private function installUser(\Pimcore\Model\User\Role $userRole) { $userM = new \Pimcore\Model\User(); $user = $userM->getByName('kunde'); if ($user !== FALSE) { return $user; } $user = \Pimcore\Model\User::create(array('parentId' => 0, 'name' => 'kunde', 'password' => \Pimcore\Tool\Authentication::getPasswordHash('kunde', 'kunde'), 'active' => 1, 'language' => 'de', 'admin' => FALSE, 'roles' => array(0 => $userRole->getId()))); $user->save(); return $user; }
public function roleGetAction() { $role = User\Role::getById(intval($this->getParam("id"))); // workspaces $types = ["asset", "document", "object"]; foreach ($types as $type) { $workspaces = $role->{"getWorkspaces" . ucfirst($type)}(); foreach ($workspaces as $workspace) { $el = Element\Service::getElementById($type, $workspace->getCid()); if ($el) { // direct injection => not nice but in this case ok ;-) $workspace->path = $el->getRealFullPath(); } } } // get available permissions $availableUserPermissionsList = new User\Permission\Definition\Listing(); $availableUserPermissions = $availableUserPermissionsList->load(); $availablePerspectives = \Pimcore\Config::getAvailablePerspectives(null); $this->_helper->json(["success" => true, "role" => $role, "permissions" => $role->generatePermissionList(), "classes" => $role->getClasses(), "docTypes" => $role->getDocTypes(), "availablePermissions" => $availableUserPermissions, "availablePerspectives" => $availablePerspectives]); }
/** Returns a list of available perspectives for the given user * @param Model\User $user * @return array */ public static function getAvailablePerspectives($user) { $currentConfigName = null; $masterConfig = self::getPerspectivesConfig()->toArray(); if ($user instanceof Model\User) { if ($user->isAdmin()) { $config = self::getPerspectivesConfig()->toArray(); } else { $config = []; $roleIds = $user->getRoles(); $userIds = [$user->getId()]; $userIds = array_merge($userIds, $roleIds); foreach ($userIds as $userId) { if (in_array($userId, $roleIds)) { $userOrRoleToCheck = Model\User\Role::getById($userId); } else { $userOrRoleToCheck = Model\User::getById($userId); } $perspectives = $userOrRoleToCheck->getPerspectives(); if ($perspectives) { foreach ($perspectives as $perspectiveName) { $masterDef = $masterConfig[$perspectiveName]; if ($masterDef) { $config[$perspectiveName] = $masterDef; } } } } if (!$config) { $config = self::getPerspectivesConfig()->toArray(); } } if ($config) { $tmpConfig = []; $validPerspectiveNames = array_keys($config); // sort the stuff foreach ($masterConfig as $masterConfigName => $masterConfiguration) { if (in_array($masterConfigName, $validPerspectiveNames)) { $tmpConfig[$masterConfigName] = $masterConfiguration; } } $config = $tmpConfig; } $currentConfigName = $user->getActivePerspective(); if ($config && !in_array($currentConfigName, array_keys($config))) { $currentConfigName = reset(array_keys($config)); } } else { $config = self::getPerspectivesConfig()->toArray(); } $result = []; foreach ($config as $configName => $configItem) { $item = ["name" => $configName, "icon" => isset($configItem["icon"]) ? $configItem["icon"] : null, "iconCls" => isset($configItem["iconCls"]) ? $configItem["iconCls"] : null]; if ($user) { $item["active"] = $configName == $currentConfigName; } $result[] = $item; } return $result; }
/** * find all elements which the user may not list and therefore may never be shown to the user * @param string $type asset|object|document * @return array */ public static function findForbiddenPaths($type, $user) { if ($user->isAdmin()) { return array(); } // get workspaces $workspaces = $user->{"getWorkspaces" . ucfirst($type)}(); foreach ($user->getRoles() as $roleId) { $role = Model\User\Role::getById($roleId); $workspaces = array_merge($workspaces, $role->{"getWorkspaces" . ucfirst($type)}()); } $forbidden = array(); if (count($workspaces) > 0) { foreach ($workspaces as $workspace) { if (!$workspace->getList()) { $forbidden[] = $workspace->getCpath(); } } } else { $forbidden[] = "/"; } return $forbidden; }
/** * @param String $key * @return boolean */ public function isAllowed($key, $type = "permission") { if ($this->isAdmin()) { return true; } if ($type == "permission") { if (!$this->getPermission($key)) { // check roles foreach ($this->getRoles() as $roleId) { $role = User\Role::getById($roleId); if ($role->getPermission($key)) { return true; } } } return $this->getPermission($key); } elseif ($type == "class") { $classes = $this->getClasses(); foreach ($this->getRoles() as $roleId) { $role = User\Role::getById($roleId); $classes = array_merge($classes, $role->getClasses()); } if (!empty($classes)) { return in_array($key, $classes); } else { return true; } } elseif ($type == "docType") { $docTypes = $this->getDocTypes(); foreach ($this->getRoles() as $roleId) { $role = User\Role::getById($roleId); $docTypes = array_merge($docTypes, $role->getDocTypes()); } if (!empty($docTypes)) { return in_array($key, $docTypes); } else { return true; } } elseif ($type == "perspective") { //returns true if required perspective is allowed to use by the user return in_array($key, $this->getMergedPerspectives()); } return false; }