/**
* Load role privileges
*
* @service
* @anonym
* @param Gpf_Rpc_Params $params
* @return Gpf_Data_RecordSet
*/
public function loadRolePrivileges(Gpf_Rpc_Params $params)
{
if (!Gpf_Session::getAuthUser()->hasPrivilege(Gpf_Privileges::ROLE, Gpf_Privileges::P_READ) && !Gpf_Session::getAuthUser()->hasPrivilege(Gpf_Privileges::ROLE, Pap_Privileges::P_READ_OWN)) {
throw new Gpf_Rpc_PermissionDeniedException('Gpf_Role_RolePrivilegesForm', 'loadRolePrivileges');
}
$role = new Gpf_Db_Role();
$role->setId($params->get('roleid'));
$role->load();
$defaultPrivileges = Gpf_Application::getInstance()->getDefaultPrivilegesByRoleType($role->getRoleType());
$result = new Gpf_Data_RecordSet();
$result->addColumn('object');
$result->addColumn('objectName');
$result->addColumn('possiblePrivileges');
$result->addColumn('activePrivileges');
$rolePrivileges = Gpf_Privileges::loadPrivileges($role->getId());
foreach ($defaultPrivileges->getDefaultPrivileges() as $object => $privileges) {
$record = new Gpf_Data_Record($result->getHeader());
$record->add('object', $object);
$record->add('objectName', ucfirst(str_replace('_', ' ', strtolower($object))));
$allTypes = $defaultPrivileges->getObjectToTypeRelation();
$record->add('possiblePrivileges', implode(',', $allTypes[$object]));
if (array_key_exists($object, $rolePrivileges)) {
$record->add('activePrivileges', implode(',', array_keys($rolePrivileges[$object])));
} else {
$record->add('activePrivileges', '');
}
$result->addRecord($record);
}
$result->sort('objectName');
return $result;
}
/**
* Validate Db_Row
*
* @param Gpf_DbEngine_Row $row
* @throws Gpf_DbEngine_Row_ConstraintException
*/
public function validate(Gpf_DbEngine_Row $row)
{
$role = new Gpf_Db_Role();
$role->setId($row->getRoleId());
$role->load();
$select = new Gpf_SqlBuilder_SelectBuilder();
$select->select->add('r.' . Gpf_Db_Table_Roles::TYPE);
$select->from->add(Gpf_Db_Table_Users::getName(), 'u');
$select->from->addInnerJoin(Gpf_Db_Table_Roles::getName(), 'r', 'u.' . Gpf_Db_Table_Users::ROLEID . '=r.' . Gpf_Db_Table_Roles::ID);
$select->where->add('u.' . Gpf_Db_Table_Users::AUTHID, '=', $row->getAuthId());
$select->where->add('u.' . Gpf_Db_Table_Users::ACCOUNTID, '=', $row->getAccountId());
$select->where->add('r.' . Gpf_Db_Table_Roles::TYPE, '=', $role->getRoleType());
$select->where->add('u.' . Gpf_Db_Table_Users::ID, '<>', $row->getPrimaryKeyValue());
try {
$select->getOneRow();
} catch (Gpf_DbEngine_NoRowException $e) {
return;
} catch (Gpf_DbEngine_TooManyRowsException $e) {
}
throw new Gpf_DbEngine_Row_ConstraintException('username', $this->_('Selected username already exists'));
}
/**
* @service role add
* @return Gpf_Rpc_Form
*/
public function add(Gpf_Rpc_Params $params)
{
$form = new Gpf_Rpc_Form($params);
$origRole = new Gpf_Db_Role();
$origRole->setId($form->getFieldValue('roleid'));
$origRole->load();
$newRole = new Gpf_Db_Role();
$newRole->setName($form->getFieldValue('name'));
$newRole->setAccountId(Gpf_Session::getInstance()->getAuthUser()->getAccountId());
$newRole->setRoleType($origRole->getRoleType());
$newRole->insert();
if (strlen($origRole->getAccountId())) {
//it is custom role, copy privileges from db
$select = new Gpf_SqlBuilder_SelectBuilder();
$select->select->addConstant($newRole->getId(), 'roleid');
$select->select->add(Gpf_Db_Table_RolePrivileges::OBJECT, Gpf_Db_Table_RolePrivileges::OBJECT);
$select->select->add(Gpf_Db_Table_RolePrivileges::PRIVILEGE, Gpf_Db_Table_RolePrivileges::PRIVILEGE);
$select->from->add(Gpf_Db_Table_RolePrivileges::getName());
$select->where->add(Gpf_Db_Table_Roles::ID, '=', $origRole->getId());
$insert = new Gpf_SqlBuilder_InsertBuilder();
$insert->setTable(Gpf_Db_Table_RolePrivileges::getInstance());
$insert->fromSelect($select);
$insert->execute();
} else {
//it is default role, copy privileges from php settings
$privileges = Gpf_Application::getInstance()->getRoleDefaultPrivileges($origRole->getId());
foreach ($privileges as $objectName => $privilegeList) {
foreach ($privilegeList as $right) {
$privilege = new Gpf_Db_RolePrivilege();
$privilege->setRoleId($newRole->getId());
$privilege->setObject($objectName);
$privilege->setPrivilege($right);
$privilege->insert();
}
}
}
return $form;
}
/**
* Return default privileges by role type
*
* @param string $roleType
* @return Gpf_Privileges
*/
public function getDefaultPrivilegesByRoleType($roleType)
{
foreach ($this->rolePrivileges as $roleid => $className) {
$objRole = new Gpf_Db_Role();
$objRole->setId($roleid);
$objRole->load();
if ($objRole->getRoleType() == $roleType) {
return new $className();
}
}
return false;
}
