/**
* Ensures that there is at least an 'all' permission set for every resource
* @return void
*/
public static function create_permissions()
{
$actions = static::all_actions();
$actions[] = 'all';
$activeClasses = \CMF\Admin::activeClasses();
$activeClasses['user_defined'] = array_keys(\Config::get('cmf.auth.resources', array()));
$roles = Role::select('item')->getQuery()->getResult();
$em = \D::manager();
foreach ($activeClasses as $parent_class => $classes) {
foreach ($classes as $class_name) {
$count = intval(Permission::select("count(item)")->where("item.resource = '{$class_name}'")->andWhere("item.action = 'all'")->getQuery()->getSingleScalarResult());
if ($count == 0) {
$permission = new Permission();
$permission->set('action', 'all');
$permission->set('resource', $class_name);
$em->persist($permission);
foreach ($roles as $role) {
$role->add('permissions', $permission);
$em->persist($role);
}
}
}
}
$em->flush();
}
/**
* Gets called from action_index() when a model is found to extend CMF\Model|Node
* @param string $class_name
* @return void
*/
public function treeView($class_name)
{
\Admin::setCurrentClass($class_name);
$metadata = $class_name::metadata();
// Create static items
\Admin::createStaticInstances($metadata);
// Add some context for the template
$this->plural = $class_name::plural();
$this->singular = $class_name::singular();
$this->icon = $class_name::icon();
// Get permissions
$can_create = \CMF\Auth::can('create', $class_name);
$can_edit = \CMF\Auth::can('edit', $class_name);
$can_delete = \CMF\Auth::can('delete', $class_name);
$can_manage = \CMF\Auth::can(array('view', 'edit'), 'CMF\\Model\\Permission');
$classes = array();
$classes[$class_name] = array('plural' => $this->plural, 'singular' => $this->singular, 'icon' => $this->icon, 'table_name' => $metadata->table['name'], 'can_create' => $can_create && $can_edit, 'can_edit' => $can_edit, 'can_delete' => $can_delete, 'superclass' => $class_name::superclass(), 'allowed_children' => $class_name::allowedChildren(), 'allowed_parents' => $class_name::allowedParents());
foreach ($metadata->subClasses as $sub_class) {
$subclass_metadata = $sub_class::metadata();
$classes[$sub_class] = array('static' => $sub_class::_static(), 'superlock' => $sub_class::superlock(), 'plural' => $sub_class::plural(), 'singular' => $sub_class::singular(), 'icon' => $sub_class::icon(), 'table_name' => $subclass_metadata->table['name'], 'can_create' => \CMF\Auth::can('create', $sub_class), 'can_edit' => \CMF\Auth::can('edit', $sub_class), 'can_delete' => \CMF\Auth::can('delete', $sub_class), 'superclass' => false, 'allowed_children' => $sub_class::allowedChildren(), 'allowed_parents' => $sub_class::allowedParents(), 'disallowed_children' => $sub_class::disallowedChildren(), 'disallowed_parents' => $sub_class::disallowedParents());
}
// Item-specific permissions
$user = \CMF\Auth::current_user();
$item_permissions = array();
$ids = array();
$excluded_ids = array();
$root_node = $class_name::getRootNode(true);
$repo = \D::manager()->getRepository($class_name);
$qb = $repo->getNodesHierarchyQueryBuilder($root_node);
$this->tree_errors = null;
$this->tree_is_valid = true;
// If we have URLs, join them to the query
if ($class_name::hasUrlField()) {
$qb->addSelect('url, alias')->leftJoin('node.url', 'url')->leftJoin('url.alias', 'alias');
}
$q = $qb->getQuery();
// Set the query hint if multi lingual!
if (\CMF\Doctrine\Extensions\Translatable::enabled()) {
$q->setHint(\Doctrine\ORM\Query::HINT_CUSTOM_OUTPUT_WALKER, 'Gedmo\\Translatable\\Query\\TreeWalker\\TranslationWalker');
}
//$tree = $this->processTreeNodes(\D::manager()->getRepository($class_name)->childrenHierarchy($root_node), $metadata, $ids);
$tree = $this->processTreeNodes($repo->buildTree($q->getArrayResult()), $metadata, $ids);
if (!$user->super_user) {
$permissions = \CMF\Model\Permission::select('item.id, item.action, item.resource, item.item_id')->leftJoin('item.roles', 'roles')->where("item.resource = '{$class_name}'")->andWhere("item.item_id IN(?1)")->andWhere("roles IN (?2)")->setParameter(1, $ids)->setParameter(2, $user->roles->toArray())->getQuery()->getArrayResult();
foreach ($permissions as $permission) {
$item_actions = isset($item_permissions[$permission['item_id']]) ? $item_permissions[$permission['item_id']] : array();
$item_actions[] = $permission['action'];
$item_permissions[$permission['item_id']] = $item_actions;
}
foreach ($item_permissions as $item_id => $item_actions) {
if (in_array('none', $item_actions) || count($item_actions) > 0 && !in_array('view', $item_actions)) {
$excluded_ids[] = $item_id;
}
}
$tree = $this->filterTreeNodes($tree, $excluded_ids);
} else {
$this->tree_errors = $repo->verify();
$this->tree_is_valid = $this->tree_errors === true;
}
// Import actions
$importMethods = $class_name::importMethods();
// Add more context for the template
$this->table_name = $metadata->table['name'];
$this->template = 'admin/item/tree.twig';
$this->superlock = $class_name::superlock();
$this->num_nodes = count($tree);
// Permissions
$this->can_create = $can_create && $can_edit;
$this->can_edit = $can_edit;
$this->can_delete = $can_delete;
$this->can_manage = $can_manage;
$this->can_import = !empty($importMethods) && $can_manage;
// Add the stuff for JS
$this->js['tree'] = $tree;
$this->js['item_permissions'] = $item_permissions;
$this->js['excluded_ids'] = $excluded_ids;
$this->js['classes'] = $classes;
$this->js['table_name'] = $metadata->table['name'];
$this->js['plural'] = $this->plural;
$this->js['singular'] = $this->singular;
$this->js['class_name'] = $class_name;
// Permissions for JS
$this->js['can_create'] = $can_create && $can_edit;
$this->js['can_edit'] = $can_edit;
$this->js['can_delete'] = $can_delete;
$this->js['can_manage'] = $can_manage;
}