/**
  * Compatibility class for old implementation
  * 
  * @param string $extension
  * @param string $controller
  * @param string $action
  * @param array $parameters
  * @return boolean
  * @deprecated
  */
 public function hasAccess($action, $controller, $extension, $parameters = array())
 {
     $user = common_session_SessionManager::getSession()->getUser();
     $uri = funcAcl_models_classes_ModuleAccessService::singleton()->makeEMAUri($extension, $controller);
     $controllerClassName = funcAcl_helpers_Map::getControllerFromUri($uri);
     return self::accessPossible($user, $controllerClassName, $action);
 }
 /**
  * Short description of method remove
  *
  * @access public
  * @author Jehan Bihin, <*****@*****.**>
  * @param  string roleUri
  * @param  string accessUri
  * @return mixed
  */
 public function remove($roleUri, $accessUri)
 {
     $uri = explode('#', $accessUri);
     list($type, $ext, $mod, $act) = explode('_', $uri[1]);
     $role = new core_kernel_classes_Class($roleUri);
     $actionAccessProperty = new core_kernel_classes_Property(funcAcl_models_classes_AccessService::PROPERTY_ACL_GRANTACCESS);
     $module = new core_kernel_classes_Resource($this->makeEMAUri($ext, $mod));
     $controllerClassName = funcAcl_helpers_Map::getControllerFromUri($module->getUri());
     // access via controller?
     $controllerAccess = funcAcl_helpers_Cache::getControllerAccess($controllerClassName);
     if (in_array($roleUri, $controllerAccess['module'])) {
         // remove access to controller
         funcAcl_models_classes_ModuleAccessService::singleton()->remove($roleUri, $module->getUri());
         // add access to all other actions
         foreach (funcAcl_helpers_Model::getActions($module) as $action) {
             if ($action->getUri() != $accessUri) {
                 $this->add($roleUri, $action->getUri());
                 $this->getEventManager()->trigger(new AccessRightAddedEvent($roleUri, $action->getUri()));
             }
         }
     } elseif (isset($controllerAccess['actions'][$act]) && in_array($roleUri, $controllerAccess['actions'][$act])) {
         // remove action only
         $role->removePropertyValues($actionAccessProperty, array('pattern' => $accessUri));
         $this->getEventManager()->trigger(new AccessRightRemovedEvent($roleUri, $accessUri));
         funcAcl_helpers_Cache::flushControllerAccess($controllerClassName);
     }
 }
 /**
  * Short description of method remove
  *
  * @access public
  * @author Jehan Bihin, <*****@*****.**>
  * @param  string roleUri
  * @param  string accessUri
  * @return mixed
  */
 public function remove($roleUri, $accessUri)
 {
     $uri = explode('#', $accessUri);
     list($type, $extId) = explode('_', $uri[1]);
     // Remove the access to the extension for this role.
     $extManager = common_ext_ExtensionsManager::singleton();
     $extension = $extManager->getExtensionById($extId);
     $role = new core_kernel_classes_Resource($roleUri);
     $role->removePropertyValues(new core_kernel_classes_Property(PROPERTY_ACL_GRANTACCESS), array('pattern' => $accessUri));
     funcAcl_helpers_Cache::flushExtensionAccess($extId);
     // also remove access to all the controllers
     $moduleAccessProperty = new core_kernel_classes_Property(PROPERTY_ACL_GRANTACCESS);
     $moduleAccessService = funcAcl_models_classes_ModuleAccessService::singleton();
     $grantedModules = $role->getPropertyValues($moduleAccessProperty);
     foreach ($grantedModules as $gM) {
         $gM = new core_kernel_classes_Resource($gM);
         $uri = explode('#', $gM->getUri());
         list($type, $ext) = explode('_', $uri[1]);
         if ($extId == $ext) {
             $moduleAccessService->remove($role->getUri(), $gM->getUri());
         }
     }
 }
 public function revokeModuleAccess(core_kernel_classes_Resource $role, $ext, $mod)
 {
     $accessUri = $this->makeEMAUri($ext, $mod);
     funcAcl_models_classes_ModuleAccessService::singleton()->remove($role->getUri(), $accessUri);
 }
 public function testFuncACL()
 {
     $baseRole = $this->testrole;
     $srv = tao_models_classes_UserService::singleton();
     $generisUser = new core_kernel_users_GenerisUser($this->user);
     $this->assertTrue(LoginService::startSession($generisUser));
     // -- Test uri creation
     $emauri = FUNCACL_NS . '#a_tao_Users_add';
     $emaurimod = FUNCACL_NS . '#m_tao_Users';
     $makeemauri = funcAcl_models_classes_AccessService::singleton()->makeEMAUri('tao', 'Users', 'add');
     $makeemaurimod = funcAcl_models_classes_AccessService::singleton()->makeEMAUri('tao', 'Users');
     $this->assertEquals($emauri, $makeemauri);
     $this->assertEquals($emaurimod, $makeemaurimod);
     $funcAclImp = new funcAcl_models_classes_FuncAcl();
     // -- Try to access a restricted action
     $this->assertFalse($funcAclImp->hasAccess('add', 'Users', 'tao'));
     // -- Try to access a unrestricted action
     // (BACKOFFICE has access to the backend login action because it includes the TAO Role)
     $this->assertTrue($funcAclImp->hasAccess('login', 'Main', 'tao'));
     // -- Try to access an action that does not exist.
     $this->assertFalse($funcAclImp->hasAccess('action', 'Unknown', 'tao'));
     // -- Try to access a unrestricted action
     // Add access for this action to the Manager role.
     funcAcl_models_classes_ActionAccessService::singleton()->add($this->testRole->getUri(), $makeemauri);
     // Add the Manager role the the currently tested user
     tao_models_classes_UserService::singleton()->attachRole($this->user, $this->testRole);
     // Logoff/login, to refresh roles cache
     $this->assertTrue(LoginService::startSession($generisUser));
     // Ask for access
     $this->assertTrue($funcAclImp->hasAccess('add', 'Users', 'tao'));
     // Remove the access to this action from the Manager role
     funcAcl_models_classes_ActionAccessService::singleton()->remove($this->testRole->getUri(), $makeemauri);
     // We should not have access anymore to this action with the Manager role
     $this->assertFalse($funcAclImp->hasAccess('add', 'Users', 'tao'));
     // -- Give access to the entire module and try to access the previously tested action
     funcAcl_models_classes_ModuleAccessService::singleton()->add($this->testRole->getUri(), $makeemaurimod);
     $this->assertTrue($funcAclImp->hasAccess('add', 'Users', 'tao'));
     // -- Remove the entire module access and try again
     funcAcl_models_classes_ModuleAccessService::singleton()->remove($this->testRole->getUri(), $makeemaurimod);
     $this->assertFalse($funcAclImp->hasAccess('add', 'Users', 'tao'));
     // reset
     funcAcl_models_classes_ModuleAccessService::singleton()->add($this->testRole->getUri(), $makeemaurimod);
     // Unattach role from user
     tao_models_classes_UserService::singleton()->unnatachRole($this->user, $this->testRole);
 }
Exemplo n.º 6
0
 public function addModuleAccess()
 {
     if (!tao_helpers_Request::isAjax()) {
         throw new Exception("wrong request mode");
     } else {
         $role = $this->getRequestParameter('role');
         $uri = $this->getRequestParameter('uri');
         $moduleService = funcAcl_models_classes_ModuleAccessService::singleton();
         $moduleService->add($role, $uri);
         echo json_encode(array('uri' => $uri));
     }
 }