예제 #1
0
 /**
  * Get dynamic resources
  *
  * @return array
  */
 public function getResources()
 {
     $em = $this->doctrine->getManager();
     $permissions = $em->getRepository('Newscoop\\Entity\\Acl\\Permission')->createQueryBuilder('p')->select('p.name')->getQuery()->getArrayResult();
     $resources = array();
     foreach ($permissions as $permission) {
         try {
             list($resource, $action) = PermissionToAcl::translate($permission['name']);
         } catch (\InvalidArgumentException $e) {
             // ignore obsolete permissions
             continue;
         }
         if (!isset($resources[$resource])) {
             $resources[$resource] = array();
         }
         $resources[$resource][] = $action;
     }
     return $resources;
 }
예제 #2
0
 /**
  * Get dynamic resources
  *
  * @return array
  */
 public function getResources()
 {
     $em = $this->doctrine->getManager();
     $repository = $em->getRepository('Newscoop\\Entity\\Acl\\Permission');
     $resources = array();
     foreach ($repository->findAll() as $permission) {
         try {
             list($resource, $action) = PermissionToAcl::translate($permission);
         } catch (\InvalidArgumentException $e) {
             // ignore obsolete permissions
             continue;
         }
         if (!isset($resources[$resource])) {
             $resources[$resource] = array();
         }
         $resources[$resource][] = $action;
     }
     return $resources;
 }
예제 #3
0
 /**
  * Remove right
  *
  * @param array $params
  * @return void
  */
 public function removeRight(array $params)
 {
     $rightId = (int) $params['right_id'];
     // get permission
     $sql = 'SELECT right_define_name
             FROM ' . self::RIGHTS . "\n                WHERE right_id = {$rightId}";
     $permission = $this->db->GetOne($sql);
     // remove acl rules
     try {
         list($resource, ) = PermissionToAcl::translate($permission);
     } catch (\InvalidArgumentException $e) {
         return;
     }
     $sql = 'DELETE
             FROM ' . self::RULES . "\n                WHERE resource = '{$resource}'";
     $this->db->Execute($sql);
     // remove right
     $sql = 'DELETE
             FROM ' . self::RIGHTS . "\n                WHERE right_id = {$rightId}";
     $this->db->Execute($sql);
 }
예제 #4
0
 /**
  * Check permissions
  *
  * @param  string $permission
  * @param  string $resource
  * @param  string $action
  * @return bool
  */
 public function hasPermission($permission, $resource = null, $action = null)
 {
     $blogService = \Zend_Registry::get('container')->getService('blog');
     if ($blogService->isBlogger($this)) {
         return true;
     }
     $acl = \Zend_Registry::get('acl')->getAcl($this);
     try {
         if (!$resource && !$action) {
             list($resource, $action) = PermissionToAcl::translate($permission);
         }
         if ($acl->isAllowed($this, strtolower($resource), strtolower($action))) {
             if (!$resource && !$action) {
                 return \SaaS::singleton()->hasPermission($permission);
             }
             return true;
         } else {
             return false;
         }
     } catch (\Exception $e) {
         return false;
     }
 }
예제 #5
0
 /**
  * Check permissions
  *
  * @param string $permission
  * @return bool
  */
 public function hasPermission($permission, $resource = null, $action = null)
 {
     $acl = Zend_Registry::get('acl')->getAcl($this);
     try {
         list($resource, $action) = PermissionToAcl::translate($permission);
         if ($acl->isAllowed($this, strtolower($resource), strtolower($action))) {
             return true;
         } else {
             return false;
         }
     } catch (Exception $e) {
         return false;
     }
 }
예제 #6
0
파일: Staff.php 프로젝트: nidzix/Newscoop
 /**
  * Check permissions
  *
  * @param string $permission
  * @return bool
  */
 public function hasPermission($permission)
 {
     $acl = Zend_Registry::get('acl')->getAcl($this);
     try {
         list($resource, $action) = PermissionToAcl::translate($permission);
         if ($acl->isAllowed($this, strtolower($resource), strtolower($action))) {
             return \SaaS::singleton()->hasPermission($permission);
         } else {
             return FALSE;
         }
     } catch (Exception $e) {
         return false;
     }
 }
예제 #7
0
파일: acl.php 프로젝트: nidzix/Newscoop
function upgrade_35x_acl()
{
    global $g_ado_db;
    $roleId = 1;
    $rules = array();
    // update groups
    $sql = 'SELECT group_id
        FROM liveuser_groups';
    $groups = $g_ado_db->GetAll($sql);
    foreach ($groups as $group) {
        $groupId = (int) $group['group_id'];
        $sql = "UPDATE liveuser_groups SET role_id = {$roleId} WHERE group_id = {$groupId}";
        $g_ado_db->Execute($sql);
        $sql = "SELECT right_define_name\n            FROM liveuser_rights r, liveuser_grouprights g\n            WHERE r.right_id = g.right_id\n                AND g.group_id = {$groupId}";
        $rights = $g_ado_db->GetAll($sql);
        foreach ($rights as $right) {
            $rightName = $right['right_define_name'];
            try {
                list($resource, $action) = array_map('strtolower', PermissionToAcl::translate($rightName));
            } catch (\InvalidArgumentException $e) {
                continue;
            }
            $rules[] = array('allow', $roleId, $resource, $action);
            if ($resource == 'template' && $action == 'manage') {
                $rules[] = array('allow', $roleId, 'theme', 'manage');
            }
        }
        $roleId++;
    }
    // update users
    $sql = 'SELECT Id
        FROM liveuser_users';
    $users = $g_ado_db->GetAll($sql);
    foreach ($users as $user) {
        $userId = (int) $user['Id'];
        $sql = "UPDATE liveuser_users SET role_id = {$roleId} WHERE Id = {$userId}";
        $g_ado_db->Execute($sql);
        $sql = "SELECT right_define_name\n            FROM liveuser_rights r, liveuser_userrights g\n            WHERE r.right_id = g.right_id\n                AND g.perm_user_id = {$userId}";
        $rights = $g_ado_db->GetAll($sql);
        foreach ($rights as $right) {
            $rightName = $right['right_define_name'];
            try {
                list($resource, $action) = array_map('strtolower', PermissionToAcl::translate($rightName));
            } catch (\InvalidArgumentException $e) {
                continue;
            }
            $rules[] = array('allow', $roleId, $resource, $action);
            if ($resource == 'template' && $action == 'manage') {
                $rules[] = array('allow', $roleId, 'theme', 'manage');
            }
        }
        $roleId++;
    }
    if (empty($rules)) {
        return;
        // no rules to insert
    }
    $rules = array_map(function ($rule) {
        list($type, $role, $resource, $action) = array_values($rule);
        return "'{$type}', {$role}, '{$resource}', '{$action}'";
    }, $rules);
    $sql = 'INSERT INTO acl_rule (`type`, `role_id`, `resource`, `action`) VALUES (' . implode("),\n(", $rules) . ")\n";
    $g_ado_db->Execute($sql);
    for ($i = 1; $i < $roleId; $i++) {
        $sql = "INSERT INTO acl_role (`id`) VALUE ( {$i} );";
        $g_ado_db->Execute($sql);
    }
}