
}
public function execute($request)
{
parent::execute($request);
// Always include root actor permissions
$this->actors = array(QubitActor::ROOT_ID => null);
// Get actor permissions for this resource
$criteria = new Criteria();
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$criteria->add(QubitAclPermission::GROUP_ID, $this->resource->id);
$c1 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c2 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitActor');
$c1->addOr($c2);
$criteria->add($c1);
if (null !== ($permissions = QubitAclPermission::get($criteria))) {
foreach ($permissions as $p) {
$this->actors[$p->objectId][$p->action] = $p;
}
}
// List of actions without translate
$this->basicActions = QubitAcl::$ACTIONS;
unset($this->basicActions['translate']);
if ($request->isMethod('post')) {
$this->form->bind($request->getPostParameters());
if ($this->form->isValid()) {
$this->processForm();
$this->redirect(array($this->resource, 'module' => 'aclGroup', 'action' => 'indexActorAcl'));
}
}
}
public function execute($request)
{
$this->resource = $this->getRoute()->resource;
// Except for administrators, only allow users to see their own profile
if (!$this->context->user->hasCredential('administrator')) {
if ($this->resource->id != $this->context->user->getAttribute('user_id')) {
$this->redirect('admin/secure');
}
}
// Get user's groups
$this->userGroups = array();
if (0 < count($aclUserGroups = $this->resource->aclUserGroups)) {
foreach ($aclUserGroups as $aclUserGroup) {
$this->userGroups[] = $aclUserGroup->groupId;
}
} else {
// User is *always* part of authenticated group
$this->userGroups = array(QubitAclGroup::AUTHENTICATED_ID);
}
// Table width
$this->tableCols = count($this->userGroups) + 3;
// Get access control permissions
$criteria = new Criteria();
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$c1 = $criteria->getNewCriterion(QubitAclPermission::USER_ID, $this->resource->id);
// Add group criteria
if (1 == count($this->userGroups)) {
$c2 = $criteria->getNewCriterion(QubitAclPermission::GROUP_ID, $this->userGroups[0]);
} else {
$c2 = $criteria->getNewCriterion(QubitAclPermission::GROUP_ID, $this->userGroups, Criteria::IN);
}
$c1->addOr($c2);
// Add info object criteria
$c3 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitInformationObject');
$c4 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c3->addOr($c4);
$c1->addAnd($c3);
$criteria->add($c1);
// Sort
$criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS);
$criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID);
$criteria->addAscendingOrderByColumn(QubitAclPermission::USER_ID);
$criteria->addAscendingOrderByColumn(QubitAclPermission::GROUP_ID);
// Add user as final "group"
$this->userGroups[] = $this->resource->username;
// Build ACL
$this->acl = array();
if (0 < count($permissions = QubitAclPermission::get($criteria))) {
foreach ($permissions as $item) {
// In this context permissions for all objects (null) and root actor
// object are equivalent
$objectId = QubitInformationObject::ROOT_ID != $item->objectId ? $item->objectId : null;
// Use username as "group" for permissions specific to user
$groupKey = null !== $item->groupId ? $item->groupId : $this->resource->username;
$this->acl[$item->getConstants(array('name' => 'repositoryId'))][$objectId][$item->action][$groupKey] = $item;
}
}
}
public function execute($request)
{
$this->group = QubitAclGroup::getById($this->request->id);
$this->forward404Unless($this->group);
$this->groups = array();
foreach ($this->group->ancestors->andSelf()->orderBy('lft') as $group) {
if (QubitAclGroup::ROOT_ID < $group->id) {
$this->groups[] = $group->id;
}
}
// Table width
$this->tableCols = count($this->groups) + 3;
// Get access control permissions
$criteria = new Criteria();
if (1 == count($this->groups)) {
$criteria->add(QubitAclPermission::GROUP_ID, $this->groups[0]);
} else {
$criteria->add(QubitAclPermission::GROUP_ID, $this->groups, Criteria::IN);
}
// Add term criteria
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$c1 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitTerm');
$c2 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c3 = $criteria->getNewCriterion(QubitAclPermission::ACTION, 'createTerm');
$c1->addOr($c2);
$c1->addOr($c3);
$criteria->add($c1);
// Sort
$criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS);
$criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID);
$criteria->addAscendingOrderByColumn(QubitAclPermission::GROUP_ID);
// Build ACL
$this->acl = array();
if (0 < count($permissions = QubitAclPermission::get($criteria))) {
foreach ($permissions as $permission) {
if ('createTerm' != $permission->action) {
$taxonomyId = $permission->getConstants(array('name' => 'taxonomyId'));
$action = $permission->action;
} else {
// In this context permissions for all objects (null) and root object
// are equivalent
$taxonomyId = QubitTaxonomy::ROOT_ID != $permission->objectId ? $permission->objectId : null;
$action = 'create';
}
$this->acl[$taxonomyId][$action][$permission->groupId] = $permission;
}
}
}
public function execute($request)
{
parent::execute($request);
// Build separate list of permissions by repository and by object
$this->repositories = array();
$this->informationObjects = array();
$this->root = array();
if (null != $this->resource->id) {
// Get info object permissions for this resource
$criteria = new Criteria();
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$criteria->add(QubitAclPermission::GROUP_ID, $this->resource->id);
$c1 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c2 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitInformationObject');
$c1->addOr($c2);
$criteria->add($c1);
$criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS);
$criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID);
if (0 < count($permissions = QubitAclPermission::get($criteria))) {
foreach ($permissions as $p) {
if (null != ($repoId = $p->getConstants(array('name' => 'repositoryId')))) {
$this->repositories[$repoId][$p->action] = $p;
} else {
if (null != $p->objectId && QubitInformationObject::ROOT_ID != $p->objectId) {
$this->informationObjects[$p->objectId][$p->action] = $p;
} else {
$this->root[$p->action] = $p;
}
}
}
}
}
// List of actions without translate
$this->basicActions = QubitInformationObjectAcl::$ACTIONS;
unset($this->basicActions['translate']);
if ($request->isMethod('post')) {
$this->form->bind($request->getPostParameters());
if ($this->form->isValid()) {
$this->processForm();
$this->redirect(array($this->resource, 'module' => 'aclGroup', 'action' => 'indexInformationObjectAcl'));
}
}
}
protected function earlyExecute()
{
$this->form->getValidatorSchema()->setOption('allow_extra_fields', true);
$this->resource = new QubitUser();
if (isset($this->getRoute()->resource)) {
$this->resource = $this->getRoute()->resource;
}
// Build separate list of permissions by repository and by object
$this->repositories = array();
$this->informationObjects = array();
$this->root = array();
if (isset($this->resource->id)) {
// Get info object permissions for this group
$criteria = new Criteria();
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$criteria->add(QubitAclPermission::USER_ID, $this->resource->id);
$c1 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c2 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitInformationObject');
$c1->addOr($c2);
$criteria->add($c1);
$criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS);
$criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID);
if (0 < count($permissions = QubitAclPermission::get($criteria))) {
foreach ($permissions as $item) {
if (null != ($repositoryId = $item->getConstants(array('name' => 'repositoryId')))) {
$this->repositories[$repositoryId][$item->action] = $item;
} else {
if (null != $item->objectId && QubitInformationObject::ROOT_ID != $item->objectId) {
$this->informationObjects[$item->objectId][$item->action] = $item;
} else {
$this->root[$item->action] = $item;
}
}
}
}
}
// List of actions without translate
$this->basicActions = QubitInformationObjectAcl::$ACTIONS;
unset($this->basicActions['translate']);
}
public function execute($request)
{
$this->group = QubitAclGroup::getById($request->id);
$this->forward404Unless($this->group);
// Check authorization
if (!QubitAcl::check($this->group, 'read')) {
$this->redirect('admin/secure');
}
// Add roles
$this->roles = array();
foreach ($this->group->ancestors->andSelf()->orderBy('lft') as $group) {
// Omit ROOT group
if (1 < $group->id) {
$this->roles[] = $group->id;
}
}
// Table width
$this->tableCols = count($this->roles) + 3;
// Get permissions for this group and parents
$criteria = new Criteria();
$criteria->add(QubitAclPermission::GROUP_ID, $this->roles, Criteria::IN);
// Add actor criteria
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$c1 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitActor');
$c2 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c1->addOr($c2);
$criteria->add($c1);
// Build ACL
$this->acl = array();
if (0 < count($permissions = QubitAclPermission::get($criteria))) {
foreach ($permissions as $permission) {
// In this context permissions for all objects (null) and root actor
// object are equivalent
$objectId = QubitActor::ROOT_ID != $permission->objectId ? $permission->objectId : null;
$this->acl[$objectId][$permission->action][$permission->groupId] = $permission;
}
}
}
protected function earlyExecute()
{
$this->form->getValidatorSchema()->setOption('allow_extra_fields', true);
$this->resource = new QubitUser();
if (isset($this->getRoute()->resource)) {
$this->resource = $this->getRoute()->resource;
}
$this->permissions = array();
if (isset($this->resource->id)) {
// Get info object permissions for this group
$criteria = new Criteria();
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$criteria->add(QubitAclPermission::USER_ID, $this->resource->id);
$c1 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c2 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitTerm');
$c1->addOr($c2);
$criteria->add($c1);
$criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS);
$criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID);
if (0 < count($permissions = QubitAclPermission::get($criteria))) {
$this->permissions = $permissions;
}
}
}
/**
* Get a list of user permissions by action and class of resource
*
* @param myUser $user - user session
* @param string $action - requested ACL action
* @param string $class - resource class
*
* @return QubitQuery list of QubitAclPermissions
*/
public static function getUserPermissionsByAction($user, $class, $action)
{
// Get user's groups
if ($user->isAuthenticated()) {
foreach ($user->listGroups() as $group) {
$userGroupIds[] = $group->id;
}
} else {
$userGroupIds = array(QubitAclGroup::ANONYMOUS_ID);
}
// Find relevant rules
$criteria = new Criteria();
$c1 = $criteria->getNewCriterion(QubitAclPermission::ACTION, $action);
$c2 = $criteria->getNewCriterion(QubitAclPermission::ACTION, null, Criteria::ISNULL);
$c1->addOr($c2);
// Find by group/user
$c3 = $criteria->getNewCriterion(QubitAclPermission::GROUP_ID, $userGroupIds, Criteria::IN);
if ($user->isAuthenticated()) {
$c4 = $criteria->getNewCriterion(QubitAclPermission::USER_ID, $user->getUserID());
$c3->addOr($c4);
}
$c1->addAnd($c3);
// Find by object type
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$c4 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c5 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, $class);
$c4->addOr($c5);
// Final conjunction
$c1->addAnd($c4);
$criteria->add($c1);
return QubitAclPermission::get($criteria);
}
public static function getaclPermissionsById($id, array $options = array())
{
$criteria = new Criteria();
self::addaclPermissionsCriteriaById($criteria, $id);
return QubitAclPermission::get($criteria, $options);
}