public function revokeRule(AccessRule $rule) { if ($rule->isGrant()) { $accessService = funcAcl_models_classes_AccessService::singleton(); $elements = $this->evalFilterMask($rule->getMask()); switch (count($elements)) { case 1: $extension = reset($elements); $accessService->revokeExtensionAccess($rule->getRole(), $extension); break; case 2: list($extension, $shortName) = $elements; $accessService->revokeModuleAccess($rule->getRole(), $extension, $shortName); break; case 3: list($extension, $shortName, $action) = $elements; $accessService->revokeActionAccess($rule->getRole(), $extension, $shortName, $action); break; default: // fail silently warning should already be send } } else { common_Logger::w('Only grant rules accepted in ' . __CLASS__); } }
public function revokeRule(AccessRule $rule) { if ($rule->getRole()->getUri() == INSTANCE_ROLE_ANONYMOUS) { $mask = $rule->getMask(); $ruleString = $mask['ext'] . '::' . (isset($mask['mod']) ? $mask['mod'] : '*') . '::' . (isset($mask['act']) ? $mask['act'] : '*'); $remaining = array_diff(explode(',', $this->whitelist), array($ruleString)); $this->whitelist = implode(',', $remaining); $ext = common_ext_ExtensionsManager::singleton()->getExtensionById('tao'); common_ext_ExtensionsManager::singleton()->getExtensionById('tao')->setConfig(self::WHITELIST_KEY, $this->whitelist); } }
public function revokeRule(AccessRule $rule) { if ($rule->getRole()->getUri() === INSTANCE_ROLE_ANONYMOUS) { $ext = common_ext_ExtensionsManager::singleton()->getExtensionById('tao'); $this->controllers = $ext->hasConfig(self::WHITELIST_KEY) ? $ext->getConfig(self::WHITELIST_KEY) : array(); $mask = $rule->getMask(); if (isset($mask['ext']) && !isset($mask['mod'])) { foreach (ControllerHelper::getControllers($mask['ext']) as $controllerClassName) { unset($this->controllers[$controllerClassName]); } } elseif (isset($mask['ext']) && isset($mask['mod']) && !isset($mask['act'])) { unset($this->controllers[FuncHelper::getClassName($mask['ext'], $mask['mod'])]); } elseif (isset($mask['ext']) && isset($mask['mod']) && isset($mask['act'])) { $controller = FuncHelper::getClassName($mask['ext'], $mask['mod']); if (isset($this->controllers[$controller])) { unset($this->controllers[$controller][$mask['act']]); if (0 === count($this->controllers[$controller])) { unset($this->controllers[$controller]); } } } elseif (isset($mask['controller'])) { unset($this->controllers[$mask['controller']]); } elseif (isset($mask['act']) && strpos($mask['act'], '@') !== false) { list($controller, $action) = explode('@', $mask['act'], 2); if (isset($this->controllers[$controller])) { unset($this->controllers[$controller][$action]); if (0 === count($this->controllers[$controller])) { unset($this->controllers[$controller]); } } } else { \common_Logger::w('Unrecognised mask keys: ' . implode(',', array_keys($mask))); } $ext->setConfig(self::WHITELIST_KEY, $this->controllers); } }
public function revokeRule(AccessRule $rule) { if ($rule->isGrant()) { $accessService = funcAcl_models_classes_AccessService::singleton(); $filter = $rule->getMask(); if (isset($filter['act']) && isset($filter['mod']) && isset($filter['ext'])) { $accessService->revokeActionAccess($rule->getRole(), $filter['ext'], $filter['mod'], $filter['act']); } elseif (isset($filter['mod']) && isset($filter['ext'])) { $accessService->revokeModuleAccess($rule->getRole(), $filter['ext'], $filter['mod']); } elseif (isset($filter['ext'])) { $accessService->revokeExtensionAccess($rule->getRole(), $filter['ext']); } elseif (isset($filter['controller'])) { $extension = funcAcl_helpers_Map::getExtensionFromController($filter['controller']); $shortName = strpos($filter['controller'], '\\') !== false ? substr($filter['controller'], strrpos($filter['controller'], '\\') + 1) : substr($filter['controller'], strrpos($filter['controller'], '_') + 1); $accessService->revokeModuleAccess($rule->getRole(), $extension, $shortName); } elseif (isset($filter['act']) && strpos($filter['act'], '@') !== false) { list($controller, $action) = explode('@', $mask['act'], 2); $extension = funcAcl_helpers_Map::getExtensionFromController($controller); $shortName = strpos($controller, '\\') !== false ? substr($controller, strrpos($controller, '\\') + 1) : substr($controller, strrpos($controller, '_') + 1); $accessService->revokeActionAccess($rule->getRole(), $extension, $shortName, $action); } else { common_Logger::w('Uninterpretable filter in ' . __CLASS__); } } else { common_Logger::w('Only grant rules accepted in ' . __CLASS__); } }