protected function addField($name)
{
switch ($name) {
case 'username':
$this->form->setDefault('username', $this->resource->username);
$this->form->setValidator('username', new sfValidatorString(array('required' => true)));
$this->form->setWidget('username', new sfWidgetFormInput());
break;
case 'email':
$this->form->setDefault('email', $this->resource->email);
$this->form->setValidator('email', new sfValidatorEmail(array('required' => true)));
$this->form->setWidget('email', new sfWidgetFormInput());
break;
case 'password':
case 'confirmPassword':
$this->form->setDefault($name, null);
// Required field only if a new user is being created
$this->form->setValidator($name, new sfValidatorString(array('required' => !isset($this->getRoute()->resource))));
$this->form->setWidget($name, new sfWidgetFormInputPassword());
break;
case 'groups':
$values = array();
$criteria = new Criteria();
$criteria->add(QubitAclUserGroup::USER_ID, $this->resource->id);
foreach (QubitAclUserGroup::get($criteria) as $item) {
$values[] = $item->groupId;
}
$choices = array();
$criteria = new Criteria();
$criteria->add(QubitAclGroup::ID, 99, Criteria::GREATER_THAN);
foreach (QubitAclGroup::get($criteria) as $item) {
$choices[$item->id] = $item->getName(array('cultureFallback' => true));
}
$this->form->setDefault('groups', $values);
$this->form->setValidator('groups', new sfValidatorPass());
$this->form->setWidget('groups', new sfWidgetFormSelect(array('choices' => $choices, 'multiple' => true)));
break;
case 'translate':
$c = sfCultureInfo::getInstance($this->context->user->getCulture());
$languages = $c->getLanguages();
$choices = array();
if (0 < count($langSettings = QubitSetting::getByScope('i18n_languages'))) {
foreach ($langSettings as $item) {
$choices[$item->name] = $languages[$item->name];
}
}
// Find existing translate permissions
$criteria = new Criteria();
$criteria->add(QubitAclPermission::USER_ID, $this->resource->id);
$criteria->add(QubitAclPermission::ACTION, 'translate');
$defaults = null;
if (null !== ($permission = QubitAclPermission::getOne($criteria))) {
$defaults = $permission->getConstants(array('name' => 'languages'));
}
$this->form->setDefault('translate', $defaults);
$this->form->setValidator('translate', new sfValidatorPass());
$this->form->setWidget('translate', new sfWidgetFormSelect(array('choices' => $choices, 'multiple' => true)));
break;
}
}
public function getAclGroups()
{
// Add all users to 'authenticated' group
$authenticatedGroup = QubitAclGroup::getById(QubitAclGroup::AUTHENTICATED_ID);
$groups = array($authenticatedGroup);
foreach ($this->getAclUserGroups() as $userGroup) {
$groups[] = $userGroup->getGroup();
}
return $groups;
}
public function execute($request)
{
$this->form = new sfForm();
$this->form->getValidatorSchema()->setOption('allow_extra_fields', true);
if (isset($this->request->id)) {
$this->resource = QubitAclGroup::getById($this->request->id);
if (!isset($this->resource)) {
$this->forward404();
}
}
foreach ($this::$NAMES as $name) {
$this->addField($name);
}
}
public function execute($request)
{
$this->group = QubitAclGroup::getById($this->request->id);
$this->forward404Unless($this->group);
$this->groups = array();
foreach ($this->group->ancestors->andSelf()->orderBy('lft') as $group) {
if (QubitAclGroup::ROOT_ID < $group->id) {
$this->groups[] = $group->id;
}
}
// Table width
$this->tableCols = count($this->groups) + 3;
// Get access control permissions
$criteria = new Criteria();
if (1 == count($this->groups)) {
$criteria->add(QubitAclPermission::GROUP_ID, $this->groups[0]);
} else {
$criteria->add(QubitAclPermission::GROUP_ID, $this->groups, Criteria::IN);
}
// Add term criteria
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$c1 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitTerm');
$c2 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c3 = $criteria->getNewCriterion(QubitAclPermission::ACTION, 'createTerm');
$c1->addOr($c2);
$c1->addOr($c3);
$criteria->add($c1);
// Sort
$criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS);
$criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID);
$criteria->addAscendingOrderByColumn(QubitAclPermission::GROUP_ID);
// Build ACL
$this->acl = array();
if (0 < count($permissions = QubitAclPermission::get($criteria))) {
foreach ($permissions as $permission) {
if ('createTerm' != $permission->action) {
$taxonomyId = $permission->getConstants(array('name' => 'taxonomyId'));
$action = $permission->action;
} else {
// In this context permissions for all objects (null) and root object
// are equivalent
$taxonomyId = QubitTaxonomy::ROOT_ID != $permission->objectId ? $permission->objectId : null;
$action = 'create';
}
$this->acl[$taxonomyId][$action][$permission->groupId] = $permission;
}
}
}
public function execute($request)
{
$this->group = QubitAclGroup::getById($request->id);
if (!isset($this->group)) {
$this->forward404();
}
$criteria = new Criteria();
$criteria->add(QubitAclPermission::GROUP_ID, $this->group->id);
$criteria->add(QubitAclPermission::ACTION, 'translate');
$criteria->add(QubitAclPermission::GRANT_DENY, 1);
$this->translate = 'No';
if (null !== QubitAclPermission::getOne($criteria)) {
$this->translate = 'Yes';
}
// Require administrator credentials
if (!QubitAcl::check($this->group, 'read')) {
$this->redirect('admin/secure');
}
}
public function execute($request)
{
$this->form = new sfForm();
$this->group = QubitAclGroup::getById($request->id);
// Check that object exists
if (!isset($this->group)) {
$this->forward404();
}
// Check if group is protected
if ($this->group->isProtected()) {
$this->forward('aclGroup', 'protected');
}
// Check user authorization
if (!QubitAcl::check($this->group, 'delete')) {
QubitAcl::forwardUnauthorized();
}
if ($request->isMethod('delete')) {
$this->group->delete();
$this->redirect(array('module' => 'aclGroup', 'action' => 'list'));
}
}
public function execute($request)
{
$this->group = new QubitAclGroup();
if (isset($this->request->id)) {
$this->group = QubitAclGroup::getById($this->request->id);
if (!isset($this->group)) {
$this->forward404();
}
}
$this->form = new sfForm();
$this->form->getValidatorSchema()->setOption('allow_extra_fields', true);
foreach ($this::$NAMES as $name) {
$this->addField($name);
}
if ($request->isMethod('post')) {
$this->form->bind($request->getPostParameters());
if ($this->form->isValid()) {
$this->processForm();
$this->redirect(array($this->group, 'module' => 'aclGroup'));
}
}
}
public function execute($request)
{
$this->group = QubitAclGroup::getById($request->id);
$this->forward404Unless($this->group);
// Check authorization
if (!QubitAcl::check($this->group, 'read')) {
$this->redirect('admin/secure');
}
// Add roles
$this->roles = array();
foreach ($this->group->ancestors->andSelf()->orderBy('lft') as $group) {
// Omit ROOT group
if (1 < $group->id) {
$this->roles[] = $group->id;
}
}
// Table width
$this->tableCols = count($this->roles) + 3;
// Get permissions for this group and parents
$criteria = new Criteria();
$criteria->add(QubitAclPermission::GROUP_ID, $this->roles, Criteria::IN);
// Add actor criteria
$criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN);
$c1 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitActor');
$c2 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL);
$c1->addOr($c2);
$criteria->add($c1);
// Build ACL
$this->acl = array();
if (0 < count($permissions = QubitAclPermission::get($criteria))) {
foreach ($permissions as $permission) {
// In this context permissions for all objects (null) and root actor
// object are equivalent
$objectId = QubitActor::ROOT_ID != $permission->objectId ? $permission->objectId : null;
$this->acl[$objectId][$permission->action][$permission->groupId] = $permission;
}
}
}
protected function buildUserRoleList($user)
{
// Don't add user twice
if (in_array($user->getUserID(), $this->_roles)) {
return $this;
}
$parents = array();
// Immediate parents of user role
if ($user->isAuthenticated()) {
// Add authenticated group
$this->acl->addRole(QubitAclGroup::getById(QubitAclGroup::AUTHENTICATED_ID));
$this->_roles[] = QubitAclGroup::AUTHENTICATED_ID;
// Add groups (if user belongs to any)
if (0 < count($aclUserGroups = $user->user->getAclUserGroups())) {
foreach ($aclUserGroups as $aclUserGroup) {
$aclGroup = $aclUserGroup->group;
$this->acl->addRole($aclGroup, $aclGroup->parent);
$this->_roles[] = $aclGroup->id;
$parents[] = $aclGroup->id;
}
} else {
$parents = QubitAclGroup::AUTHENTICATED_ID;
}
// Add user role
$this->acl->addRole($user->getUserID(), $parents);
$this->_roles[] = $user->getUserID();
} else {
// Add anonymous role
$this->acl->addRole(QubitAclGroup::getById(QubitAclGroup::ANONYMOUS_ID));
$this->_roles[] = QubitAclGroup::ANONYMOUS_ID;
}
return $this;
}
echo link_to_if(QubitAcl::check($group, 'edit'), '<h1 class="label">' . render_title($group) . '</h1>', array($group, 'module' => 'aclGroup', 'action' => 'edit'), array('title' => __('Edit group')));
?>
<div class="section">
<?php
if (0 < count($acl)) {
?>
<table id="groupPermissions" class="sticky-enabled">
<thead>
<tr>
<th colspan="2"> </th>
<?php
foreach ($groups as $groupId) {
?>
<th><?php
echo render_title(QubitAclGroup::getById($groupId));
?>
</th>
<?php
}
?>
</tr>
</thead>
<tbody>
<?php
foreach ($acl as $taxonomyId => $actions) {
?>
<tr>
<td colspan="<?php
echo $tableCols;
echo link_to_if(SecurityCheck::HasPermission($sf_user, array('module' => 'user', 'action' => 'edit')), '<h1 class="label">' . render_title($resource) . '</h1>', array($resource, 'module' => 'user', 'action' => 'edit'), array('title' => __('Edit user')));
?>
<div class="section">
<?php
if (0 < count($acl)) {
?>
<table id="userPermissions" class="sticky-enabled">
<thead>
<tr>
<th colspan="2"> </th>
<?php
foreach ($userGroups as $item) {
?>
<?php
if (null !== ($group = QubitAclGroup::getById($item))) {
?>
<th><?php
echo $group->__toString();
?>
</th>
<?php
} elseif ($resource->username == $item) {
?>
<th><?php
echo $resource->username;
?>
</th>
<?php
}
?>
echo link_to_if(QubitAcl::check($group, 'edit'), '<h1 class="label">' . render_title($group) . '</h1>', array($group, 'module' => 'aclGroup', 'action' => 'edit'), array('title' => __('Edit group')));
?>
<div class="section">
<?php
if (0 < count($acl)) {
?>
<table id="userPermissions">
<thead>
<tr>
<th colspan="2"> </th>
<?php
foreach ($roles as $roleId) {
?>
<th><?php
echo QubitAclGroup::getById($roleId)->__toString();
?>
</th>
<?php
}
?>
</tr>
</thead>
<tbody>
<?php
foreach ($acl as $objectId => $actions) {
?>
<tr>
<td colspan="<?php
echo $tableCols - 1;
public function listGroups()
{
if ($this->isAuthenticated()) {
$groups = array(QubitAclGroup::getById(QubitAclGroup::AUTHENTICATED_ID));
if (null !== $this->user->aclUserGroups) {
foreach ($this->user->aclUserGroups as $aclUserGroup) {
$groups[] = QubitAclGroup::getById($aclUserGroup->groupId);
}
}
return $groups;
} else {
return QubitAclGroup::getById(QubitAclGroup::ANONYMOUS_ID);
}
}
public static function getaclGroupsRelatedByparentIdById($id, array $options = array())
{
$criteria = new Criteria();
self::addaclGroupsRelatedByparentIdCriteriaById($criteria, $id);
return QubitAclGroup::get($criteria, $options);
}
