/** * Ensures that there is at least an 'all' permission set for every resource * @return void */ public static function create_permissions() { $actions = static::all_actions(); $actions[] = 'all'; $activeClasses = \CMF\Admin::activeClasses(); $activeClasses['user_defined'] = array_keys(\Config::get('cmf.auth.resources', array())); $roles = Role::select('item')->getQuery()->getResult(); $em = \D::manager(); foreach ($activeClasses as $parent_class => $classes) { foreach ($classes as $class_name) { $count = intval(Permission::select("count(item)")->where("item.resource = '{$class_name}'")->andWhere("item.action = 'all'")->getQuery()->getSingleScalarResult()); if ($count == 0) { $permission = new Permission(); $permission->set('action', 'all'); $permission->set('resource', $class_name); $em->persist($permission); foreach ($roles as $role) { $role->add('permissions', $permission); $em->persist($role); } } } } $em->flush(); }
/** * Creates a super user * @return array */ public static function createSuperUser($email = '*****@*****.**', $username = '******', $password = null) { // Load up the admin module and it's classes, otherwise we won't get // access to the admin user class \Module::load('admin'); if (\Fuel::$is_cli) { $email = \Cli::prompt('Enter an email address', $email); $username = \Cli::prompt('Enter a user name', $username); $first = true; while ($first || strlen($password) > 0 && strlen($password) < 6) { $password = \Cli::prompt('Enter a password (leave blank to generate one)'); if (strlen($password) > 0 && strlen($password) < 6) { \Cli::error('The password must be 6 characters or more!'); } $first = false; } $confirm_password = ''; if (empty($password)) { // The user left the password field blank, so we are generating one $gen = new PWGen(3, false, false, false, false, false, false); $password = $confirm_password = $gen->generate() . '-' . $gen->generate() . '-' . $gen->generate(); } else { // If the user entered a password, we need them to confirm it while ($confirm_password != $password) { $confirm_password = \Cli::prompt('Confirm password'); if ($confirm_password != $password) { \Cli::error('The passwords do not match!'); } } } } // Check if the user exists $em = \D::manager(); $user = \Admin\Model_User::select('item')->where("item.username = '******'")->getQuery()->getResult(); $exists = count($user) > 0; if ($exists) { $user = $user[0]; } else { $user = new \Admin\Model_User(); } // Populate the user $user->set('email', $email); $user->set('username', $username); $user->set('password', $password); $user->set('confirm_password', $confirm_password); $user->set('super_user', true); // Create the admin role $role = \CMF\Model\Role::findBy(array("name = 'admin'"))->getQuery()->getResult(); if (count($role) == 0) { $role = new \CMF\Model\Role(); $role->set('name', 'admin'); $role->set('description', 'users of this admin site'); $em->persist($role); } else { $role = $role[0]; } $user->add('roles', $role); // Validate the newly created user if (!$user->validate()) { if (\Fuel::$is_cli) { \Cli::write('There was something wrong with the info you entered. Try again!', 'red'); static::createSuperUser(); } else { return array('errors' => $user->errors); } } $em->persist($user); $em->flush(); \Cli::write($exists ? "\n\tExisting super user updated:" : "\n\tNew super user created:", 'light_gray'); \Cli::write("\tusername: "******"\n\tpassword: "******"\n", 'light_cyan'); }
public function action_save_permissions($table_name, $role_id) { $class_name = \Admin::getClassForTable($table_name); if ($class_name === false) { return $this->show404(null, "type"); } $post = \Input::post(); $ids = array_keys($post); $role = \CMF\Model\Role::select('item')->where('item.id = ' . $role_id)->getQuery()->getResult(); if (count($role) === 0) { return $this->show404(null, "role"); } else { $role = $role[0]; } $permissions = \CMF\Model\Permission::select('item')->leftJoin('item.roles', 'roles')->where("item.resource = '{$class_name}'")->andWhere("item.item_id IN(?1)")->andWhere("roles.id = {$role_id}")->setParameter(1, $ids)->getQuery()->getResult(); $em = \D::manager(); foreach ($permissions as $permission) { $actions = isset($post[$permission->item_id]) ? $post[$permission->item_id] : array(); if (array_key_exists('all', $actions) && intval($actions['all']) === 1) { if ($permission->action != 'none') { $em->remove($permission); } $actions = array('all' => 1); } elseif (!array_key_exists($permission->action, $actions) || intval($actions[$permission->action]) === 0) { if ($permission->action != 'none') { $em->remove($permission); } } $post[$permission->item_id] = $actions; } foreach ($post as $item_id => $actions) { $passed = 0; foreach ($actions as $action => $action_value) { if ($action != 'all' && intval($action_value) === 1) { $permission = \CMF\Auth::get_permission($action, $class_name, $item_id); $role->add('permissions', $permission); $passed++; } elseif ($action == 'all' && intval($action_value) === 1) { $passed++; } } $none_permission = \CMF\Auth::get_permission('none', $class_name, $item_id); if ($passed === 0) { $role->add('permissions', $none_permission); } else { $em->remove($none_permission); } } $result = array('success' => true); try { $em->persist($role); $em->flush(); } catch (\Exception $e) { $result['success'] = false; } return \Response::forge(json_encode($result), $this->status, $this->headers); }