/** * Get dynamic resources * * @return array */ public function getResources() { $em = $this->doctrine->getManager(); $permissions = $em->getRepository('Newscoop\\Entity\\Acl\\Permission')->createQueryBuilder('p')->select('p.name')->getQuery()->getArrayResult(); $resources = array(); foreach ($permissions as $permission) { try { list($resource, $action) = PermissionToAcl::translate($permission['name']); } catch (\InvalidArgumentException $e) { // ignore obsolete permissions continue; } if (!isset($resources[$resource])) { $resources[$resource] = array(); } $resources[$resource][] = $action; } return $resources; }
/** * Get dynamic resources * * @return array */ public function getResources() { $em = $this->doctrine->getManager(); $repository = $em->getRepository('Newscoop\\Entity\\Acl\\Permission'); $resources = array(); foreach ($repository->findAll() as $permission) { try { list($resource, $action) = PermissionToAcl::translate($permission); } catch (\InvalidArgumentException $e) { // ignore obsolete permissions continue; } if (!isset($resources[$resource])) { $resources[$resource] = array(); } $resources[$resource][] = $action; } return $resources; }
/** * Remove right * * @param array $params * @return void */ public function removeRight(array $params) { $rightId = (int) $params['right_id']; // get permission $sql = 'SELECT right_define_name FROM ' . self::RIGHTS . "\n WHERE right_id = {$rightId}"; $permission = $this->db->GetOne($sql); // remove acl rules try { list($resource, ) = PermissionToAcl::translate($permission); } catch (\InvalidArgumentException $e) { return; } $sql = 'DELETE FROM ' . self::RULES . "\n WHERE resource = '{$resource}'"; $this->db->Execute($sql); // remove right $sql = 'DELETE FROM ' . self::RIGHTS . "\n WHERE right_id = {$rightId}"; $this->db->Execute($sql); }
/** * Check permissions * * @param string $permission * @param string $resource * @param string $action * @return bool */ public function hasPermission($permission, $resource = null, $action = null) { $blogService = \Zend_Registry::get('container')->getService('blog'); if ($blogService->isBlogger($this)) { return true; } $acl = \Zend_Registry::get('acl')->getAcl($this); try { if (!$resource && !$action) { list($resource, $action) = PermissionToAcl::translate($permission); } if ($acl->isAllowed($this, strtolower($resource), strtolower($action))) { if (!$resource && !$action) { return \SaaS::singleton()->hasPermission($permission); } return true; } else { return false; } } catch (\Exception $e) { return false; } }
/** * Check permissions * * @param string $permission * @return bool */ public function hasPermission($permission, $resource = null, $action = null) { $acl = Zend_Registry::get('acl')->getAcl($this); try { list($resource, $action) = PermissionToAcl::translate($permission); if ($acl->isAllowed($this, strtolower($resource), strtolower($action))) { return true; } else { return false; } } catch (Exception $e) { return false; } }
/** * Check permissions * * @param string $permission * @return bool */ public function hasPermission($permission) { $acl = Zend_Registry::get('acl')->getAcl($this); try { list($resource, $action) = PermissionToAcl::translate($permission); if ($acl->isAllowed($this, strtolower($resource), strtolower($action))) { return \SaaS::singleton()->hasPermission($permission); } else { return FALSE; } } catch (Exception $e) { return false; } }
function upgrade_35x_acl() { global $g_ado_db; $roleId = 1; $rules = array(); // update groups $sql = 'SELECT group_id FROM liveuser_groups'; $groups = $g_ado_db->GetAll($sql); foreach ($groups as $group) { $groupId = (int) $group['group_id']; $sql = "UPDATE liveuser_groups SET role_id = {$roleId} WHERE group_id = {$groupId}"; $g_ado_db->Execute($sql); $sql = "SELECT right_define_name\n FROM liveuser_rights r, liveuser_grouprights g\n WHERE r.right_id = g.right_id\n AND g.group_id = {$groupId}"; $rights = $g_ado_db->GetAll($sql); foreach ($rights as $right) { $rightName = $right['right_define_name']; try { list($resource, $action) = array_map('strtolower', PermissionToAcl::translate($rightName)); } catch (\InvalidArgumentException $e) { continue; } $rules[] = array('allow', $roleId, $resource, $action); if ($resource == 'template' && $action == 'manage') { $rules[] = array('allow', $roleId, 'theme', 'manage'); } } $roleId++; } // update users $sql = 'SELECT Id FROM liveuser_users'; $users = $g_ado_db->GetAll($sql); foreach ($users as $user) { $userId = (int) $user['Id']; $sql = "UPDATE liveuser_users SET role_id = {$roleId} WHERE Id = {$userId}"; $g_ado_db->Execute($sql); $sql = "SELECT right_define_name\n FROM liveuser_rights r, liveuser_userrights g\n WHERE r.right_id = g.right_id\n AND g.perm_user_id = {$userId}"; $rights = $g_ado_db->GetAll($sql); foreach ($rights as $right) { $rightName = $right['right_define_name']; try { list($resource, $action) = array_map('strtolower', PermissionToAcl::translate($rightName)); } catch (\InvalidArgumentException $e) { continue; } $rules[] = array('allow', $roleId, $resource, $action); if ($resource == 'template' && $action == 'manage') { $rules[] = array('allow', $roleId, 'theme', 'manage'); } } $roleId++; } if (empty($rules)) { return; // no rules to insert } $rules = array_map(function ($rule) { list($type, $role, $resource, $action) = array_values($rule); return "'{$type}', {$role}, '{$resource}', '{$action}'"; }, $rules); $sql = 'INSERT INTO acl_rule (`type`, `role_id`, `resource`, `action`) VALUES (' . implode("),\n(", $rules) . ")\n"; $g_ado_db->Execute($sql); for ($i = 1; $i < $roleId; $i++) { $sql = "INSERT INTO acl_role (`id`) VALUE ( {$i} );"; $g_ado_db->Execute($sql); } }