public function getRoles($orgType) { $roles = PermissionService::getInstance()->findAllRoles('portal'); $aRoles = array(); foreach ($roles as &$role) { // Divide roles into role-orgType $aRole = explode('-', $role); if (count($aRole) > 1) { $thisOrgType = array_pop($aRole); $roleName = implode('-', $aRole); // Add to associative array if role name isnt 'org' if ($roleName != 'org') { if (!isset($aRoles[$thisOrgType])) { $aRoles[$thisOrgType] = array(); } $aRoles[$thisOrgType][] = $roleName; } } } // Generate output depending on the presence of // the orgType GET parameter if (!empty($orgType)) { $roles = !empty($aRoles[$orgType]) ? $aRoles[$orgType] : array(); $roles = array_unique($roles); sort($roles); } else { $roles = $aRoles; } return $roles; }
/** * Lists all permissions */ public function indexAction() { if (($namespace = $this->_getParam('namespace')) || ($namespace = $this->getRequest()->getHeader('Realm'))) { } if (!($roleId = $this->_getParam('roleId'))) { $roleId = \App::getUserLogged()->getRoleId(); } $this->view->permissions = \Core\Service\PermissionService::getInstance()->load($roleId, $namespace); }
protected function _loadRole($role) { if (($role instanceof Zend_Acl_Role_Interface || is_string($role)) && !$this->hasRole($role)) { if ($role instanceof Zend_Acl_Role_Interface) { $roleId = $role->getRoleId(); } else { $roleId = $role; } $this->addRole($roleId); $this->deny($roleId); $service = \Core\Service\PermissionService::getInstance(); //Load all resources $resources = $service->findAllResources('portal'); $alreadySetupRes = $this->getResources(); foreach ($resources as $res) { if (!in_array($res, $alreadySetupRes)) { $this->addResource($res); } } $permissions = $service->load($roleId, 'portal'); if (is_array($permissions)) { foreach ($permissions as $resource => $perms) { $this->deny($roleId, $resource); foreach ($perms as $perm => $asserts) { if (!empty($asserts)) { if (!in_array('NotAllowed', $asserts)) { $combi = new App_Acl_Assert_Combine($asserts); $this->allow($roleId, $resource, $perm, $combi); } else { $this->deny($roleId, $resource, $perm); } } else { $this->allow($roleId, $resource, $perm); } } } } } }
/** * Closed at production environment, available at development */ public function permsAction() { $this->_develOnly(); // Render permissions as HTML $this->_helper->output()->disable(); // Required params if (($namespace = $this->_getParam('permissions')) || ($namespace = $this->getRequest()->getHeader('Realm'))) { } $roles = \Core\Service\PermissionService::getInstance()->findAllRoles($namespace); $this->view->namespaces = array(); if (!$namespace) { $uniqRoles = array(); foreach ($roles as $ns => $nsRoles) { $uniqRoles = array_merge($uniqRoles, $nsRoles); $this->view->namespaces[] = $ns; } $roles = array_unique($uniqRoles); } else { $this->view->namespaces[] = $namespace; } $this->view->roles = $roles; $this->view->service = \Core\Service\PermissionService::getInstance(); }
public function meAction() { $this->view->user = \App::getUserLogged(); $this->_helper->filterNotAllowedFields('read_field', $this->view->user); if ($this->getRequest()->getParam('organization', false)) { $this->view->organization = $this->view->user->getOrganization(); $this->_helper->filterNotAllowedFields('read_field', $this->view->organization); $orgService = OrgService::getInstance(); $orgService->getOrgConfig($this->view->organization); $sp = $orgService->getParentByType($this->view->organization, OrgServiceProviderModel::ORG_TYPE); if ($sp && isset($sp->isEnabler)) { $this->view->organization->alwaysOnRoaming = !$sp->isEnabler; } if ($this->view->organization instanceof OrgCustomerModel && isset($this->view->organization->supplementaryServicesId)) { try { $supplService = SupplServicesService::getInstance()->load($this->view->organization->supplementaryServicesId); if ($supplService) { try { $this->_helper->allowed('read', $supplService); $this->_helper->filterNotAllowedFields('read_field', $supplService); $this->view->supplService = $supplService; } catch (PermissionException $e) { } } } catch (\Exception $e) { \App::log()->warn($e); } } } if (($namespace = $this->_getParam('permissions')) || ($namespace = $this->getRequest()->getHeader('Realm'))) { if ($namespace == 1) { $namespace = null; } $this->view->permissions = \Core\Service\PermissionService::getInstance()->load(\App::getUserLogged()->getRoleId(), $namespace); } }