public function _new()
{
parent::_new();
$permissions = new PermissionCollection(new Permission());
$sh = new SearchHandler($permissions, FALSE);
$sh->addConstraint(new Constraint('parent_id', 'is', 'NULL'));
$sh->setOrderby('title');
$permissions->load($sh);
$systemcompany = $this->_uses[$this->modeltype];
if ($systemcompany->isLoaded()) {
$companypermissions = new CompanypermissionCollection(new Companypermission());
$checked = $companypermissions->getPermissionIDs($systemcompany->id);
$this->view->set('checked', $checked);
$debug = DebugOption::getCompanyOption($systemcompany->id);
$this->view->set('debug_id', $debug->id);
$this->view->set('selected_options', $debug->getOptions());
foreach ($permissions as $permission) {
$permission->setAdditional('permissions');
if (isset($checked[$permission->id])) {
$permission->permissions = TRUE;
} else {
$permission->permissions = FALSE;
}
}
}
$this->view->set('permissions', $permissions);
$debug = new DebugOption();
$this->view->set('debug_options', $debug->getEnumOptions('options'));
}
/**
* Test to ensure permissions are returned when searched by child id
*/
public function testFindChidlrenByPermissionId()
{
$permId = 1;
$return = array(array('name' => 'perm1', 'description' => 'Permission #1'), array('name' => 'perm2', 'description' => 'Permission #2'));
$ds = $this->buildMock($return, 'fetch');
$permissions = new PermissionCollection($ds);
$permissions->findChildrenByPermissionId($permId);
$this->assertCount(2, $permissions);
}
function getPermissionTree($permissions = array(), $parent = null)
{
$nextlevel = new PermissionCollection();
$sh = new SearchHandler($nextlevel, false);
if (!empty($permissions)) {
$sh->addConstraint(new Constraint('id', 'in', '(' . implode($permissions, ',') . ')'));
}
if (empty($parent)) {
$sh->addConstraint(new Constraint('parent_id', 'is', 'NULL'));
} else {
$sh->addConstraint(new Constraint('parent_id', '=', $parent));
}
$sh->setOrderby('position');
$rows = $nextlevel->load($sh, null, RETURN_ROWS);
$tree = array();
if (!empty($rows)) {
foreach ($rows as $permission) {
$tree[$permission['id']] = $permission;
$tree[$permission['id']]['children'] = $this->getPermissionTree($permissions, $permission['id']);
}
}
return $tree;
}
/**
* Check in the list of permission to see if this user has access to the requested action
*
* @param string the name of the action to be checked
* @param string the controller name
* @param string the module name
* @return boolean if has permission return true else return false
*
*/
public function hasPermission($modules, $controller = '', $action = '', $pid = '')
{
if (!is_array($modules)) {
$modules = array('module' => $modules);
}
//echo 'AccessObject:hasPermission modules='.implode('=',$modules).' controller='.$controller.' action='.$action.' pid='.$pid.'<br>';
debug('AccessObject::hasPermission modules ' . implode('=', $modules) . ' : controller ' . $controller . ' : action ' . $action);
$controller = str_replace('controller', '', strtolower($controller));
if ($modules['module'] == 'dashboard' && (empty($controller) || $controller == 'index')) {
return true;
}
if ($modules['module'] == 'login' || trim($modules['module']) == '') {
return true;
}
// if($this->check('egs')) {
// return true;
// }
$action = strtolower($action);
if ($this->getCache($modules, $controller, $action)) {
return true;
}
if (isset($pid) && !isset($this->permissions[$pid])) {
$permission = DataObjectFactory::Factory('Permission');
$permission->load($pid);
if ($permission->isLoaded()) {
// permission exists but user does not have access to it
return false;
}
}
if ($action == 'new') {
$action = '_new';
}
if (isset($pid) && isset($this->permissions[$pid])) {
switch ($this->permissions[$pid]['type']) {
case 'g':
case 'm':
if (!in_array($this->permissions[$pid]['permission'], $modules)) {
return false;
}
break;
case 'c':
if ($this->permissions[$pid]['permission'] != $controller) {
return false;
}
break;
case 'a':
if ($this->permissions[$pid]['permission'] != $action) {
return false;
}
break;
}
return true;
}
// TODO : Need to check down the modules tree and
$permissions = new PermissionCollection();
$module_permissions = $permissions->checkPermission($modules, array('g', 'm'));
if (count($module_permissions) == 0) {
// module does not exist in permissions so user cannot have access to it
return false;
}
$parent_ids = array();
foreach ($module_permissions as $permission) {
if (isset($this->permissions[$permission['id']])) {
$parent_ids[] = $permission['id'];
}
}
if (empty($parent_ids)) {
// module exists in permissions but user does not have access to it
return false;
}
// Need to use default controller if controller is empty?
if ($controller !== '') {
// echo 'AccessObject:hasPermission checking controller '.$controller.'<br>';
$permissions = new PermissionCollection();
$controller_permissions = $permissions->checkPermission($controller, 'c', $parent_ids);
if (count($controller_permissions) == 0) {
// controller does not exist in permissions so user has access to it by default
return true;
}
$parent_ids = array();
foreach ($controller_permissions as $permission) {
if (isset($this->permissions[$permission['id']])) {
$parent_ids[] = $permission['id'];
}
}
if (empty($parent_ids)) {
// controller exists in permissions but user does not have access to it
return false;
}
}
// Need to use default action if action is empty?
if ($action !== '') {
// echo 'AccessObject:hasPermission checking action '.$action.'<br>';
$permissions = new PermissionCollection();
$action_permissions = $permissions->checkPermission($action, 'a', $parent_ids);
if (count($action_permissions) == 0) {
// action does not exist in permissions so user has access to it by default
return true;
}
$parent_ids = array();
foreach ($action_permissions as $permission) {
if (isset($this->permissions[$permission['id']])) {
$parent_ids[] = $permission['id'];
}
}
if (empty($parent_ids)) {
// action exists in permissions but user does not have access to it
return false;
}
}
return true;
}
private function get_related_menu_items()
{
$menu_items = array();
if (!isset($_GET['pid'])) {
$ao = AccessObject::Instance();
$pid = $ao->getPermission($_GET['module'], $_GET['controller'], $_GET['action']);
} else {
$pid = $_GET['pid'];
}
$permission = new Permission();
$permissions = new PermissionCollection();
$sh = new SearchHandler($permissions, FALSE);
$sh->addConstraint(new Constraint('parent_id', '=', $pid));
$sh->addConstraint(new Constraint('display_in_sidebar', 'IS', 'true'));
$data = $permissions->load($sh, null, RETURN_ROWS);
if (!empty($data)) {
foreach ($data as $item) {
$link_array = array();
foreach ($permission->build_link($item['id']) as $key => $value) {
$link_array[$key] = $value;
}
$menu_items[] = array('tag' => $item['title'], 'link' => $link_array);
}
}
if (!empty($menu_items)) {
$this->addList('Related Menu Items', $menu_items);
}
}
public function tree()
{
$permissions = new PermissionCollection($this->_templateobject);
$this->view->set('tree', $permissions->getPermissionTree());
$this->setTemplateName('tree');
}
public function view()
{
$flash = Flash::Instance();
if (!$this->loadData()) {
sendBack();
}
$role = $this->_uses['Role'];
if ($role === false) {
sendBack();
}
$this->addSidebar($role);
$moduleadmin = DataObjectFactory::Factory('ModuleAdmin');
$moduleadmins = $moduleadmin->getModuleName($role->{$role->idField});
$this->view->set('moduleadmin', $moduleadmins);
$this->view->set('no_ordering', true);
$this->view->set('reports', $role->getReports());
$this->view->set('users', $role->getUsers());
$companypermissions = DataObjectFactory::Factory('Companypermission');
$modulepermissions = $companypermissions->getAll();
// Note: If no company permissions have been defined ($modulepermissions is empty)
// then all permissions will be displayed; i.e. default is to allow access to
// all permissions if no company permissions override
$permissions = new PermissionCollection(DataObjectFactory::Factory('Permission'));
$this->view->set('items', $permissions->getPermissionTree($modulepermissions));
$this->view->set('permissions_tree', $this->getTemplateName('permissions_tree'));
$this->view->set('current', $role->getPermissions());
$this->view->set('view', true);
}
