/**
* Gets all Resources
*
* This method describes all available resources
*
* @return \ArrayObject Returns array looks like array(
* resource_id => array(name, description, resourceGroup, [array(permission_id => description)]))
* Third value of array is optional and determines unique permissions for specified
* resource which can be allowed or forbidden separately.
*/
public static function getAll($raw = false)
{
$allows = 'Allows ';
if (!isset(self::$list)) {
self::$rawList = array(Acl::RESOURCE_FARMS => array('Farms', $allows . 'access to farm designer.', Acl::GROUP_FARMS, array(Acl::PERM_FARMS_MANAGE => $allows . 'to manage (create/configure/delete) farms.', Acl::PERM_FARMS_CLONE => $allows . 'to clone farms.', Acl::PERM_FARMS_LAUNCH => $allows . 'to launch farms.', Acl::PERM_FARMS_TERMINATE => $allows . 'to terminate farms.', Acl::PERM_FARMS_NOT_OWNED_FARMS => $allows . 'to manage not owned farms.')), Acl::RESOURCE_FARMS_ALERTS => array('Alerts', $allows . 'access to alerts.', Acl::GROUP_FARMS), Acl::RESOURCE_FARMS_SERVERS => array('Servers', $allows . 'access to servers.', Acl::GROUP_FARMS), Acl::RESOURCE_FARMS_EVENTS_AND_NOTIFICATIONS => array('Events and notifications', $allows . 'access to events and notifications.', Acl::GROUP_FARMS), Acl::RESOURCE_FARMS_STATISTICS => array('Statistics', $allows . 'access to statistics.', Acl::GROUP_FARMS), Acl::RESOURCE_FARMS_ROLES => array('Roles', $allows . 'access to roles.', Acl::GROUP_FARMS, array(Acl::PERM_FARMS_ROLES_CREATE => $allows . 'to create (build/import) roles.', Acl::PERM_FARMS_ROLES_MANAGE => $allows . 'to manage (edit/delete) roles.', Acl::PERM_FARMS_ROLES_CLONE => $allows . 'to clone roles.', Acl::PERM_FARMS_ROLES_BUNDLETASKS => $allows . 'to bundle tasks (role creation process logs).')), Acl::RESOURCE_FARMS_SCRIPTS => array('Scripts', $allows . 'access to scripts.', Acl::GROUP_FARMS, array(Acl::PERM_FARMS_SCRIPTS_MANAGE => $allows . 'to manage (create/edit/delete) scripts.', Acl::PERM_FARMS_SCRIPTS_EXECUTE => $allows . 'to execute scripts.', Acl::PERM_FARMS_SCRIPTS_FORK => $allows . 'to fork scripts.')), Acl::RESOURCE_CLOUDSTACK_VOLUMES => array('Volumes', $allows . 'access to CloudStack volumes.', Acl::GROUP_CLOUDSTACK), Acl::RESOURCE_CLOUDSTACK_SNAPSHOTS => array('Snapshots', $allows . 'access to CloudStack snapshots.', Acl::GROUP_CLOUDSTACK), Acl::RESOURCE_CLOUDSTACK_PUBLIC_IPS => array('Public IPs', $allows . 'access to CloudStack public IPs.', Acl::GROUP_CLOUDSTACK), Acl::RESOURCE_OPENSTACK_VOLUMES => array('Volumes', $allows . 'access to OpenStack volumes.', Acl::GROUP_OPENSTACK), Acl::RESOURCE_OPENSTACK_SNAPSHOTS => array('Snapshots', $allows . 'access to OpenStack snapshots.', Acl::GROUP_OPENSTACK), Acl::RESOURCE_OPENSTACK_PUBLIC_IPS => array('Public IPs', $allows . 'access to OpenStack public IPs.', Acl::GROUP_OPENSTACK), Acl::RESOURCE_AWS_CLOUDWATCH => array('CloudWatch', $allows . 'access to AWS CloudWatch.', Acl::GROUP_AWS), Acl::RESOURCE_AWS_ELASTIC_IPS => array('Elastic IPs', $allows . 'access to AWS Elastic IPs.', Acl::GROUP_AWS), Acl::RESOURCE_AWS_ELB => array('Elastic Load Balancing (ELB)', $allows . 'access to AWS Elastic Load Balancing.', Acl::GROUP_AWS), Acl::RESOURCE_AWS_IAM => array('Identity and Access Management (IAM)', $allows . 'access to AWS Identity and Access Management.', Acl::GROUP_AWS), Acl::RESOURCE_AWS_RDS => array('Relational Database Service (RDS)', $allows . 'access to Amazon Relational Database Service.', Acl::GROUP_AWS), Acl::RESOURCE_AWS_SNAPSHOTS => array('Snapshots', $allows . 'access to AWS snapshots.', Acl::GROUP_AWS), Acl::RESOURCE_AWS_VOLUMES => array('Volumes', $allows . 'access to AWS Volumes.', Acl::GROUP_AWS), Acl::RESOURCE_SECURITY_AWS_SECURITY_GROUPS => array('AWS security groups', $allows . 'access to AWS security groups.', Acl::GROUP_SECURITY), Acl::RESOURCE_SECURITY_RETRIEVE_WINDOWS_PASSWORDS => array('Retrieve Windows passwords', $allows . 'access to retrieve passwords for windows.', Acl::GROUP_SECURITY), Acl::RESOURCE_SECURITY_SSH_KEYS => array('SSH keys', $allows . 'access to SSH keys.', Acl::GROUP_SECURITY), Acl::RESOURCE_LOGS_API_LOGS => array('API logs', $allows . 'access to API logs.', Acl::GROUP_LOGS), Acl::RESOURCE_LOGS_SCRIPTING_LOGS => array('Scripting logs', $allows . 'access to scripting logs.', Acl::GROUP_LOGS), Acl::RESOURCE_LOGS_SYSTEM_LOGS => array('System logs', $allows . 'access to system logs.', Acl::GROUP_LOGS), Acl::RESOURCE_SERVICES_APACHE => array('Apache', $allows . 'access to apache.', Acl::GROUP_SERVICES), Acl::RESOURCE_SERVICES_CHEF => array('Chef', $allows . 'access to chef.', Acl::GROUP_SERVICES), Acl::RESOURCE_SERVICES_SSL => array('SSL', $allows . 'access to SSL.', Acl::GROUP_SERVICES), Acl::RESOURCE_SERVICES_RABBITMQ => array('RabbitMQ', $allows . 'access to RabbitMQ.', Acl::GROUP_SERVICES), Acl::RESOURCE_GENERAL_CUSTOM_EVENTS => array('Custom events', $allows . 'access to custom events.', Acl::GROUP_GENERAL), Acl::RESOURCE_GENERAL_CUSTOM_SCALING_METRICS => array('Custom scaling metrics', $allows . 'access to custom scaling metrics.', Acl::GROUP_GENERAL), Acl::RESOURCE_GENERAL_GLOBAL_VARIABLES => array('Global variables (environment level)', $allows . 'access to global variables of environment level.', Acl::GROUP_GENERAL), Acl::RESOURCE_GENERAL_SCHEDULERTASKS => array('Tasks scheduler', $allows . 'access to tasks scheduler.', Acl::GROUP_GENERAL), Acl::RESOURCE_DB_BACKUPS => array('Backups', $allows . 'access to backups.', Acl::GROUP_DATABASES, array(Acl::PERM_DB_BACKUPS_REMOVE => $allows . 'to remove database backups.')), Acl::RESOURCE_DB_DATABASE_STATUS => array('Database status', $allows . 'access to database status.', Acl::GROUP_DATABASES, array(Acl::PERM_DB_DATABASE_STATUS_PMA => $allows . 'access to PMA.')), Acl::RESOURCE_DB_SERVICE_CONFIGURATION => array('Service configuration', $allows . 'access to service configuration.', Acl::GROUP_DATABASES), Acl::RESOURCE_DEPLOYMENTS_APPLICATIONS => array('Applications', $allows . 'access to applications.', Acl::GROUP_DEPLOYMENTS), Acl::RESOURCE_DEPLOYMENTS_SOURCES => array('Sources', $allows . 'access to sources.', Acl::GROUP_DEPLOYMENTS), Acl::RESOURCE_DEPLOYMENTS_TASKS => array('Tasks', $allows . 'access to tasks.', Acl::GROUP_DEPLOYMENTS), Acl::RESOURCE_DNS_ZONES => array('Zones', $allows . 'access to DNS zones.', Acl::GROUP_DNS), Acl::RESOURCE_ADMINISTRATION_BILLING => array('Billing', $allows . 'access to billing.', Acl::GROUP_ADMINISTRATION), Acl::RESOURCE_ADMINISTRATION_GOVERNANCE => array('Governance', $allows . 'access to governance.', Acl::GROUP_ADMINISTRATION), Acl::RESOURCE_ADMINISTRATION_ENV_CLOUDS => array('Setup clouds', $allows . 'to manage cloud credentials for environments in which this user is a team member', Acl::GROUP_ADMINISTRATION));
//Removes disabled resources
foreach (Acl::getDisabledResources() as $resourceId) {
if (isset(self::$rawList[$resourceId])) {
unset(self::$rawList[$resourceId]);
}
}
//Initializes set of the resources
self::$list = new \ArrayObject(array());
self::$idx = array();
foreach (self::$rawList as $resourceId => $optionsArray) {
$resourceDefinition = new ResourceObject($resourceId, $optionsArray);
self::$list[$resourceId] = $resourceDefinition;
if (!isset(self::$idx[$resourceDefinition->getGroup()])) {
self::$idx[$resourceDefinition->getGroup()] = array();
}
self::$idx[$resourceDefinition->getGroup()][] = $resourceId;
}
}
return $raw ? self::$rawList : self::$list;
}
/**
* Gets all Resources
*
* This method describes all available resources
*
* @return \ArrayObject Returns array looks like [
* resource_id => [name, description, resourceGroup, [[permission_id => description)]]]
* Third value of array is optional and determines unique permissions for specified
* resource which can be allowed or forbidden separately.
*/
public static function getAll($raw = false)
{
$allows = 'Allows ';
if (!isset(self::$list)) {
self::$rawList = [Acl::RESOURCE_FARMS => ['All Farms', $allows . 'access to farms and servers.', Acl::GROUP_FARMS_SERVERS, [Acl::PERM_FARMS_MANAGE => $allows . 'to manage (create/configure/delete) farms.', Acl::PERM_FARMS_CLONE => $allows . 'to clone farms.', Acl::PERM_FARMS_LAUNCH_TERMINATE => $allows . 'to launch/terminate farms.', Acl::PERM_FARMS_CHANGE_OWNERSHIP => $allows . 'to change owner or team', Acl::PERM_FARMS_SERVERS => $allows . 'to manage servers', Acl::PERM_FARMS_STATISTICS => $allows . 'to access statistics']], Acl::RESOURCE_TEAM_FARMS => ['Farms Your Teams Own', $allows . 'access to farms and servers.', Acl::GROUP_FARMS_SERVERS, [Acl::PERM_FARMS_MANAGE => $allows . 'to manage (create/configure/delete) farms.', Acl::PERM_FARMS_CLONE => $allows . 'to clone farms.', Acl::PERM_FARMS_LAUNCH_TERMINATE => $allows . 'to launch/terminate farms.', Acl::PERM_FARMS_CHANGE_OWNERSHIP => $allows . 'to change owner or team', Acl::PERM_FARMS_SERVERS => $allows . 'to manage servers', Acl::PERM_FARMS_STATISTICS => $allows . 'to access statistics']], Acl::RESOURCE_OWN_FARMS => ['Farms You Own', $allows . 'access to farms and servers.', Acl::GROUP_FARMS_SERVERS, [Acl::PERM_FARMS_MANAGE => $allows . 'to manage (create/configure/delete) farms.', Acl::PERM_FARMS_CLONE => $allows . 'to clone farms.', Acl::PERM_FARMS_LAUNCH_TERMINATE => $allows . 'to launch/terminate farms.', Acl::PERM_FARMS_CHANGE_OWNERSHIP => $allows . 'to change owner or team', Acl::PERM_FARMS_SERVERS => $allows . 'to manage servers', Acl::PERM_FARMS_STATISTICS => $allows . 'to access statistics']], Acl::RESOURCE_FARMS_ROLES => ['Roles', $allows . 'access to roles.', Acl::GROUP_ROLES_IMAGES, [Acl::PERM_FARMS_ROLES_CREATE => $allows . 'to create (build/import) roles.', Acl::PERM_FARMS_ROLES_MANAGE => $allows . 'to manage (edit/delete) roles.', Acl::PERM_FARMS_ROLES_CLONE => $allows . 'to clone roles.', Acl::PERM_FARMS_ROLES_BUNDLETASKS => $allows . 'to bundle tasks (role creation process logs).']], Acl::RESOURCE_FARMS_IMAGES => ['Images', $allows . 'access to images.', Acl::GROUP_ROLES_IMAGES, [Acl::PERM_FARMS_ROLES_CREATE => $allows . 'to create (build/import) images.', Acl::PERM_FARMS_ROLES_MANAGE => $allows . 'to manage (edit/delete) images.']], Acl::RESOURCE_GCE_STATIC_IPS => ['Static IPs', $allows . 'access to GCE static IPs.', Acl::GROUP_GCE], Acl::RESOURCE_GCE_PERSISTENT_DISKS => ['Persistent disks', $allows . 'access to GCE persistent disks.', Acl::GROUP_GCE], Acl::RESOURCE_GCE_SNAPSHOTS => ['Snapshots', $allows . 'access to GCE snapshots.', Acl::GROUP_GCE], Acl::RESOURCE_CLOUDSTACK_VOLUMES => ['Volumes', $allows . 'access to CloudStack volumes.', Acl::GROUP_CLOUDSTACK], Acl::RESOURCE_CLOUDSTACK_SNAPSHOTS => ['Snapshots', $allows . 'access to CloudStack snapshots.', Acl::GROUP_CLOUDSTACK], Acl::RESOURCE_CLOUDSTACK_PUBLIC_IPS => ['Public IPs', $allows . 'access to CloudStack public IPs.', Acl::GROUP_CLOUDSTACK], Acl::RESOURCE_OPENSTACK_VOLUMES => ['Volumes', $allows . 'access to OpenStack volumes.', Acl::GROUP_OPENSTACK], Acl::RESOURCE_OPENSTACK_SNAPSHOTS => ['Snapshots', $allows . 'access to OpenStack snapshots.', Acl::GROUP_OPENSTACK], Acl::RESOURCE_OPENSTACK_PUBLIC_IPS => ['Public IPs', $allows . 'access to OpenStack public IPs.', Acl::GROUP_OPENSTACK], Acl::RESOURCE_OPENSTACK_ELB => ['Load Balancing (LBaaS)', $allows . 'access to load balancing service.', Acl::GROUP_OPENSTACK], Acl::RESOURCE_AWS_S3 => ['S3 and Cloudfront', $allows . 'access to AWS S3 and Cloudfront.', Acl::GROUP_AWS], Acl::RESOURCE_AWS_CLOUDWATCH => ['CloudWatch', $allows . 'access to AWS CloudWatch.', Acl::GROUP_AWS], Acl::RESOURCE_AWS_ELASTIC_IPS => ['Elastic IPs', $allows . 'access to AWS Elastic IPs.', Acl::GROUP_AWS], Acl::RESOURCE_AWS_ELB => ['Elastic Load Balancing (ELB)', $allows . 'access to AWS Elastic Load Balancing.', Acl::GROUP_AWS], Acl::RESOURCE_AWS_IAM => ['Identity and Access Management (IAM)', $allows . 'access to AWS Identity and Access Management.', Acl::GROUP_AWS], Acl::RESOURCE_AWS_RDS => ['Relational Database Service (RDS)', $allows . 'access to Amazon Relational Database Service.', Acl::GROUP_AWS], Acl::RESOURCE_AWS_SNAPSHOTS => ['Snapshots', $allows . 'access to AWS snapshots.', Acl::GROUP_AWS], Acl::RESOURCE_AWS_VOLUMES => ['Volumes', $allows . 'access to AWS Volumes.', Acl::GROUP_AWS], Acl::RESOURCE_AWS_ROUTE53 => ['Route53', $allows . 'access to AWS Route53.', Acl::GROUP_AWS], Acl::RESOURCE_SECURITY_SECURITY_GROUPS => ['Security groups', $allows . 'access to security groups.', Acl::GROUP_SECURITY], Acl::RESOURCE_SECURITY_RETRIEVE_WINDOWS_PASSWORDS => ['Retrieve Windows passwords', $allows . 'access to retrieve passwords for windows.', Acl::GROUP_SECURITY], Acl::RESOURCE_SECURITY_SSH_KEYS => ['SSH keys', $allows . 'access to SSH keys.', Acl::GROUP_SECURITY], Acl::RESOURCE_LOGS_EVENT_LOGS => ['Event Log', $allows . 'access to the Event Log.', Acl::GROUP_LOGS], Acl::RESOURCE_LOGS_SYSTEM_LOGS => ['System Log', $allows . 'access to the System Log.', Acl::GROUP_LOGS], Acl::RESOURCE_LOGS_SCRIPTING_LOGS => ['Scripting Log', $allows . 'access to the Scripting Log.', Acl::GROUP_LOGS], Acl::RESOURCE_LOGS_API_LOGS => ['API Log', $allows . 'access to the API Log.', Acl::GROUP_LOGS], Acl::RESOURCE_SERVICES_APACHE => ['Apache', $allows . 'access to apache.', Acl::GROUP_SERVICES], Acl::RESOURCE_SERVICES_ENVADMINISTRATION_CHEF => ['Chef (environment scope)', $allows . 'to manage chef servers in the environment scope.', Acl::GROUP_SERVICES], Acl::RESOURCE_SERVICES_ADMINISTRATION_CHEF => ['Chef (account scope)', $allows . 'to manage chef servers in the account scope.', Acl::GROUP_SERVICES], Acl::RESOURCE_SERVICES_SSL => ['SSL', $allows . 'access to SSL.', Acl::GROUP_SERVICES], Acl::RESOURCE_SERVICES_RABBITMQ => ['RabbitMQ', $allows . 'access to RabbitMQ.', Acl::GROUP_SERVICES], Acl::RESOURCE_GENERAL_CUSTOM_EVENTS => ['Custom events', $allows . 'access to custom events.', Acl::GROUP_GENERAL, [Acl::PERM_GENERAL_CUSTOM_EVENTS_FIRE => $allows . 'to fire custom events.']], Acl::RESOURCE_GENERAL_CUSTOM_SCALING_METRICS => ['Custom scaling metrics', $allows . 'access to custom scaling metrics.', Acl::GROUP_GENERAL], Acl::RESOURCE_GENERAL_SCHEDULERTASKS => ['Tasks scheduler', $allows . 'access to tasks scheduler.', Acl::GROUP_GENERAL], Acl::RESOURCE_DB_BACKUPS => ['Backups', $allows . 'access to backups.', Acl::GROUP_DATABASES, [Acl::PERM_DB_BACKUPS_REMOVE => $allows . 'to remove database backups.']], Acl::RESOURCE_DB_DATABASE_STATUS => ['Database status', $allows . 'access to database status.', Acl::GROUP_DATABASES, [Acl::PERM_DB_DATABASE_STATUS_PMA => $allows . 'access to PMA.']], Acl::RESOURCE_DB_SERVICE_CONFIGURATION => ['Service configuration', $allows . 'access to service configuration.', Acl::GROUP_DATABASES], Acl::RESOURCE_DEPLOYMENTS_APPLICATIONS => ['Applications', $allows . 'access to applications.', Acl::GROUP_DEPLOYMENTS], Acl::RESOURCE_DEPLOYMENTS_SOURCES => ['Sources', $allows . 'access to sources.', Acl::GROUP_DEPLOYMENTS], Acl::RESOURCE_DEPLOYMENTS_TASKS => ['Tasks', $allows . 'access to tasks.', Acl::GROUP_DEPLOYMENTS], Acl::RESOURCE_DNS_ZONES => ['Zones', $allows . 'access to DNS zones.', Acl::GROUP_DNS], Acl::RESOURCE_ADMINISTRATION_BILLING => ['Billing', $allows . 'access to billing.', Acl::GROUP_ADMINISTRATION], Acl::RESOURCE_ADMINISTRATION_ORCHESTRATION => ['Orchestration (account scope)', $allows . 'access to orchestration in the account scope.', Acl::GROUP_ADMINISTRATION], Acl::RESOURCE_ADMINISTRATION_GLOBAL_VARIABLES => ['Global variables (account scope)', $allows . 'access to global variables in the account scope.', Acl::GROUP_ADMINISTRATION], Acl::RESOURCE_ADMINISTRATION_SCRIPTS => ['Scripts (account scope)', $allows . 'access to scripts.', Acl::GROUP_ADMINISTRATION, [Acl::PERM_ADMINISTRATION_SCRIPTS_MANAGE => $allows . 'to manage (create/edit/delete) scripts.', Acl::PERM_ADMINISTRATION_SCRIPTS_EXECUTE => $allows . 'to execute scripts.', Acl::PERM_ADMINISTRATION_SCRIPTS_FORK => $allows . 'to fork scripts.']], Acl::RESOURCE_ADMINISTRATION_WEBHOOKS => ['Webhooks (account scope)', $allows . 'to manage webhooks in the account scope.', Acl::GROUP_ADMINISTRATION], Acl::RESOURCE_ENVADMINISTRATION_ENV_CLOUDS => ['Setup clouds', $allows . 'to manage cloud credentials for environments in which this user is a team member', Acl::GROUP_ENVADMINISTRATION], Acl::RESOURCE_ENVADMINISTRATION_GOVERNANCE => ['Governance', $allows . 'access to governance.', Acl::GROUP_ENVADMINISTRATION], Acl::RESOURCE_ENVADMINISTRATION_GLOBAL_VARIABLES => ['Global variables (environment scope)', $allows . 'access to global variables in the environment scope.', Acl::GROUP_ENVADMINISTRATION], Acl::RESOURCE_ENVADMINISTRATION_WEBHOOKS => ['Webhooks (environment scope)', $allows . 'to manage webhooks in the environment scope.', Acl::GROUP_ENVADMINISTRATION], Acl::RESOURCE_ANALYTICS_PROJECTS => ['Cost Analytics Projects', $allows . ' account users to create a new projects for cost analytics', Acl::GROUP_ANALYTICS], Acl::RESOURCE_ADMINISTRATION_ANALYTICS => ['Cost Analytics (account scope)', $allows . ' access to Cost Analytics in the account scope', Acl::GROUP_ADMINISTRATION, [Acl::PERM_ADMINISTRATION_ANALYTICS_MANAGE_PROJECTS => $allows . 'to edit/create projects in the account scope.', Acl::PERM_ADMINISTRATION_ANALYTICS_ALLOCATE_BUDGET => $allows . "to set/edit projects' budgets in the account scope."]], Acl::RESOURCE_ENVADMINISTRATION_ANALYTICS => ['Cost Analytics (environment scope)', $allows . ' access to Cost Analytics in the environment scope', Acl::GROUP_ENVADMINISTRATION]];
//Removes disabled resources
foreach (Acl::getDisabledResources() as $resourceId) {
if (isset(self::$rawList[$resourceId])) {
unset(self::$rawList[$resourceId]);
}
}
//Initializes set of the resources
self::$list = new \ArrayObject([]);
self::$idx = [];
foreach (self::$rawList as $resourceId => $optionsArray) {
$resourceDefinition = new ResourceObject($resourceId, $optionsArray);
self::$list[$resourceId] = $resourceDefinition;
if (!isset(self::$idx[$resourceDefinition->getGroup()])) {
self::$idx[$resourceDefinition->getGroup()] = [];
}
self::$idx[$resourceDefinition->getGroup()][] = $resourceId;
}
}
return $raw ? self::$rawList : self::$list;
}
