protected function addField($name) { switch ($name) { case 'username': $this->form->setDefault('username', $this->resource->username); $this->form->setValidator('username', new sfValidatorString(array('required' => true))); $this->form->setWidget('username', new sfWidgetFormInput()); break; case 'email': $this->form->setDefault('email', $this->resource->email); $this->form->setValidator('email', new sfValidatorEmail(array('required' => true))); $this->form->setWidget('email', new sfWidgetFormInput()); break; case 'password': case 'confirmPassword': $this->form->setDefault($name, null); // Required field only if a new user is being created $this->form->setValidator($name, new sfValidatorString(array('required' => !isset($this->getRoute()->resource)))); $this->form->setWidget($name, new sfWidgetFormInputPassword()); break; case 'groups': $values = array(); $criteria = new Criteria(); $criteria->add(QubitAclUserGroup::USER_ID, $this->resource->id); foreach (QubitAclUserGroup::get($criteria) as $item) { $values[] = $item->groupId; } $choices = array(); $criteria = new Criteria(); $criteria->add(QubitAclGroup::ID, 99, Criteria::GREATER_THAN); foreach (QubitAclGroup::get($criteria) as $item) { $choices[$item->id] = $item->getName(array('cultureFallback' => true)); } $this->form->setDefault('groups', $values); $this->form->setValidator('groups', new sfValidatorPass()); $this->form->setWidget('groups', new sfWidgetFormSelect(array('choices' => $choices, 'multiple' => true))); break; case 'translate': $c = sfCultureInfo::getInstance($this->context->user->getCulture()); $languages = $c->getLanguages(); $choices = array(); if (0 < count($langSettings = QubitSetting::getByScope('i18n_languages'))) { foreach ($langSettings as $item) { $choices[$item->name] = $languages[$item->name]; } } // Find existing translate permissions $criteria = new Criteria(); $criteria->add(QubitAclPermission::USER_ID, $this->resource->id); $criteria->add(QubitAclPermission::ACTION, 'translate'); $defaults = null; if (null !== ($permission = QubitAclPermission::getOne($criteria))) { $defaults = $permission->getConstants(array('name' => 'languages')); } $this->form->setDefault('translate', $defaults); $this->form->setValidator('translate', new sfValidatorPass()); $this->form->setWidget('translate', new sfWidgetFormSelect(array('choices' => $choices, 'multiple' => true))); break; } }
public function getAclGroups() { // Add all users to 'authenticated' group $authenticatedGroup = QubitAclGroup::getById(QubitAclGroup::AUTHENTICATED_ID); $groups = array($authenticatedGroup); foreach ($this->getAclUserGroups() as $userGroup) { $groups[] = $userGroup->getGroup(); } return $groups; }
public function execute($request) { $this->form = new sfForm(); $this->form->getValidatorSchema()->setOption('allow_extra_fields', true); if (isset($this->request->id)) { $this->resource = QubitAclGroup::getById($this->request->id); if (!isset($this->resource)) { $this->forward404(); } } foreach ($this::$NAMES as $name) { $this->addField($name); } }
public function execute($request) { $this->group = QubitAclGroup::getById($this->request->id); $this->forward404Unless($this->group); $this->groups = array(); foreach ($this->group->ancestors->andSelf()->orderBy('lft') as $group) { if (QubitAclGroup::ROOT_ID < $group->id) { $this->groups[] = $group->id; } } // Table width $this->tableCols = count($this->groups) + 3; // Get access control permissions $criteria = new Criteria(); if (1 == count($this->groups)) { $criteria->add(QubitAclPermission::GROUP_ID, $this->groups[0]); } else { $criteria->add(QubitAclPermission::GROUP_ID, $this->groups, Criteria::IN); } // Add term criteria $criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN); $c1 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitTerm'); $c2 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL); $c3 = $criteria->getNewCriterion(QubitAclPermission::ACTION, 'createTerm'); $c1->addOr($c2); $c1->addOr($c3); $criteria->add($c1); // Sort $criteria->addAscendingOrderByColumn(QubitAclPermission::CONSTANTS); $criteria->addAscendingOrderByColumn(QubitAclPermission::OBJECT_ID); $criteria->addAscendingOrderByColumn(QubitAclPermission::GROUP_ID); // Build ACL $this->acl = array(); if (0 < count($permissions = QubitAclPermission::get($criteria))) { foreach ($permissions as $permission) { if ('createTerm' != $permission->action) { $taxonomyId = $permission->getConstants(array('name' => 'taxonomyId')); $action = $permission->action; } else { // In this context permissions for all objects (null) and root object // are equivalent $taxonomyId = QubitTaxonomy::ROOT_ID != $permission->objectId ? $permission->objectId : null; $action = 'create'; } $this->acl[$taxonomyId][$action][$permission->groupId] = $permission; } } }
public function execute($request) { $this->group = QubitAclGroup::getById($request->id); if (!isset($this->group)) { $this->forward404(); } $criteria = new Criteria(); $criteria->add(QubitAclPermission::GROUP_ID, $this->group->id); $criteria->add(QubitAclPermission::ACTION, 'translate'); $criteria->add(QubitAclPermission::GRANT_DENY, 1); $this->translate = 'No'; if (null !== QubitAclPermission::getOne($criteria)) { $this->translate = 'Yes'; } // Require administrator credentials if (!QubitAcl::check($this->group, 'read')) { $this->redirect('admin/secure'); } }
public function execute($request) { $this->form = new sfForm(); $this->group = QubitAclGroup::getById($request->id); // Check that object exists if (!isset($this->group)) { $this->forward404(); } // Check if group is protected if ($this->group->isProtected()) { $this->forward('aclGroup', 'protected'); } // Check user authorization if (!QubitAcl::check($this->group, 'delete')) { QubitAcl::forwardUnauthorized(); } if ($request->isMethod('delete')) { $this->group->delete(); $this->redirect(array('module' => 'aclGroup', 'action' => 'list')); } }
public function execute($request) { $this->group = new QubitAclGroup(); if (isset($this->request->id)) { $this->group = QubitAclGroup::getById($this->request->id); if (!isset($this->group)) { $this->forward404(); } } $this->form = new sfForm(); $this->form->getValidatorSchema()->setOption('allow_extra_fields', true); foreach ($this::$NAMES as $name) { $this->addField($name); } if ($request->isMethod('post')) { $this->form->bind($request->getPostParameters()); if ($this->form->isValid()) { $this->processForm(); $this->redirect(array($this->group, 'module' => 'aclGroup')); } } }
public function execute($request) { $this->group = QubitAclGroup::getById($request->id); $this->forward404Unless($this->group); // Check authorization if (!QubitAcl::check($this->group, 'read')) { $this->redirect('admin/secure'); } // Add roles $this->roles = array(); foreach ($this->group->ancestors->andSelf()->orderBy('lft') as $group) { // Omit ROOT group if (1 < $group->id) { $this->roles[] = $group->id; } } // Table width $this->tableCols = count($this->roles) + 3; // Get permissions for this group and parents $criteria = new Criteria(); $criteria->add(QubitAclPermission::GROUP_ID, $this->roles, Criteria::IN); // Add actor criteria $criteria->addJoin(QubitAclPermission::OBJECT_ID, QubitObject::ID, Criteria::LEFT_JOIN); $c1 = $criteria->getNewCriterion(QubitObject::CLASS_NAME, 'QubitActor'); $c2 = $criteria->getNewCriterion(QubitAclPermission::OBJECT_ID, null, Criteria::ISNULL); $c1->addOr($c2); $criteria->add($c1); // Build ACL $this->acl = array(); if (0 < count($permissions = QubitAclPermission::get($criteria))) { foreach ($permissions as $permission) { // In this context permissions for all objects (null) and root actor // object are equivalent $objectId = QubitActor::ROOT_ID != $permission->objectId ? $permission->objectId : null; $this->acl[$objectId][$permission->action][$permission->groupId] = $permission; } } }
protected function buildUserRoleList($user) { // Don't add user twice if (in_array($user->getUserID(), $this->_roles)) { return $this; } $parents = array(); // Immediate parents of user role if ($user->isAuthenticated()) { // Add authenticated group $this->acl->addRole(QubitAclGroup::getById(QubitAclGroup::AUTHENTICATED_ID)); $this->_roles[] = QubitAclGroup::AUTHENTICATED_ID; // Add groups (if user belongs to any) if (0 < count($aclUserGroups = $user->user->getAclUserGroups())) { foreach ($aclUserGroups as $aclUserGroup) { $aclGroup = $aclUserGroup->group; $this->acl->addRole($aclGroup, $aclGroup->parent); $this->_roles[] = $aclGroup->id; $parents[] = $aclGroup->id; } } else { $parents = QubitAclGroup::AUTHENTICATED_ID; } // Add user role $this->acl->addRole($user->getUserID(), $parents); $this->_roles[] = $user->getUserID(); } else { // Add anonymous role $this->acl->addRole(QubitAclGroup::getById(QubitAclGroup::ANONYMOUS_ID)); $this->_roles[] = QubitAclGroup::ANONYMOUS_ID; } return $this; }
echo link_to_if(QubitAcl::check($group, 'edit'), '<h1 class="label">' . render_title($group) . '</h1>', array($group, 'module' => 'aclGroup', 'action' => 'edit'), array('title' => __('Edit group'))); ?> <div class="section"> <?php if (0 < count($acl)) { ?> <table id="groupPermissions" class="sticky-enabled"> <thead> <tr> <th colspan="2"> </th> <?php foreach ($groups as $groupId) { ?> <th><?php echo render_title(QubitAclGroup::getById($groupId)); ?> </th> <?php } ?> </tr> </thead> <tbody> <?php foreach ($acl as $taxonomyId => $actions) { ?> <tr> <td colspan="<?php echo $tableCols;
echo link_to_if(SecurityCheck::HasPermission($sf_user, array('module' => 'user', 'action' => 'edit')), '<h1 class="label">' . render_title($resource) . '</h1>', array($resource, 'module' => 'user', 'action' => 'edit'), array('title' => __('Edit user'))); ?> <div class="section"> <?php if (0 < count($acl)) { ?> <table id="userPermissions" class="sticky-enabled"> <thead> <tr> <th colspan="2"> </th> <?php foreach ($userGroups as $item) { ?> <?php if (null !== ($group = QubitAclGroup::getById($item))) { ?> <th><?php echo $group->__toString(); ?> </th> <?php } elseif ($resource->username == $item) { ?> <th><?php echo $resource->username; ?> </th> <?php } ?>
echo link_to_if(QubitAcl::check($group, 'edit'), '<h1 class="label">' . render_title($group) . '</h1>', array($group, 'module' => 'aclGroup', 'action' => 'edit'), array('title' => __('Edit group'))); ?> <div class="section"> <?php if (0 < count($acl)) { ?> <table id="userPermissions"> <thead> <tr> <th colspan="2"> </th> <?php foreach ($roles as $roleId) { ?> <th><?php echo QubitAclGroup::getById($roleId)->__toString(); ?> </th> <?php } ?> </tr> </thead> <tbody> <?php foreach ($acl as $objectId => $actions) { ?> <tr> <td colspan="<?php echo $tableCols - 1;
public function listGroups() { if ($this->isAuthenticated()) { $groups = array(QubitAclGroup::getById(QubitAclGroup::AUTHENTICATED_ID)); if (null !== $this->user->aclUserGroups) { foreach ($this->user->aclUserGroups as $aclUserGroup) { $groups[] = QubitAclGroup::getById($aclUserGroup->groupId); } } return $groups; } else { return QubitAclGroup::getById(QubitAclGroup::ANONYMOUS_ID); } }
public static function getaclGroupsRelatedByparentIdById($id, array $options = array()) { $criteria = new Criteria(); self::addaclGroupsRelatedByparentIdCriteriaById($criteria, $id); return QubitAclGroup::get($criteria, $options); }