/**
* Checks if the current user has the priviledge to do something.
*
* @param string $priviledge
* @return AccessProhibitedException
**/
protected function _checkAcl($priviledge)
{
$service = new UserService($this->_em);
if (!$this->_acl->isAllowed($service->getCurrentRole(), $this, $priviledge)) {
throw new AccessProhibitedException('Access is prohibited.');
}
}
/**
* @return Acl
*/
protected function roleAcl()
{
if (!$this->roleAcl) {
$id = $this->objId();
$this->roleAcl = new Acl();
$this->roleAcl->addRole(new Role($id));
$this->roleAcl->addResource(new Resource('admin'));
$q = '
select
`denied`,
`allowed`,
`superuser`
from
`charcoal_admin_acl_roles`
where
ident = :id';
$db = \Charcoal\App\App::instance()->getContainer()->get('database');
$sth = $db->prepare($q);
$sth->bindParam(':id', $id);
$sth->execute();
$permissions = $sth->fetch(\PDO::FETCH_ASSOC);
$this->roleAllowed = explode(',', trim($permissions['allowed']));
$this->roleDenied = explode(',', trim($permissions['denied']));
foreach ($this->roleAllowed as $allowed) {
$this->roleAcl->allow($id, 'admin', $allowed);
}
foreach ($this->roleDenied as $denied) {
$this->roleAcl->deny($id, 'admin', $denied);
}
}
return $this->roleAcl;
}
private function addAllowAndDeny(Acl $acl)
{
foreach ($this->config as $roleName => $roleConfig) {
$allowList = isset($roleConfig['allow']) ? $roleConfig['allow'] : [];
foreach ($allowList as $resource => $privilegeList) {
if (empty($privilegeList)) {
$acl->allow($roleName, strtolower($resource));
} else {
foreach ((array) $privilegeList as $privilege) {
$acl->allow($roleName, strtolower($resource), strtolower($privilege));
}
}
}
$denyList = isset($roleConfig['deny']) ? $roleConfig['deny'] : [];
foreach ($denyList as $resource => $privilegeList) {
if (empty($privilegeList)) {
$acl->deny($roleName, strtolower($resource));
} else {
foreach ((array) $privilegeList as $privilege) {
$acl->deny($roleName, strtolower($resource), strtolower($privilege));
}
}
}
}
}
/**
* autentica o usuário
*/
public function autenticaAction()
{
if ($this->getRequest()->isPost()) {
$this->adapter->setOptions(array('object_manager' => Conn::getConn(), 'identity_class' => 'MyClasses\\Entities\\AclUsuario', 'identity_property' => 'login', 'credential_property' => 'senha'));
$this->adapter->setIdentityValue($this->getRequest()->getPost('login'));
$this->adapter->setCredentialValue(sha1($this->getRequest()->getPost('senha')));
$result = $this->auth->authenticate($this->adapter);
if ($result->isValid()) {
$equipes = $result->getIdentity()->getEquipes();
$acl = new Acl();
$acl->addRole(new Role($equipes[0]->getPerfil()));
$recursos = $equipes[0]->getRecursos();
foreach ($recursos as $recurso) {
if (!$acl->hasResource($recurso->getRecurso())) {
/* echo "add recurso: ".
$perfil->getPerfil().", ".
$recurso->getRecurso()->getRecurso().", ".
$recurso->getPermissao(); */
$acl->addResource(new Resource($recurso->getRecurso()));
$acl->allow($equipes[0]->getPerfil(), $recurso->getRecurso());
}
}
$this->auth->getStorage()->write(array($result->getIdentity(), $equipes[0]->getPerfil(), $acl));
$this->layout()->id = $result->getIdentity()->getId();
$this->layout()->nome = $result->getIdentity()->getNome();
return new ViewModel(array('nome' => $result->getIdentity()->getNome()));
} else {
return new ViewModel(array('erro' => array_pop($result->getMessages())));
}
}
}
public function __invoke($serviceLocator)
{
$config = $serviceLocator->get('config');
$this->acl = $serviceLocator->get('MultiRoleAclBase\\Service\\MultiRolesAcl');
if (get_class($this->acl) == 'MultiRoleAclBase\\Service\\MultiRolesAcl' || is_subclass_of($this->acl, 'MultiRoleAclBase\\Service\\MultiRolesAcl')) {
$this->acl->setAllowAccessWhenResourceUnknown(false);
}
$this->roleBuilder = $serviceLocator->get('MultiRoleAclBase\\Acl\\Builder\\RoleBuilder');
$this->resourceBuilder = $serviceLocator->get('MultiRoleAclBase\\Acl\\Builder\\ResourceBuilder');
$this->ruleBuilder = $serviceLocator->get('MultiRoleAclBase\\Acl\\Builder\\RuleBuilder');
// Get all Roles from RoleBuilder
$roles = $this->roleBuilder->buildRoles($this->acl, $serviceLocator);
if (is_array($roles)) {
foreach ($roles as $role) {
$this->acl->addRole($role);
}
}
// Get all Resources from ResourceBuilder
$resources = $this->resourceBuilder->buildResources($this->acl, $serviceLocator);
if (is_array($resources)) {
foreach ($resources as $resource) {
$this->acl->addResource($resource);
}
}
// Build all the rules
$this->ruleBuilder->buildRules($this->acl, $serviceLocator);
return $this->acl;
}
public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
{
if (!$resource instanceof User) {
return false;
}
return $acl->isAdminRole($resource->getRole());
}
/**
* Check the acl
*
* @param string $resource
* @param string $privilege
* @return boolean
*/
public function isAllowed($resource = null, $privilege = null)
{
if (null === $this->acl) {
$this->getAcl();
}
return $this->acl->isAllowed($this->getIdentity()->getRoleId(), $resource, $privilege);
}
/**
* @param Acl $acl
* @param $resource
*/
protected function addAclResource(ZendAcl $acl, AclResource $resource)
{
if (!$acl->hasResource($resource->getResource())) {
$acl->addResource(new \Zend\Permissions\Acl\Resource\GenericResource($resource->getResource()));
}
return $this;
}
/**
* Set and get Zend\Permissions\Acl\Acl
*
* @see \Contentinum\Service\AclAwareInterface::getAcl()
* @return Zend\Permissions\Acl\Acl
*/
public function getAcl($settings)
{
if (null === $this->acl) {
$acl = new Acl();
// start to set first roles ...
foreach ($settings['roles'] as $role) {
$parents = null;
if (isset($settings['parent'][$role])) {
$parents = array($settings['parent'][$role]);
}
$acl->addRole($role, $parents);
}
$role = null;
// ... then resoures ...
foreach ($settings['resources'] as $resource) {
$acl->addResource($resource);
}
// ... and now the rules
foreach ($settings['rules'] as $access => $rule) {
foreach ($rule as $role => $restrictions) {
foreach ($restrictions as $resource => $restriction) {
if ('all' == $restriction) {
$acl->{$access}($role, $resource);
} else {
$acl->{$access}($role, $resource, $restriction);
}
}
}
}
$this->setAcl($acl);
}
return $this->acl;
}
/**
* Create the service using the configuration from the modules config-file
*
* @param ServiceLocator $services The ServiceLocator
*
* @see \Zend\ServiceManager\FactoryInterface::createService()
* @return Hybrid_Auth
*/
public function createService(ServiceLocatorInterface $serviceLocator)
{
$config = $serviceLocator->get('config');
$config = $config['acl'];
if (!isset($config['roles']) || !isset($config['resources'])) {
throw new \Exception('Invalid ACL Config found');
}
$roles = $config['roles'];
if (!isset($roles[self::DEFAULT_ROLE])) {
$roles[self::DEFAULT_ROLE] = '';
}
$this->admins = $config['admins'];
if (!isset($this->admins)) {
throw new \UnexpectedValueException('No admin-user set');
}
$acl = new Acl();
foreach ($roles as $name => $parent) {
if (!$acl->hasRole($name)) {
if (empty($parent)) {
$parent = array();
} else {
$parent = explode(',', $parent);
}
$acl->addRole(new Role($name), $parent);
}
}
foreach ($config['resources'] as $permission => $controllers) {
foreach ($controllers as $controller => $actions) {
if ($controller == 'all') {
$controller = null;
} else {
if (!$acl->hasResource($controller)) {
$acl->addResource(new Resource($controller));
}
}
foreach ($actions as $action => $role) {
if ($action == 'all') {
$action = null;
}
$assert = null;
if (is_array($role)) {
$assert = $serviceLocator->get($role['assert']);
$role = $role['role'];
}
$role = explode(',', $role);
foreach ($role as $roleItem) {
if ($permission == 'allow') {
$acl->allow($roleItem, $controller, $action, $assert);
} elseif ($permission == 'deny') {
$acl->deny($roleItem, $controller, $action, $assert);
} else {
continue;
}
}
}
}
}
return $acl;
}
public function testBuildItemWillAddRulesToAcl()
{
$this->assertFalse($this->acl->isAllowed('guest', 'login'));
$this->assertFalse($this->acl->isAllowed('user', null, 'GET'));
$this->assertTrue($this->object->buildItem());
$this->assertTrue($this->acl->isAllowed('guest', 'login'));
$this->assertTrue($this->acl->isAllowed('user', null, 'GET'));
}
/**
* @param \Zend\Permissions\Acl\Resource\ResourceInterface|string $resource
* @param string $action
* @return bool
*/
public function can($resource, $action)
{
foreach ($this->roles as $role) {
if ($this->acl->isAllowed($role, $resource, $action)) {
return true;
}
}
return false;
}
public function testBuildCanAcceptXMLAsString()
{
$content = file_get_contents(__DIR__ . '/fixtures/test.xml');
$this->object = new AclBuilder(new StringType($content), $this->acl);
$this->assertTrue($this->object->build());
$this->assertTrue($this->acl->hasRole('guest'));
$this->assertTrue($this->acl->hasResource('logout'));
$this->assertTrue($this->acl->isAllowed('guest', 'login'));
$this->assertTrue($this->acl->isAllowed('user', null, 'GET'));
}
public function getPermissosAclRecursoDesprotegidos(\Zend\Permissions\Acl\Acl $acl, \Doctrine\ORM\EntityManager $em)
{
$repo = $em->getRepository('Security\\Entity\\Grupo');
foreach ($repo->fetchPairs() as $grupo) {
foreach ($this->getRecursosDesprotegidos() as $recurso) {
$acl->allow($grupo, $recurso);
}
}
return $acl;
}
public function testIsAuthorizedNegative()
{
$acl = new Acl();
$acl->addRole('administrator');
$acl->addRole('foo', 'administrator');
$acl->addRole('bar');
$access = new AclInheritRoleAccess();
$access->setAcl($acl);
$access->setUser('bar');
$this->assertFalse($access->isAuthorized());
}
/**
* Run the request filter.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next, $resource = null, $permission = null)
{
if ($this->auth->guest()) {
if (!$this->acl->isAllowed('guest', $resource, $permission)) {
return $this->notAllowed($request);
}
} elseif (!$this->acl->isAllowed($this->auth->user(), $resource, $permission)) {
return $this->notAllowed($request);
}
return $next($request);
}
/**
* Check is the user is allowed to the resource on the privilege
*
* @param string $resource
* @param string $privilege
* @return bool
*/
public function isAllowed($user, $resource, $privilege)
{
//Get user roles
$roles = $user->getRoles();
//Check each role if one of them was allowed
foreach ($roles as $role) {
if ($this->acl->isAllowed($role, $resource, $privilege)) {
return true;
}
}
return false;
}
public function __construct()
{
// 添加初始化事件函数
$eventManager = $this->getEventManager();
$serviceLocator = $this->getServiceLocator();
$eventManager->attach(MvcEvent::EVENT_DISPATCH, function ($event) use($eventManager, $serviceLocator) {
// 权限控制
$namespace = $this->params('__NAMESPACE__');
$controller = $this->params('controller');
$action = $this->params('action');
if ($namespace == 'Idatabase\\Controller' && php_sapi_name() !== 'cli') {
// 身份验证不通过的情况下,执行以下操作
if (!isset($_SESSION['account'])) {
$event->stopPropagation(true);
$event->setViewModel($this->msg(false, '未通过身份验证'));
}
// 授权登录后,检查是否有权限访问指定资源
$role = isset($_SESSION['account']['role']) ? $_SESSION['account']['role'] : false;
$resources = isset($_SESSION['account']['resources']) ? $_SESSION['account']['resources'] : array();
$action = $this->getMethodFromAction($action);
$currentResource = $controller . 'Controller\\' . $action;
if ($role && $role !== 'root') {
$acl = new Acl();
$acl->addRole(new Role($role));
foreach ($resources as $resource) {
$acl->addResource(new Resource($resource));
$acl->allow($role, $resource);
}
$isAllowed = false;
try {
if ($acl->isAllowed($role, $currentResource) === true) {
$isAllowed = true;
}
} catch (InvalidArgumentException $e) {
}
if (!$isAllowed) {
$event->stopPropagation(true);
$event->setViewModel($this->deny());
}
}
}
$this->preDispatch();
if (method_exists($this, 'init')) {
try {
$this->init();
} catch (\Exception $e) {
$event->stopPropagation(true);
$event->setViewModel($this->deny($e->getMessage()));
}
}
}, 200);
}
private function _load()
{
if ($this->loaded == false) {
// Add roles
$config = $this->serviceLocator->get('config');
if (isset($config['acl']['role_providers'])) {
$roles = [];
foreach ($config['acl']['role_providers'] as $class => $options) {
/** @var \Acl\Provider\Role\ProviderInterface $roleProvider */
$roleProvider = $this->serviceLocator->get($class);
$roles = $roles + $roleProvider->getRoles();
}
foreach ($roles as $role) {
/** @var \Acl\Entity\Role $role */
$this->acl->addRole($role, $role->getParents());
}
}
// Add resources
if (isset($config['acl']['resource_providers'])) {
foreach ($config['acl']['resource_providers'] as $class => $options) {
/** @var \Acl\Provider\Resource\ProviderInterface $resourceProvider */
$resourceProvider = $this->serviceLocator->get($class);
$resources = $resourceProvider->getResources();
if ($resources) {
foreach ($resources as $r) {
if (!$this->acl->hasResource($r)) {
$this->acl->addResource($r);
}
}
}
}
}
// Add rules
if (isset($config['acl']['rule_providers'])) {
$rules = [];
foreach ($config['acl']['rule_providers'] as $class => $options) {
/** @var \Acl\Provider\Rule\ProviderInterface $ruleProvider */
$ruleProvider = $this->serviceLocator->get($class);
$rules = $rules + $ruleProvider->getRules();
}
foreach ($rules as $rule) {
/** @var \Acl\Entity\Rule $rule */
if ($rule->allow) {
$this->acl->allow($rule->obj_id, $rule->resource, $rule->privilege);
} else {
$this->acl->deny($rule->obj_id, $rule->resource, $rule->privilege);
}
}
}
$this->loaded = true;
}
}
public function getAcl()
{
if (!$this->acl) {
$acl = new Acl();
$roleGuest = new Role('guest');
$acl->addRole($roleGuest);
$acl->addRole(new Role('admin'), $roleGuest);
$acl->allow($roleGuest, null, 'view');
$acl->allow('admin', null, array('add', 'edit', 'delete'));
$this->acl = $acl;
}
return $this->acl;
}
public function onInit(MvcEvent $e)
{
$routerMatch = $e->getRouteMatch();
$arrayController = explode("\\", $routerMatch->getParam("controller"));
$module = strtolower($arrayController[0]);
$viewModel = $e->getViewModel();
$this->_mainParam['module'] = strtolower($arrayController[0]);
$this->_mainParam['controller'] = strtolower($arrayController[2]);
$this->_mainParam['action'] = strtolower($routerMatch->getParam("action"));
//truyền ra cho layout
$viewModel->params = array("module" => strtolower($arrayController[0]), "controller" => strtolower($arrayController[2]), "action" => strtolower($routerMatch->getParam("action")));
$config = $this->getServiceLocator()->get("config");
$layout = $config["module_for_layouts"][strtolower($arrayController[0])];
//set layout
$this->layout($layout);
$infoObj = new \ZendVN\System\Info();
//KIEM TRA USER AuTH
if ($this->_mainParam['module'] == 'admin') {
//chưa đăng nhập
if (!$this->identity()) {
return $this->redirect()->toRoute('homeShop');
} else {
//đăng nhập rồi mà không có quyền vào
$group_acp = $infoObj->getGroupInfo('group_acp');
if ($group_acp != 1) {
return $this->redirect()->toRoute('homeShop');
} else {
// KIEM TRA PERMISSION
$aclObj = new Acl();
$role = $infoObj->getPermissionInfo()['role'];
$privilegesOfRole = $infoObj->getPermissionInfo()['privileges'];
$aclObj->addRole($role);
$aclObj->allow($role, null, $privilegesOfRole);
$privilegesOfArea = $this->_mainParam['module'] . "|" . $this->_mainParam['controller'] . "|" . $this->_mainParam['action'];
if ($aclObj->isAllowed($role, null, $privilegesOfArea) == false) {
return $this->goNoAccess();
}
}
}
}
//kiem tra controller user khong đăng nhập thi không được vào
if ($this->_mainParam['controller'] == 'user' && $this->_mainParam['module'] == 'shop') {
//chưa đăng nhập
if (!$this->identity()) {
return $this->redirect()->toRoute('homeShop');
}
}
// ------------------------------------------------------------
//func Init() giúp cho các controller extends có thể override onInit()
$this->init();
}
public function initAcl(MvcEvent $e)
{
//Creamos el objeto ACL
$acl = new Acl();
//Incluimos la lista de roles y permisos, nos devuelve un array
$roles = (require 'config/autoload/acl.roles.php');
foreach ($roles as $role => $resources) {
//Indicamos que el rol será genérico
$role = new \Zend\Permissions\Acl\Role\GenericRole($role);
//Añadimos el rol al ACL
$acl->addRole($role);
//Recorremos los recursos o rutas permitidas
foreach ($resources["allow"] as $resource) {
//Si el recurso no existe lo añadimos
if (!$acl->hasResource($resource)) {
$acl->addResource(new \Zend\Permissions\Acl\Resource\GenericResource($resource));
}
//Permitimos a ese rol ese recurso
$acl->allow($role, $resource);
}
foreach ($resources["deny"] as $resource) {
//Si el recurso no existe lo añadimos
if (!$acl->hasResource($resource)) {
$acl->addResource(new \Zend\Permissions\Acl\Resource\GenericResource($resource));
}
//Denegamos a ese rol ese recurso
$acl->deny($role, $resource);
}
}
//Establecemos la lista de control de acceso
$e->getViewModel()->acl = $acl;
}
public function fillResources(array $resourcesConfig)
{
foreach ($resourcesConfig as $resource => $options) {
$inherit = $this->getOption($options, self::INHERIT);
if (null !== $inherit && !is_string($inherit) && !$inherit instanceof ResourceInterface) {
throw new Exceptions\RuntimeException('Inherit option must be a string or implement ResourceInterface for resources');
}
$this->acl->addResource($resource, $inherit);
$privileges = $this->getOption($options, self::PRIVILEGES, []);
foreach ($privileges as $role => $actions) {
$this->acl->allow([$role], [$resource], $actions);
}
}
}
/**
* @group 4226
*/
public function testAllowNullPermissionAfterResourcesExistShouldAllowAllPermissionsForRole()
{
$this->_acl->addRole('admin');
$this->_acl->addResource('newsletter');
$this->_acl->allow('admin');
$this->assertTrue($this->_acl->isAllowed('admin'));
}
public function loadPrivilege()
{
if (!$this->acl || !$this->acl instanceof \Zend\Permissions\Acl\Acl) {
return null;
}
$userService = $this->getServiceLocator()->get('User\\Service\\User');
/*@var $userService \User\Service\User */
if (!$userService->hasIdentity()) {
return null;
}
$user = $userService->getUser();
if (in_array($user->getRole(), [\User\Model\User::ROLE_ADMIN, \User\Model\User::ROLE_SUPERADMIN, \User\Model\User::ROLE_GUEST])) {
return null;
}
$dependence = $this->acl->getDependencies();
$resources = null;
if ($resources) {
foreach ($resources as $resource) {
if ($this->acl->hasResource($resource['resource'])) {
$this->acl->allow($user->getRole(), $resource['resource'], $resource['privilege']);
if (isset($dependence['/' . str_replace(':', '/', $resource['resource']) . '/' . $resource['privilege']])) {
foreach ($dependence['/' . str_replace(':', '/', $resource['resource']) . '/' . $resource['privilege']] as $depen) {
$arr = explode('/', $depen);
if (count($arr) == 4) {
if ($this->acl->hasResource($arr[1] . ':' . $arr[2])) {
$this->acl->allow($user->getRole(), $arr[1] . ':' . $arr[2], $arr[3]);
}
}
}
}
}
}
}
return $this->acl;
}
/**
* Check if ACL is Authorized
*
* @return Ambigous <boolean, NULL>
*/
public function isAuthorized()
{
// Get current Role, Resource & Privilege
$role = $this->getAdapter()->getRole();
$resource = $this->getAdapter()->getResource();
$privilege = $this->getAdapter()->getPrivilege();
// if resource is defined in ACL resource
if ($this->hasResource($resource)) {
// If role is not define in ACL, we return an exception
if (!$this->hasRole($role)) {
throw new Exception\RoleNotDefinedException($role);
}
$rules = $this->getAdapter()->getRules();
// If the resource is defined in resources list but dont have rules, we generate exception
if (isset($rules['allow'])) {
$resourcesDefinedInRules = array_keys($rules['allow']);
}
if (!in_array($resource, $resourcesDefinedInRules)) {
throw new Exception\ResourceHaveNoAllowRuleException($resource);
}
// If the resource dont have allow rule the resource, we dont authorize
$privilegesDefinedInResource = array_keys($rules['allow'][$resource]);
if (!in_array($privilege, $privilegesDefinedInResource)) {
throw new Exception\ResourcePrivilegeHaveNoAllowRuleException($resource, $privilege);
}
// Check if trio role, resource & privilege allowed
$isAuthorized = parent::isAllowed($role, $resource, $privilege);
if ($isAuthorized) {
return true;
} else {
throw new Exception\AccessNotAllowedException();
}
}
return true;
}
public function initAcl(MvcEvent $e)
{
$acl = new Acl();
$config = $e->getApplication()->getServiceManager()->get('config')['acl'];
foreach ($config['roles'] as $role => $parents) {
$acl->addRole(new GenericRole($role), $parents);
}
foreach ($config['resources'] as $resource => $permissions) {
$acl->addResource(new GenericResource($resource));
foreach ($permissions as $action => $roles) {
foreach ($roles as $role => $privileges) {
$acl->{$action}($role, $resource, $privileges);
}
}
}
$e->getViewModel()->acl = $acl;
}
/**
* for people
* following parameter are relevant
* by => 'all', 'me', 'guest'
* status => Status::CREATED, 'all'
* user => User::ROLE_RECRUITER, User::ROLE_ADMIN, User::ROLE_USER
*
* @param $params Parameters
* @param $queryBuilder \Doctrine\ODM\MongoDB\Query\Builder
* @return mixed
*/
public function createQuery($params, $queryBuilder)
{
$this->value = $params;
/*
* search jobs by keywords
*/
if (isset($params['search']) && !empty($params['search'])) {
$search = strtolower($params['search']);
$expression = $queryBuilder->expr()->operator('$text', ['$search' => $search]);
$queryBuilder->field(null)->equals($expression->getQuery());
}
if (isset($this->value['location']->coordinates)) {
$coordinates = $this->value['location']->coordinates->getCoordinates();
$queryBuilder->field('locations.coordinates')->geoWithinCenter($coordinates[0], $coordinates[1], (double) $this->value['d'] / 100);
}
if (isset($params['channel']) && !empty($params['channel']) && $params['channel'] != "default") {
$queryBuilder->field('portals')->equals($params['channel']);
}
$this->user = $this->auth->getUser();
$isRecruiter = $this->user->getRole() == User::ROLE_RECRUITER || $this->acl->inheritsRole($this->user, User::ROLE_RECRUITER);
if ($isRecruiter && (!isset($this->value['by']) || $this->value['by'] != 'guest')) {
/*
* a recruiter can see his jobs and jobs from users who gave permissions to do so
*/
if (isset($params['by']) && 'me' == $params['by']) {
$queryBuilder->field('user')->equals($this->user->id);
} else {
$queryBuilder->field('permissions.view')->equals($this->user->id);
}
if (isset($params['status']) && !empty($params['status']) && $params['status'] != 'all') {
$queryBuilder->field('status.name')->equals((string) $params['status']);
}
} else {
/*
* an applicants or guests can see all active jobs
*/
$queryBuilder->field('status.name')->equals(Status::ACTIVE);
}
if (isset($this->value['sort'])) {
foreach (explode(",", $this->value['sort']) as $sort) {
$queryBuilder->sort($this->filterSort($sort));
}
}
return $queryBuilder;
}
public function createService(ServiceLocatorInterface $serviceLocator)
{
$config = $serviceLocator->get('config.helper')->get('acl');
$acl = new Acl();
foreach ($config['roles'] as $role => $parents) {
if (empty($parents)) {
$parents = null;
}
$role = new GenericRole($role);
$acl->addRole($role, $parents);
}
foreach ($config['resources'] as $permission => $controllers) {
foreach ($controllers as $controller => $actions) {
if (!$acl->hasResource($controller)) {
$acl->addResource(new GenericResource($controller));
}
foreach ($actions as $action => $role) {
if ($action == '*') {
$action = null;
}
if ($permission == 'allow') {
$acl->allow($role, $controller, $action);
} elseif ($permission == 'deny') {
$acl->deny($role, $controller, $action);
} else {
throw new Exception('No valid permission defined: ' . $permission);
}
}
}
}
if (class_exists('Zend\\View\\Helper\\Navigation')) {
Navigation::setDefaultAcl($acl);
}
return $acl;
}
/**
* for people
* following parameter are relevant
* by => 'all', 'me', 'guest'
* status => Status::CREATED, 'all'
* user => User::ROLE_RECRUITER, User::ROLE_ADMIN, User::ROLE_USER
*
* @param $params
* @param $queryBuilder
* @return mixed
*/
public function createQuery($params, $queryBuilder)
{
$this->value = $params->toArray();
$this->user = $this->auth->getUser();
$isRecruiter = $this->user->getRole() == User::ROLE_RECRUITER || $this->acl->inheritsRole($this->user, User::ROLE_RECRUITER);
if ($isRecruiter && (!isset($this->value['by']) || $this->value['by'] != 'guest')) {
/*
* a recruiter can see his jobs and jobs from users who gave permissions to do so
*/
if (isset($this->value['params']['by']) && 'me' == $this->value['params']['by']) {
$queryBuilder->field('user')->equals($this->user->id);
} else {
$queryBuilder->field('permissions.view')->equals($this->user->id);
}
if (isset($this->value['params']['status']) && !empty($this->value['params']['status']) && $this->value['params']['status'] != 'all') {
$queryBuilder->field('status.name')->equals((string) $this->value['params']['status']);
}
} else {
/*
* an applicants or guests can see all active jobs
*/
$queryBuilder->field('status.name')->equals(Status::ACTIVE);
}
/*
* search jobs by keywords
*/
if (isset($this->value['params']['search']) && !empty($this->value['params']['search'])) {
$search = strtolower($this->value['params']['search']);
$searchPatterns = array();
foreach (explode(' ', $search) as $searchItem) {
$searchPatterns[] = new \MongoRegex('/^' . $searchItem . '/');
}
$queryBuilder->field('keywords')->all($searchPatterns);
}
if (isset($this->value['location'])) {
$loc = $this->value['location'];
$queryBuilder->field('locations.coordinates')->near($loc->getCoordinates())->maxDistance($this->value['d'] * 1000);
}
if (isset($this->value['sort'])) {
foreach (explode(",", $this->value['sort']) as $sort) {
$queryBuilder->sort($this->filterSort($sort));
}
}
return $queryBuilder;
}