private function hasAccessToSharedNavigationItem(&$config)
{
// TODO: Provide a more sophisticated solution
if (isset($config['owner']) && $config['owner'] === $this->user->getUsername()) {
unset($config['owner']);
return true;
}
if (isset($config['users'])) {
$users = array_map('trim', explode(',', strtolower($config['users'])));
if (in_array('*', $users, true) || in_array($this->user->getUsername(), $users, true)) {
unset($config['users']);
return true;
}
}
if (isset($config['groups'])) {
$groups = array_map('trim', explode(',', strtolower($config['groups'])));
if (in_array('*', $groups, true)) {
unset($config['groups']);
return true;
}
$userGroups = array_map('strtolower', $this->user->getGroups());
$matches = array_intersect($userGroups, $groups);
if (!empty($matches)) {
unset($config['groups']);
return true;
}
}
return false;
}
/**
* Apply permissions, restrictions and roles to the given user
*
* @param User $user
*/
public function applyRoles(User $user)
{
$username = $user->getUsername();
try {
$roles = Config::app('roles');
} catch (NotReadableError $e) {
Logger::error('Can\'t get permissions and restrictions for user \'%s\'. An exception was thrown:', $username, $e);
return;
}
$userGroups = $user->getGroups();
$permissions = array();
$restrictions = array();
$roleObjs = array();
foreach ($roles as $roleName => $role) {
if ($this->match($username, $userGroups, $role)) {
$permissionsFromRole = StringHelper::trimSplit($role->permissions);
$permissions = array_merge($permissions, array_diff($permissionsFromRole, $permissions));
$restrictionsFromRole = $role->toArray();
unset($restrictionsFromRole['users']);
unset($restrictionsFromRole['groups']);
unset($restrictionsFromRole['permissions']);
foreach ($restrictionsFromRole as $name => $restriction) {
if (!isset($restrictions[$name])) {
$restrictions[$name] = array();
}
$restrictions[$name][] = $restriction;
}
$roleObj = new Role();
$roleObjs[] = $roleObj->setName($roleName)->setPermissions($permissionsFromRole)->setRestrictions($restrictionsFromRole);
}
}
$user->setPermissions($permissions);
$user->setRestrictions($restrictions);
$user->setRoles($roleObjs);
}
private function hasAccessToSharedNavigationItem(&$config, Config $navConfig)
{
// TODO: Provide a more sophisticated solution
if (isset($config['owner']) && strtolower($config['owner']) === strtolower($this->user->getUsername())) {
unset($config['owner']);
unset($config['users']);
unset($config['groups']);
return true;
}
if (isset($config['parent']) && $navConfig->hasSection($config['parent'])) {
unset($config['owner']);
if (isset($this->accessibleMenuItems[$config['parent']])) {
return $this->accessibleMenuItems[$config['parent']];
}
$parentConfig = $navConfig->getSection($config['parent']);
$this->accessibleMenuItems[$config['parent']] = $this->hasAccessToSharedNavigationItem($parentConfig, $navConfig);
return $this->accessibleMenuItems[$config['parent']];
}
if (isset($config['users'])) {
$users = array_map('trim', explode(',', strtolower($config['users'])));
if (in_array('*', $users, true) || in_array(strtolower($this->user->getUsername()), $users, true)) {
unset($config['owner']);
unset($config['users']);
unset($config['groups']);
return true;
}
}
if (isset($config['groups'])) {
$groups = array_map('trim', explode(',', strtolower($config['groups'])));
if (in_array('*', $groups, true)) {
unset($config['owner']);
unset($config['users']);
unset($config['groups']);
return true;
}
$userGroups = array_map('strtolower', $this->user->getGroups());
$matches = array_intersect($userGroups, $groups);
if (!empty($matches)) {
unset($config['owner']);
unset($config['users']);
unset($config['groups']);
return true;
}
}
return false;
}
/**
* Getter for groups belonged to authenticated user
*
* @return array
* @see User::getGroups
**/
public function getGroups()
{
return $this->user->getGroups();
}
