public function addPermission(\thebuggenie\core\entities\RolePermission $permission) { $permission->setRole($this); $permission->save(); if ($this->_permissions !== null) { $this->_permissions[$permission->getID()] = $permission; } tables\Permissions::getTable()->addRolePermission($this, $permission); }
public function addRolePermission(\thebuggenie\core\entities\Role $role, \thebuggenie\core\entities\RolePermission $rolepermission) { $role_id = $role->getID(); $crit = $this->getCriteria(); $crit->addWhere(self::ROLE_ID, $role_id); $existing_identifiables = array(self::UID => array(), self::TID => array()); $target_id = $rolepermission->getExpandedTargetID($role); if ($res = $this->doSelect($crit)) { while ($row = $res->getNextRow()) { $key = $row->get(self::UID) ? self::UID : self::TID; if (!isset($existing_identifiables[$key][$row->get($key)])) { $existing_identifiables[$key][$row->get($key)] = array('id' => $row->get($key), 'target_id' => $target_id, 'permission_type_module' => array()); } $existing_identifiables[$key][$row->get($key)]['permission_type_module'][] = $row->get(self::PERMISSION_TYPE) . ';' . $row->get(self::MODULE); } } foreach (ProjectAssignedUsers::getTable()->getUsersByRoleID($role_id) as $uid => $assigned_user) { if (!isset($existing_identifiables[self::UID][$uid])) { $existing_identifiables[self::UID][$uid] = array('id' => $uid, 'target_id' => $target_id, 'permission_type_module' => array()); } } foreach (ProjectAssignedTeams::getTable()->getTeamsByRoleID($role_id) as $tid => $assigned_team) { if (!isset($existing_identifiables[self::TID][$tid])) { $existing_identifiables[self::TID][$tid] = array('id' => $tid, 'target_id' => $target_id, 'permission_type_module' => array()); } } foreach ($existing_identifiables as $key => $identifiables) { foreach ($identifiables as $identifiable) { if (in_array($rolepermission->getPermission() . ';' . $rolepermission->getModule(), $identifiable['permission_type_module'])) { continue; } $crit = $this->getCriteria(); $crit->addInsert(self::SCOPE, framework\Context::getScope()->getID()); $crit->addInsert(self::PERMISSION_TYPE, $rolepermission->getPermission()); $crit->addInsert(self::TARGET_ID, $identifiable['target_id']); $crit->addInsert($key, $identifiable['id']); $crit->addInsert(self::ALLOWED, true); $crit->addInsert(self::MODULE, $rolepermission->getModule()); $crit->addInsert(self::ROLE_ID, $role_id); $res = $this->doInsert($crit); } } }
public function runConfigureRole(framework\Request $request) { try { $role = new entities\Role($request['role_id']); } catch (\Exception $e) { $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('error' => $this->getI18n()->__('This is not a valid role'))); } if ($role->isSystemRole()) { $access_level = $this->getAccessLevel($request['section'], 'core'); } else { $access_level = $this->getUser()->canManageProject($role->getProject()) ? framework\Settings::ACCESS_FULL : framework\Settings::ACCESS_READ; } switch ($request['mode']) { case 'list_permissions': return $this->renderComponent('configuration/rolepermissionslist', array('role' => $role)); break; case 'edit': if (!$access_level == framework\Settings::ACCESS_FULL) { $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('error' => $this->getI18n()->__('You do not have access to edit these permissions'))); } if ($request->isPost()) { $role->setName($request['name']); $role->save(); $new_permissions = array(); foreach ($request['permissions'] ?: array() as $new_permission) { $permission_details = explode(',', $new_permission); $new_permissions[$permission_details[2]] = array('module' => $permission_details[0], 'target_id' => $permission_details[1]); } $existing_permissions = array(); foreach ($role->getPermissions() as $existing_permission) { if (!array_key_exists($existing_permission->getPermission(), $new_permissions)) { $role->removePermission($existing_permission); } else { $existing_permissions[$existing_permission->getPermission()] = $new_permissions[$existing_permission->getPermission()]; unset($new_permissions[$existing_permission->getPermission()]); } } foreach ($new_permissions as $permission_key => $details) { $p = new entities\RolePermission(); $p->setModule($details['module']); $p->setPermission($permission_key); if ($details['target_id']) { $p->setTargetID($details['target_id']); } $role->addPermission($p); } foreach ($existing_permissions as $permission_key => $details) { $p = new entities\RolePermission(); $p->setModule($details['module']); $p->setPermission($permission_key); if ($details['target_id']) { $p->setTargetID($details['target_id']); } tables\Permissions::getTable()->addRolePermission($role, $p); } framework\Context::clearPermissionsCache(); framework\Context::cacheAllPermissions(); return $this->renderJSON(array('message' => $this->getI18n()->__('Permissions updated'), 'permissions_count' => count($request['permissions']), 'role_name' => $role->getName())); } return $this->renderComponent('configuration/rolepermissionsedit', array('role' => $role)); case 'delete': if (!$access_level == framework\Settings::ACCESS_FULL || !$request->isPost()) { $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('error' => $this->getI18n()->__('This role cannot be removed'))); } $role->delete(); return $this->renderJSON(array('message' => $this->getI18n()->__('Role deleted'))); } }
public function addRolePermission($role_id, \thebuggenie\core\entities\RolePermission $rolepermission) { $crit = $this->getCriteria(); $crit->addWhere(self::ROLE_ID, $role_id); $existing_identifiables = array('users' => array(), 'teams' => array()); if ($res = $this->doSelect($crit)) { while ($row = $res->getNextRow()) { $key = $row->get(self::UID) ? self::UID : self::TID; $existing_identifiables[$key][$row->get($key)] = array('id' => $row->get($key), 'target_id' => $row->get(self::TARGET_ID)); } foreach ($existing_identifiables as $key => $identifiables) { foreach ($identifiables as $identifiable) { $crit = $this->getCriteria(); $crit->addInsert(self::SCOPE, framework\Context::getScope()->getID()); $crit->addInsert(self::PERMISSION_TYPE, $rolepermission->getPermission()); $crit->addInsert(self::TARGET_ID, $identifiable['target_id']); $crit->addInsert($key, $identifiable['id']); $crit->addInsert(self::ALLOWED, true); $crit->addInsert(self::MODULE, $rolepermission->getModule()); $crit->addInsert(self::ROLE_ID, $role_id); $res = $this->doInsert($crit); } } } }