/** * Inserts/Updates a permission in the access list * * @param string $roleName * @param string $resourceName * @param string $accessName * @param integer $action * @return boolean * @throws \Phalcon\Acl\Exception */ protected function insertOrUpdateAccess($roleName, $resourceName, $accessName, $action) { /** * Check if the access is valid in the resource */ $sql = "SELECT COUNT(*) FROM {$this->resourcesAccesses} WHERE resources_name = ? AND access_name = ?"; $exists = $this->connection->fetchOne($sql, null, [$resourceName, $accessName]); if (!$exists[0]) { throw new Exception("Access '{$accessName}' does not exist in resource '{$resourceName}' in ACL"); } /** * Update the access in access_list */ $sql = "SELECT COUNT(*) FROM {$this->accessList} " . " WHERE roles_name = ? AND resources_name = ? AND access_name = ?"; $exists = $this->connection->fetchOne($sql, null, [$roleName, $resourceName, $accessName]); if (!$exists[0]) { $sql = "INSERT INTO {$this->accessList} VALUES (?, ?, ?, ?)"; $params = [$roleName, $resourceName, $accessName, $action]; } else { $sql = "UPDATE {$this->accessList} SET allowed = ? " . "WHERE roles_name = ? AND resources_name = ? AND access_name = ?"; $params = [$action, $roleName, $resourceName, $accessName]; } $this->connection->execute($sql, $params); /** * Update the access '*' in access_list */ $sql = "SELECT COUNT(*) FROM {$this->accessList} " . "WHERE roles_name = ? AND resources_name = ? AND access_name = ?"; $exists = $this->connection->fetchOne($sql, null, [$roleName, $resourceName, '*']); if (!$exists[0]) { $sql = "INSERT INTO {$this->accessList} VALUES (?, ?, ?, ?)"; $this->connection->execute($sql, [$roleName, $resourceName, '*', $this->_defaultAccess]); } return true; }
/** * {@inheritdoc} * * @param string $sessionId * @param string $data * @return boolean */ public function write($sessionId, $data) { $options = $this->getOptions(); $row = $this->connection->fetchOne(sprintf('SELECT COUNT(*) FROM %s WHERE %s = ?', $this->connection->escapeIdentifier($options['table']), $this->connection->escapeIdentifier($options['column_session_id'])), Db::FETCH_NUM, [$sessionId]); if (!empty($row) && intval($row[0]) > 0) { return $this->connection->execute(sprintf('UPDATE %s SET %s = ?, %s = ? WHERE %s = ?', $this->connection->escapeIdentifier($options['table']), $this->connection->escapeIdentifier($options['column_data']), $this->connection->escapeIdentifier($options['column_modified_at']), $this->connection->escapeIdentifier($options['column_session_id'])), [$data, time(), $sessionId]); } else { return $this->connection->execute(sprintf('INSERT INTO %s (%s, %s, %s, %s) VALUES (?, ?, ?, NULL)', $this->connection->escapeIdentifier($options['table']), $this->connection->escapeIdentifier($options['column_session_id']), $this->connection->escapeIdentifier($options['column_data']), $this->connection->escapeIdentifier($options['column_created_at']), $this->connection->escapeIdentifier($options['column_modified_at'])), [$sessionId, $data, time()]); } }
/** * {@inheritdoc} * * @param string $keyName * @param string $lifetime * @return bool */ public function exists($keyName = null, $lifetime = null) { $prefixedKey = $this->getPrefixedIdentifier($keyName); $sql = "SELECT lifetime FROM {$this->table} WHERE key_name = ?"; $cache = $this->db->fetchOne($sql, Db::FETCH_ASSOC, [$prefixedKey]); if (!$cache) { return false; } // Remove the cache if expired if ($cache['lifetime'] < time()) { $this->db->execute("DELETE FROM {$this->table} WHERE key_name = ?", [$prefixedKey]); return false; } return true; }
/** * Find if entity with those constraint is exist * * @return bool true if exist */ private function isEntityExist(array $field, $withField = []) { if (!$this->getOption('table')) { throw new Exception("table option is required"); } $query = "SELECT id FROM {$this->getOption('table')} WHERE {$field['id']} = '{$field['value']}'"; if (sizeof($withField) > 0) { $query .= "AND {$withField['id']} = '{$withField['value']}'"; } $result = $this->db->fetchOne($query); // Check is it itself // If yess, pass $entity = $this->getOption('entity'); if ($entity) { if (!property_exists($entity, 'id')) { throw new Exception('Entity must have public id property'); } // In datastore is itself, so pass if ((int) $result['id'] === (int) $entity->id) { return false; } } return (bool) $result; }