예제 #1
0
 /**
  * Ensures that there is at least an 'all' permission set for every resource
  * @return void
  */
 public static function create_permissions()
 {
     $actions = static::all_actions();
     $actions[] = 'all';
     $activeClasses = \CMF\Admin::activeClasses();
     $activeClasses['user_defined'] = array_keys(\Config::get('cmf.auth.resources', array()));
     $roles = Role::select('item')->getQuery()->getResult();
     $em = \D::manager();
     foreach ($activeClasses as $parent_class => $classes) {
         foreach ($classes as $class_name) {
             $count = intval(Permission::select("count(item)")->where("item.resource = '{$class_name}'")->andWhere("item.action = 'all'")->getQuery()->getSingleScalarResult());
             if ($count == 0) {
                 $permission = new Permission();
                 $permission->set('action', 'all');
                 $permission->set('resource', $class_name);
                 $em->persist($permission);
                 foreach ($roles as $role) {
                     $role->add('permissions', $permission);
                     $em->persist($role);
                 }
             }
         }
     }
     $em->flush();
 }
예제 #2
0
 /**
  * Creates a super user
  * @return array
  */
 public static function createSuperUser($email = '*****@*****.**', $username = '******', $password = null)
 {
     // Load up the admin module and it's classes, otherwise we won't get
     // access to the admin user class
     \Module::load('admin');
     if (\Fuel::$is_cli) {
         $email = \Cli::prompt('Enter an email address', $email);
         $username = \Cli::prompt('Enter a user name', $username);
         $first = true;
         while ($first || strlen($password) > 0 && strlen($password) < 6) {
             $password = \Cli::prompt('Enter a password (leave blank to generate one)');
             if (strlen($password) > 0 && strlen($password) < 6) {
                 \Cli::error('The password must be 6 characters or more!');
             }
             $first = false;
         }
         $confirm_password = '';
         if (empty($password)) {
             // The user left the password field blank, so we are generating one
             $gen = new PWGen(3, false, false, false, false, false, false);
             $password = $confirm_password = $gen->generate() . '-' . $gen->generate() . '-' . $gen->generate();
         } else {
             // If the user entered a password, we need them to confirm it
             while ($confirm_password != $password) {
                 $confirm_password = \Cli::prompt('Confirm password');
                 if ($confirm_password != $password) {
                     \Cli::error('The passwords do not match!');
                 }
             }
         }
     }
     // Check if the user exists
     $em = \D::manager();
     $user = \Admin\Model_User::select('item')->where("item.username = '******'")->getQuery()->getResult();
     $exists = count($user) > 0;
     if ($exists) {
         $user = $user[0];
     } else {
         $user = new \Admin\Model_User();
     }
     // Populate the user
     $user->set('email', $email);
     $user->set('username', $username);
     $user->set('password', $password);
     $user->set('confirm_password', $confirm_password);
     $user->set('super_user', true);
     // Create the admin role
     $role = \CMF\Model\Role::findBy(array("name = 'admin'"))->getQuery()->getResult();
     if (count($role) == 0) {
         $role = new \CMF\Model\Role();
         $role->set('name', 'admin');
         $role->set('description', 'users of this admin site');
         $em->persist($role);
     } else {
         $role = $role[0];
     }
     $user->add('roles', $role);
     // Validate the newly created user
     if (!$user->validate()) {
         if (\Fuel::$is_cli) {
             \Cli::write('There was something wrong with the info you entered. Try again!', 'red');
             static::createSuperUser();
         } else {
             return array('errors' => $user->errors);
         }
     }
     $em->persist($user);
     $em->flush();
     \Cli::write($exists ? "\n\tExisting super user updated:" : "\n\tNew super user created:", 'light_gray');
     \Cli::write("\tusername:    "******"\n\tpassword:    "******"\n", 'light_cyan');
 }
예제 #3
0
 public function action_save_permissions($table_name, $role_id)
 {
     $class_name = \Admin::getClassForTable($table_name);
     if ($class_name === false) {
         return $this->show404(null, "type");
     }
     $post = \Input::post();
     $ids = array_keys($post);
     $role = \CMF\Model\Role::select('item')->where('item.id = ' . $role_id)->getQuery()->getResult();
     if (count($role) === 0) {
         return $this->show404(null, "role");
     } else {
         $role = $role[0];
     }
     $permissions = \CMF\Model\Permission::select('item')->leftJoin('item.roles', 'roles')->where("item.resource = '{$class_name}'")->andWhere("item.item_id IN(?1)")->andWhere("roles.id = {$role_id}")->setParameter(1, $ids)->getQuery()->getResult();
     $em = \D::manager();
     foreach ($permissions as $permission) {
         $actions = isset($post[$permission->item_id]) ? $post[$permission->item_id] : array();
         if (array_key_exists('all', $actions) && intval($actions['all']) === 1) {
             if ($permission->action != 'none') {
                 $em->remove($permission);
             }
             $actions = array('all' => 1);
         } elseif (!array_key_exists($permission->action, $actions) || intval($actions[$permission->action]) === 0) {
             if ($permission->action != 'none') {
                 $em->remove($permission);
             }
         }
         $post[$permission->item_id] = $actions;
     }
     foreach ($post as $item_id => $actions) {
         $passed = 0;
         foreach ($actions as $action => $action_value) {
             if ($action != 'all' && intval($action_value) === 1) {
                 $permission = \CMF\Auth::get_permission($action, $class_name, $item_id);
                 $role->add('permissions', $permission);
                 $passed++;
             } elseif ($action == 'all' && intval($action_value) === 1) {
                 $passed++;
             }
         }
         $none_permission = \CMF\Auth::get_permission('none', $class_name, $item_id);
         if ($passed === 0) {
             $role->add('permissions', $none_permission);
         } else {
             $em->remove($none_permission);
         }
     }
     $result = array('success' => true);
     try {
         $em->persist($role);
         $em->flush();
     } catch (\Exception $e) {
         $result['success'] = false;
     }
     return \Response::forge(json_encode($result), $this->status, $this->headers);
 }