/**
* Get dynamic resources
*
* @return array
*/
public function getResources()
{
$em = $this->doctrine->getManager();
$permissions = $em->getRepository('Newscoop\\Entity\\Acl\\Permission')->createQueryBuilder('p')->select('p.name')->getQuery()->getArrayResult();
$resources = array();
foreach ($permissions as $permission) {
try {
list($resource, $action) = PermissionToAcl::translate($permission['name']);
} catch (\InvalidArgumentException $e) {
// ignore obsolete permissions
continue;
}
if (!isset($resources[$resource])) {
$resources[$resource] = array();
}
$resources[$resource][] = $action;
}
return $resources;
}
/**
* Get dynamic resources
*
* @return array
*/
public function getResources()
{
$em = $this->doctrine->getManager();
$repository = $em->getRepository('Newscoop\\Entity\\Acl\\Permission');
$resources = array();
foreach ($repository->findAll() as $permission) {
try {
list($resource, $action) = PermissionToAcl::translate($permission);
} catch (\InvalidArgumentException $e) {
// ignore obsolete permissions
continue;
}
if (!isset($resources[$resource])) {
$resources[$resource] = array();
}
$resources[$resource][] = $action;
}
return $resources;
}
/**
* Remove right
*
* @param array $params
* @return void
*/
public function removeRight(array $params)
{
$rightId = (int) $params['right_id'];
// get permission
$sql = 'SELECT right_define_name
FROM ' . self::RIGHTS . "\n WHERE right_id = {$rightId}";
$permission = $this->db->GetOne($sql);
// remove acl rules
try {
list($resource, ) = PermissionToAcl::translate($permission);
} catch (\InvalidArgumentException $e) {
return;
}
$sql = 'DELETE
FROM ' . self::RULES . "\n WHERE resource = '{$resource}'";
$this->db->Execute($sql);
// remove right
$sql = 'DELETE
FROM ' . self::RIGHTS . "\n WHERE right_id = {$rightId}";
$this->db->Execute($sql);
}
/**
* Check permissions
*
* @param string $permission
* @param string $resource
* @param string $action
* @return bool
*/
public function hasPermission($permission, $resource = null, $action = null)
{
$blogService = \Zend_Registry::get('container')->getService('blog');
if ($blogService->isBlogger($this)) {
return true;
}
$acl = \Zend_Registry::get('acl')->getAcl($this);
try {
if (!$resource && !$action) {
list($resource, $action) = PermissionToAcl::translate($permission);
}
if ($acl->isAllowed($this, strtolower($resource), strtolower($action))) {
if (!$resource && !$action) {
return \SaaS::singleton()->hasPermission($permission);
}
return true;
} else {
return false;
}
} catch (\Exception $e) {
return false;
}
}
/**
* Check permissions
*
* @param string $permission
* @return bool
*/
public function hasPermission($permission, $resource = null, $action = null)
{
$acl = Zend_Registry::get('acl')->getAcl($this);
try {
list($resource, $action) = PermissionToAcl::translate($permission);
if ($acl->isAllowed($this, strtolower($resource), strtolower($action))) {
return true;
} else {
return false;
}
} catch (Exception $e) {
return false;
}
}
/**
* Check permissions
*
* @param string $permission
* @return bool
*/
public function hasPermission($permission)
{
$acl = Zend_Registry::get('acl')->getAcl($this);
try {
list($resource, $action) = PermissionToAcl::translate($permission);
if ($acl->isAllowed($this, strtolower($resource), strtolower($action))) {
return \SaaS::singleton()->hasPermission($permission);
} else {
return FALSE;
}
} catch (Exception $e) {
return false;
}
}
function upgrade_35x_acl()
{
global $g_ado_db;
$roleId = 1;
$rules = array();
// update groups
$sql = 'SELECT group_id
FROM liveuser_groups';
$groups = $g_ado_db->GetAll($sql);
foreach ($groups as $group) {
$groupId = (int) $group['group_id'];
$sql = "UPDATE liveuser_groups SET role_id = {$roleId} WHERE group_id = {$groupId}";
$g_ado_db->Execute($sql);
$sql = "SELECT right_define_name\n FROM liveuser_rights r, liveuser_grouprights g\n WHERE r.right_id = g.right_id\n AND g.group_id = {$groupId}";
$rights = $g_ado_db->GetAll($sql);
foreach ($rights as $right) {
$rightName = $right['right_define_name'];
try {
list($resource, $action) = array_map('strtolower', PermissionToAcl::translate($rightName));
} catch (\InvalidArgumentException $e) {
continue;
}
$rules[] = array('allow', $roleId, $resource, $action);
if ($resource == 'template' && $action == 'manage') {
$rules[] = array('allow', $roleId, 'theme', 'manage');
}
}
$roleId++;
}
// update users
$sql = 'SELECT Id
FROM liveuser_users';
$users = $g_ado_db->GetAll($sql);
foreach ($users as $user) {
$userId = (int) $user['Id'];
$sql = "UPDATE liveuser_users SET role_id = {$roleId} WHERE Id = {$userId}";
$g_ado_db->Execute($sql);
$sql = "SELECT right_define_name\n FROM liveuser_rights r, liveuser_userrights g\n WHERE r.right_id = g.right_id\n AND g.perm_user_id = {$userId}";
$rights = $g_ado_db->GetAll($sql);
foreach ($rights as $right) {
$rightName = $right['right_define_name'];
try {
list($resource, $action) = array_map('strtolower', PermissionToAcl::translate($rightName));
} catch (\InvalidArgumentException $e) {
continue;
}
$rules[] = array('allow', $roleId, $resource, $action);
if ($resource == 'template' && $action == 'manage') {
$rules[] = array('allow', $roleId, 'theme', 'manage');
}
}
$roleId++;
}
if (empty($rules)) {
return;
// no rules to insert
}
$rules = array_map(function ($rule) {
list($type, $role, $resource, $action) = array_values($rule);
return "'{$type}', {$role}, '{$resource}', '{$action}'";
}, $rules);
$sql = 'INSERT INTO acl_rule (`type`, `role_id`, `resource`, `action`) VALUES (' . implode("),\n(", $rules) . ")\n";
$g_ado_db->Execute($sql);
for ($i = 1; $i < $roleId; $i++) {
$sql = "INSERT INTO acl_role (`id`) VALUE ( {$i} );";
$g_ado_db->Execute($sql);
}
}