/**
* Ensures that there is at least an 'all' permission set for every resource
* @return void
*/
public static function create_permissions()
{
$actions = static::all_actions();
$actions[] = 'all';
$activeClasses = \CMF\Admin::activeClasses();
$activeClasses['user_defined'] = array_keys(\Config::get('cmf.auth.resources', array()));
$roles = Role::select('item')->getQuery()->getResult();
$em = \D::manager();
foreach ($activeClasses as $parent_class => $classes) {
foreach ($classes as $class_name) {
$count = intval(Permission::select("count(item)")->where("item.resource = '{$class_name}'")->andWhere("item.action = 'all'")->getQuery()->getSingleScalarResult());
if ($count == 0) {
$permission = new Permission();
$permission->set('action', 'all');
$permission->set('resource', $class_name);
$em->persist($permission);
foreach ($roles as $role) {
$role->add('permissions', $permission);
$em->persist($role);
}
}
}
}
$em->flush();
}
/**
* Creates a super user
* @return array
*/
public static function createSuperUser($email = '*****@*****.**', $username = '******', $password = null)
{
// Load up the admin module and it's classes, otherwise we won't get
// access to the admin user class
\Module::load('admin');
if (\Fuel::$is_cli) {
$email = \Cli::prompt('Enter an email address', $email);
$username = \Cli::prompt('Enter a user name', $username);
$first = true;
while ($first || strlen($password) > 0 && strlen($password) < 6) {
$password = \Cli::prompt('Enter a password (leave blank to generate one)');
if (strlen($password) > 0 && strlen($password) < 6) {
\Cli::error('The password must be 6 characters or more!');
}
$first = false;
}
$confirm_password = '';
if (empty($password)) {
// The user left the password field blank, so we are generating one
$gen = new PWGen(3, false, false, false, false, false, false);
$password = $confirm_password = $gen->generate() . '-' . $gen->generate() . '-' . $gen->generate();
} else {
// If the user entered a password, we need them to confirm it
while ($confirm_password != $password) {
$confirm_password = \Cli::prompt('Confirm password');
if ($confirm_password != $password) {
\Cli::error('The passwords do not match!');
}
}
}
}
// Check if the user exists
$em = \D::manager();
$user = \Admin\Model_User::select('item')->where("item.username = '******'")->getQuery()->getResult();
$exists = count($user) > 0;
if ($exists) {
$user = $user[0];
} else {
$user = new \Admin\Model_User();
}
// Populate the user
$user->set('email', $email);
$user->set('username', $username);
$user->set('password', $password);
$user->set('confirm_password', $confirm_password);
$user->set('super_user', true);
// Create the admin role
$role = \CMF\Model\Role::findBy(array("name = 'admin'"))->getQuery()->getResult();
if (count($role) == 0) {
$role = new \CMF\Model\Role();
$role->set('name', 'admin');
$role->set('description', 'users of this admin site');
$em->persist($role);
} else {
$role = $role[0];
}
$user->add('roles', $role);
// Validate the newly created user
if (!$user->validate()) {
if (\Fuel::$is_cli) {
\Cli::write('There was something wrong with the info you entered. Try again!', 'red');
static::createSuperUser();
} else {
return array('errors' => $user->errors);
}
}
$em->persist($user);
$em->flush();
\Cli::write($exists ? "\n\tExisting super user updated:" : "\n\tNew super user created:", 'light_gray');
\Cli::write("\tusername: "******"\n\tpassword: "******"\n", 'light_cyan');
}
public function action_save_permissions($table_name, $role_id)
{
$class_name = \Admin::getClassForTable($table_name);
if ($class_name === false) {
return $this->show404(null, "type");
}
$post = \Input::post();
$ids = array_keys($post);
$role = \CMF\Model\Role::select('item')->where('item.id = ' . $role_id)->getQuery()->getResult();
if (count($role) === 0) {
return $this->show404(null, "role");
} else {
$role = $role[0];
}
$permissions = \CMF\Model\Permission::select('item')->leftJoin('item.roles', 'roles')->where("item.resource = '{$class_name}'")->andWhere("item.item_id IN(?1)")->andWhere("roles.id = {$role_id}")->setParameter(1, $ids)->getQuery()->getResult();
$em = \D::manager();
foreach ($permissions as $permission) {
$actions = isset($post[$permission->item_id]) ? $post[$permission->item_id] : array();
if (array_key_exists('all', $actions) && intval($actions['all']) === 1) {
if ($permission->action != 'none') {
$em->remove($permission);
}
$actions = array('all' => 1);
} elseif (!array_key_exists($permission->action, $actions) || intval($actions[$permission->action]) === 0) {
if ($permission->action != 'none') {
$em->remove($permission);
}
}
$post[$permission->item_id] = $actions;
}
foreach ($post as $item_id => $actions) {
$passed = 0;
foreach ($actions as $action => $action_value) {
if ($action != 'all' && intval($action_value) === 1) {
$permission = \CMF\Auth::get_permission($action, $class_name, $item_id);
$role->add('permissions', $permission);
$passed++;
} elseif ($action == 'all' && intval($action_value) === 1) {
$passed++;
}
}
$none_permission = \CMF\Auth::get_permission('none', $class_name, $item_id);
if ($passed === 0) {
$role->add('permissions', $none_permission);
} else {
$em->remove($none_permission);
}
}
$result = array('success' => true);
try {
$em->persist($role);
$em->flush();
} catch (\Exception $e) {
$result['success'] = false;
}
return \Response::forge(json_encode($result), $this->status, $this->headers);
}
