public function execute($request)
 {
     parent::execute($request);
     $this->permissions = array();
     if (null != $this->resource->id) {
         // Get term permissions for this group
         $criteria = new Criteria();
         $criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
         $criteria->add(QubitAclPermission::GROUP_ID, $this->resource->id);
         $c1 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
         $c2 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitTerm');
         $c1->addOr($c2);
         $criteria->add($c1);
         $criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS);
         $criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID);
         if (0 < count($permissions = QubitAclPermission::get($criteria))) {
             $this->permissions = $permissions;
         }
     }
     // List of actions without create or translate
     $this->basicActions = QubitAcl::$ACTIONS;
     unset($this->basicActions['read']);
     unset($this->basicActions['translate']);
     if ($request->isMethod('post')) {
         $this->form->bind($request->getPostParameters());
         if ($this->form->isValid()) {
             $this->processForm();
             $this->redirect(array($this->resource, 'module' => 'aclGroup', 'action' => 'indexTermAcl'));
         }
     }
 }
 protected function earlyExecute()
 {
     $this->form->getValidatorSchema()->setOption('allow_extra_fields', true);
     $this->resource = new QubitUser();
     if (isset($this->getRoute()->resource)) {
         $this->resource = $this->getRoute()->resource;
     }
     // Always include root actor permissions
     $this->actors = array(QubitActor::ROOT_ID => null);
     // Get actor permissions for this group
     $criteria = new Criteria();
     $criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
     $criteria->add(QubitAclPermission::USER_ID, $this->resource->id);
     $c1 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
     $c2 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitActor');
     $c1->addOr($c2);
     $criteria->add($c1);
     if (null !== ($permissions = QubitAclPermission::get($criteria))) {
         foreach ($permissions as $item) {
             $this->actors[$item->objectId][$item->action] = $item;
         }
     }
     // List of actions without translate
     $this->basicActions = QubitAcl::$ACTIONS;
     unset($this->basicActions['translate']);
 }
 public function execute($request)
 {
     parent::execute($request);
     // Always include root actor permissions
     $this->actors = array(QubitActor::ROOT_ID => null);
     // Get actor permissions for this resource
     $criteria = new Criteria();
     $criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
     $criteria->add(QubitAclPermission::GROUP_ID, $this->resource->id);
     $c1 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
     $c2 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitActor');
     $c1->addOr($c2);
     $criteria->add($c1);
     if (null !== ($permissions = QubitAclPermission::get($criteria))) {
         foreach ($permissions as $p) {
             $this->actors[$p->objectId][$p->action] = $p;
         }
     }
     // List of actions without translate
     $this->basicActions = QubitAcl::$ACTIONS;
     unset($this->basicActions['translate']);
     if ($request->isMethod('post')) {
         $this->form->bind($request->getPostParameters());
         if ($this->form->isValid()) {
             $this->processForm();
             $this->redirect(array($this->resource, 'module' => 'aclGroup', 'action' => 'indexActorAcl'));
         }
     }
 }
 public function execute($request)
 {
     $this->resource = $this->getRoute()->resource;
     // Except for administrators, only allow users to see their own profile
     if (!$this->context->user->hasCredential('administrator')) {
         if ($this->resource->id != $this->context->user->getAttribute('user_id')) {
             $this->redirect('admin/secure');
         }
     }
     // Get user's groups
     $this->userGroups = array();
     if (0 < count($aclUserGroups = $this->resource->aclUserGroups)) {
         foreach ($aclUserGroups as $aclUserGroup) {
             $this->userGroups[] = $aclUserGroup->groupId;
         }
     } else {
         // User is *always* part of authenticated group
         $this->userGroups = array(QubitAclGroup::AUTHENTICATED_ID);
     }
     // Table width
     $this->tableCols = count($this->userGroups) + 3;
     // Get access control permissions
     $criteria = new Criteria();
     $criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
     $c1 = $criteria->getNewCriterion(QubitAclPermission::USER_ID, $this->resource->id);
     // Add group criteria
     if (1 == count($this->userGroups)) {
         $c2 = $criteria->getNewCriterion(QubitAclPermission::GROUP_ID, $this->userGroups[0]);
     } else {
         $c2 = $criteria->getNewCriterion(QubitAclPermission::GROUP_ID, $this->userGroups, Criteria::IN);
     }
     $c1->addOr($c2);
     // Add info object criteria
     $c3 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitInformationObject');
     $c4 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
     $c3->addOr($c4);
     $c1->addAnd($c3);
     $criteria->add($c1);
     // Sort
     $criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS);
     $criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID);
     $criteria->addAscendingOrderByColumn(QubitAclPermission::USER_ID);
     $criteria->addAscendingOrderByColumn(QubitAclPermission::GROUP_ID);
     // Add user as final "group"
     $this->userGroups[] = $this->resource->username;
     // Build ACL
     $this->acl = array();
     if (0 < count($permissions = QubitAclPermission::get($criteria))) {
         foreach ($permissions as $item) {
             // In this context permissions for all objects (null) and root actor
             // object are equivalent
             $objectId = QubitInformationObject::ROOT_ID != $item->objectId ? $item->objectId : null;
             // Use username as "group" for permissions specific to user
             $groupKey = null !== $item->groupId ? $item->groupId : $this->resource->username;
             $this->acl[$item->getConstants(array('name' => 'repositoryId'))][$objectId][$item->action][$groupKey] = $item;
         }
     }
 }
 public function execute($request)
 {
     $this->group = QubitAclGroup::getById($this->request->id);
     $this->forward404Unless($this->group);
     $this->groups = array();
     foreach ($this->group->ancestors->andSelf()->orderBy('lft') as $group) {
         if (QubitAclGroup::ROOT_ID < $group->id) {
             $this->groups[] = $group->id;
         }
     }
     // Table width
     $this->tableCols = count($this->groups) + 3;
     // Get access control permissions
     $criteria = new Criteria();
     if (1 == count($this->groups)) {
         $criteria->add(QubitAclPermission::GROUP_ID, $this->groups[0]);
     } else {
         $criteria->add(QubitAclPermission::GROUP_ID, $this->groups, Criteria::IN);
     }
     // Add term criteria
     $criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
     $c1 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitTerm');
     $c2 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
     $c3 = $criteria->getNewCriterion(QubitAclPermission::ACTION, 'createTerm');
     $c1->addOr($c2);
     $c1->addOr($c3);
     $criteria->add($c1);
     // Sort
     $criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS);
     $criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID);
     $criteria->addAscendingOrderByColumn(QubitAclPermission::GROUP_ID);
     // Build ACL
     $this->acl = array();
     if (0 < count($permissions = QubitAclPermission::get($criteria))) {
         foreach ($permissions as $permission) {
             if ('createTerm' != $permission->action) {
                 $taxonomyId = $permission->getConstants(array('name' => 'taxonomyId'));
                 $action = $permission->action;
             } else {
                 // In this context permissions for all objects (null) and root object
                 // are equivalent
                 $taxonomyId = QubitTaxonomy::ROOT_ID != $permission->objectId ? $permission->objectId : null;
                 $action = 'create';
             }
             $this->acl[$taxonomyId][$action][$permission->groupId] = $permission;
         }
     }
 }
 public function execute($request)
 {
     parent::execute($request);
     // Build separate list of permissions by repository and by object
     $this->repositories = array();
     $this->informationObjects = array();
     $this->root = array();
     if (null != $this->resource->id) {
         // Get info object permissions for this resource
         $criteria = new Criteria();
         $criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
         $criteria->add(QubitAclPermission::GROUP_ID, $this->resource->id);
         $c1 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
         $c2 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitInformationObject');
         $c1->addOr($c2);
         $criteria->add($c1);
         $criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS);
         $criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID);
         if (0 < count($permissions = QubitAclPermission::get($criteria))) {
             foreach ($permissions as $p) {
                 if (null != ($repoId = $p->getConstants(array('name' => 'repositoryId')))) {
                     $this->repositories[$repoId][$p->action] = $p;
                 } else {
                     if (null != $p->objectId && QubitInformationObject::ROOT_ID != $p->objectId) {
                         $this->informationObjects[$p->objectId][$p->action] = $p;
                     } else {
                         $this->root[$p->action] = $p;
                     }
                 }
             }
         }
     }
     // List of actions without translate
     $this->basicActions = QubitInformationObjectAcl::$ACTIONS;
     unset($this->basicActions['translate']);
     if ($request->isMethod('post')) {
         $this->form->bind($request->getPostParameters());
         if ($this->form->isValid()) {
             $this->processForm();
             $this->redirect(array($this->resource, 'module' => 'aclGroup', 'action' => 'indexInformationObjectAcl'));
         }
     }
 }
 protected function earlyExecute()
 {
     $this->form->getValidatorSchema()->setOption('allow_extra_fields', true);
     $this->resource = new QubitUser();
     if (isset($this->getRoute()->resource)) {
         $this->resource = $this->getRoute()->resource;
     }
     // Build separate list of permissions by repository and by object
     $this->repositories = array();
     $this->informationObjects = array();
     $this->root = array();
     if (isset($this->resource->id)) {
         // Get info object permissions for this group
         $criteria = new Criteria();
         $criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
         $criteria->add(QubitAclPermission::USER_ID, $this->resource->id);
         $c1 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
         $c2 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitInformationObject');
         $c1->addOr($c2);
         $criteria->add($c1);
         $criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS);
         $criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID);
         if (0 < count($permissions = QubitAclPermission::get($criteria))) {
             foreach ($permissions as $item) {
                 if (null != ($repositoryId = $item->getConstants(array('name' => 'repositoryId')))) {
                     $this->repositories[$repositoryId][$item->action] = $item;
                 } else {
                     if (null != $item->objectId && QubitInformationObject::ROOT_ID != $item->objectId) {
                         $this->informationObjects[$item->objectId][$item->action] = $item;
                     } else {
                         $this->root[$item->action] = $item;
                     }
                 }
             }
         }
     }
     // List of actions without translate
     $this->basicActions = QubitInformationObjectAcl::$ACTIONS;
     unset($this->basicActions['translate']);
 }
 public function execute($request)
 {
     $this->group = QubitAclGroup::getById($request->id);
     $this->forward404Unless($this->group);
     // Check authorization
     if (!QubitAcl::check($this->group, 'read')) {
         $this->redirect('admin/secure');
     }
     // Add roles
     $this->roles = array();
     foreach ($this->group->ancestors->andSelf()->orderBy('lft') as $group) {
         // Omit ROOT group
         if (1 < $group->id) {
             $this->roles[] = $group->id;
         }
     }
     // Table width
     $this->tableCols = count($this->roles) + 3;
     // Get permissions for this group and parents
     $criteria = new Criteria();
     $criteria->add(QubitAclPermission::GROUP_ID, $this->roles, Criteria::IN);
     // Add actor criteria
     $criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
     $c1 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitActor');
     $c2 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
     $c1->addOr($c2);
     $criteria->add($c1);
     // Build ACL
     $this->acl = array();
     if (0 < count($permissions = QubitAclPermission::get($criteria))) {
         foreach ($permissions as $permission) {
             // In this context permissions for all objects (null) and root actor
             // object are equivalent
             $objectId = QubitActor::ROOT_ID != $permission->objectId ? $permission->objectId : null;
             $this->acl[$objectId][$permission->action][$permission->groupId] = $permission;
         }
     }
 }
 protected function earlyExecute()
 {
     $this->form->getValidatorSchema()->setOption('allow_extra_fields', true);
     $this->resource = new QubitUser();
     if (isset($this->getRoute()->resource)) {
         $this->resource = $this->getRoute()->resource;
     }
     $this->permissions = array();
     if (isset($this->resource->id)) {
         // Get info object permissions for this group
         $criteria = new Criteria();
         $criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
         $criteria->add(QubitAclPermission::USER_ID, $this->resource->id);
         $c1 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
         $c2 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitTerm');
         $c1->addOr($c2);
         $criteria->add($c1);
         $criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS);
         $criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID);
         if (0 < count($permissions = QubitAclPermission::get($criteria))) {
             $this->permissions = $permissions;
         }
     }
 }
예제 #10
0
 /**
  * Get a list of user permissions by action and class of resource
  *
  * @param myUser $user - user session
  * @param string $action - requested ACL action
  * @param string $class - resource class
  *
  * @return QubitQuery list of QubitAclPermissions
  */
 public static function getUserPermissionsByAction($user, $class, $action)
 {
     // Get user's groups
     if ($user->isAuthenticated()) {
         foreach ($user->listGroups() as $group) {
             $userGroupIds[] = $group->id;
         }
     } else {
         $userGroupIds = array(QubitAclGroup::ANONYMOUS_ID);
     }
     // Find relevant rules
     $criteria = new Criteria();
     $c1 = $criteria->getNewCriterion(QubitAclPermission::ACTION, $action);
     $c2 = $criteria->getNewCriterion(QubitAclPermission::ACTION, null, Criteria::ISNULL);
     $c1->addOr($c2);
     // Find by group/user
     $c3 = $criteria->getNewCriterion(QubitAclPermission::GROUP_ID, $userGroupIds, Criteria::IN);
     if ($user->isAuthenticated()) {
         $c4 = $criteria->getNewCriterion(QubitAclPermission::USER_ID, $user->getUserID());
         $c3->addOr($c4);
     }
     $c1->addAnd($c3);
     // Find by object type
     $criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
     $c4 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
     $c5 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, $class);
     $c4->addOr($c5);
     // Final conjunction
     $c1->addAnd($c4);
     $criteria->add($c1);
     return QubitAclPermission::get($criteria);
 }
예제 #11
0
 public static function getaclPermissionsById($id, array $options = array())
 {
     $criteria = new Criteria();
     self::addaclPermissionsCriteriaById($criteria, $id);
     return QubitAclPermission::get($criteria, $options);
 }