/**
* Manage permissions
*/
protected function adminPermissions()
{
$resource = new \core_kernel_classes_Resource($this->getRequestParameter('id'));
$accessRights = AdminService::getUsersPermissions($resource->getUri());
$userList = $this->getUserList();
$roleList = $this->getRoleList();
$this->setData('privileges', PermissionProvider::getRightLabels());
$userData = array();
foreach (array_keys($accessRights) as $uri) {
if (isset($userList[$uri])) {
$userData[$uri] = array('label' => $userList[$uri], 'isRole' => false);
unset($userList[$uri]);
} elseif (isset($roleList[$uri])) {
$userData[$uri] = array('label' => $roleList[$uri], 'isRole' => true);
unset($roleList[$uri]);
} else {
\common_Logger::d('unknown user ' . $uri);
}
}
$this->setData('users', $userList);
$this->setData('roles', $roleList);
$this->setData('userPrivileges', $accessRights);
$this->setData('userData', $userData);
$this->setData('uri', $resource->getUri());
$this->setData('label', _dh($resource->getLabel()));
$this->setView('AdminAccessController/index.tpl');
}
/**
* (non-PHPdoc)
* @see \oat\generis\model\data\PermissionInterface::onResourceCreated()
*/
public function onResourceCreated(\core_kernel_classes_Resource $resource)
{
$dbAccess = new DataBaseAccess();
// test if class
$class = new \core_kernel_classes_Class($resource);
foreach (array_merge($resource->getTypes(), $class->getParentClasses()) as $parent) {
foreach (AdminService::getUsersPermissions($parent->getUri()) as $userUri => $rights) {
$dbAccess->addPermissions($userUri, $resource->getUri(), $rights);
}
}
}
/**
* (non-PHPdoc)
* @see \oat\generis\model\data\PermissionInterface::onResourceCreated()
*/
public function onResourceCreated(\core_kernel_classes_Resource $resource)
{
$dbAccess = new DataBaseAccess();
// verify resource is created
$permissions = $dbAccess->getResourcePermissions($resource->getUri());
if (empty($permissions)) {
// treat resources as classes without parent classes
$class = new \core_kernel_classes_Class($resource);
foreach (array_merge($resource->getTypes(), $class->getParentClasses()) as $parent) {
foreach (AdminService::getUsersPermissions($parent->getUri()) as $userUri => $rights) {
$dbAccess->addPermissions($userUri, $resource->getUri(), $rights);
}
}
}
}
/**
*
* @param string $currentVersion
* @return string $versionUpdatedTo
*/
public function update($initialVersion)
{
$currentVersion = $initialVersion;
if ($currentVersion == '1.0') {
$impl = new PermissionProvider();
// add read access to Items
$class = new \core_kernel_classes_Class(TAO_ITEM_CLASS);
AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, array('READ'));
// add backoffice user rights to Tests
$class = new \core_kernel_classes_Class(TAO_TEST_CLASS);
AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, $impl->getSupportedRights());
$currentVersion = '1.0.1';
}
if ($currentVersion == '1.0.1') {
$currentVersion = '1.0.2';
}
if ($currentVersion == '1.0.2') {
$taoClass = new \core_kernel_classes_Class(TAO_OBJECT_CLASS);
$classAdmin = new AdminAction();
ClassActionRegistry::getRegistry()->registerAction($taoClass, $classAdmin);
$currentVersion = '1.1';
}
if ($currentVersion == '1.1') {
$classesToAdd = array(new \core_kernel_classes_Class(CLASS_GENERIS_USER), new \core_kernel_classes_Class(CLASS_ROLE));
// add admin to new instances
$classAdmin = new AdminAction();
foreach ($classesToAdd as $class) {
ClassActionRegistry::getRegistry()->registerAction($class, $classAdmin);
}
// add base permissions to new classes
$taoClass = new \core_kernel_classes_Class(TAO_OBJECT_CLASS);
foreach ($taoClass->getSubClasses(false) as $class) {
if (!in_array($class->getUri(), array(TAO_ITEM_CLASS, TAO_TEST_CLASS))) {
$classesToAdd[] = $class;
}
}
$rights = PermissionManager::getPermissionModel()->getSupportedRights();
foreach ($classesToAdd as $class) {
if (count(AdminService::getUsersPermissions($class->getUri())) == 0) {
AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, $rights);
} else {
\common_Logger::w('Unexpected rights present for ' . $class->getUri());
}
}
$currentVersion = '1.2.0';
}
return $currentVersion;
}
/**
* Manage permissions
* @requiresRight id GRANT
*/
public function adminPermissions()
{
$resource = new \core_kernel_classes_Resource($this->getRequestParameter('id'));
$accessRights = AdminService::getUsersPermissions($resource->getUri());
$this->setData('privileges', PermissionProvider::getRightLabels());
$users = array();
$roles = array();
foreach ($accessRights as $uri => $privileges) {
$identity = new \core_kernel_classes_Resource($uri);
if ($identity->isInstanceOf(\tao_models_classes_RoleService::singleton()->getRoleClass())) {
$roles[$uri] = array('label' => $identity->getLabel(), 'privileges' => $privileges);
} else {
$users[$uri] = array('label' => $identity->getLabel(), 'privileges' => $privileges);
}
}
$this->setData('users', $users);
$this->setData('roles', $roles);
$this->setData('isClass', $resource->isClass());
$this->setData('uri', $resource->getUri());
$this->setData('label', _dh($resource->getLabel()));
$this->setView('AdminAccessController/index.tpl');
}