/** * (non-PHPdoc) * @see \oat\tao\model\accessControl\AccessControl::hasAccess() */ public function hasAccess(User $user, $controller, $action, $parameters) { $required = array(); try { foreach (ControllerHelper::getRequiredRights($controller, $action) as $paramName => $privileges) { if (isset($parameters[$paramName])) { if (preg_match('/^[a-z]*_2_/', $parameters[$paramName]) != 0) { common_Logger::w('url encoded parameter detected for ' . $paramName); $cleanName = \tao_helpers_Uri::decode($parameters[$paramName]); } else { $cleanName = $parameters[$paramName]; } $required[$cleanName] = $privileges; } else { throw new \Exception('Missing parameter ' . $paramName . ' for ' . $controller . '/' . $action); } } } catch (ActionNotFoundException $e) { // action not found, no access return false; } return empty($required) ? true : self::hasPrivileges($user, $required); }
/** * compulte permissions for a node against actions * @param array[] $actions the actions data with context, name and the resolver * @param User $user the user * @param array $node a tree node * @return array the node augmented with permissions */ private function computePermissions($actions, $user, $node) { if (isset($node['attributes']['data-uri'])) { foreach ($actions as $action) { if ($node['type'] == $action['context'] || $action['context'] == 'resource') { $resolver = $action['resolver']; try { if ($node['type'] == 'class') { $params = array('classUri' => $node['attributes']['data-uri']); } else { $params = array(); foreach ($node['attributes'] as $key => $value) { if (substr($key, 0, strlen('data-')) == 'data-') { $params[substr($key, strlen('data-'))] = $value; } } } $params['id'] = $node['attributes']['data-uri']; $required = array_keys(ControllerHelper::getRequiredRights($resolver->getController(), $resolver->getAction())); if (count(array_diff($required, array_keys($params))) == 0) { $node['permissions'][$action['id']] = AclProxy::hasAccess($user, $resolver->getController(), $resolver->getAction(), $params); } else { common_Logger::d('Unable to determine access to ' . $action['id'], 'ACL'); } //@todo should be a checked exception! } catch (Exception $e) { common_Logger::w('Unable to resolve permission for action ' . $action['id'] . ' : ' . $e->getMessage()); } } } } if (isset($node['children'])) { foreach ($node['children'] as $index => $child) { $node['children'][$index] = $this->computePermissions($actions, $user, $child); } } return $node; }