function hasPriv($priv_id)
{
// We don't need to do much work if we're a superuser
if ($this->is_superuser) {
return true;
}
$settings = DevblocksPlatform::getPluginSettingsService();
$acl_enabled = $settings->get('feg.core', FegSettings::ACL_ENABLED);
// ACL is a paid feature (please respect the licensing and support the project!)
$license = FegLicense::getInstance();
if (!$acl_enabled || !isset($license['serial']) || isset($license['a'])) {
return "core.setup" == substr($priv_id, 0, 11) ? false : true;
}
// Check the aggregated worker privs from roles
$acl = DAO_WorkerRole::getACL();
$privs_by_worker = $acl[DAO_WorkerRole::CACHE_KEY_PRIVS_BY_WORKER];
if (!empty($priv_id) && isset($privs_by_worker[$this->id][$priv_id])) {
return true;
}
return false;
}
function saveRoleAction()
{
$translate = DevblocksPlatform::getTranslationService();
$worker = CerberusApplication::getActiveWorker();
if (!$worker || !$worker->is_superuser) {
echo $translate->_('common.access_denied');
return;
}
@($id = DevblocksPlatform::importGPC($_REQUEST['id'], 'integer', 0));
@($name = DevblocksPlatform::importGPC($_REQUEST['name'], 'string', ''));
@($worker_ids = DevblocksPlatform::importGPC($_REQUEST['worker_ids'], 'array', array()));
@($acl_privs = DevblocksPlatform::importGPC($_REQUEST['acl_privs'], 'array', array()));
@($do_delete = DevblocksPlatform::importGPC($_REQUEST['do_delete'], 'integer', 0));
// Sanity checks
if (empty($name)) {
$name = 'New Role';
}
// Delete
if (!empty($do_delete) && !empty($id)) {
DAO_WorkerRole::delete($id);
DevblocksPlatform::setHttpResponse(new DevblocksHttpResponse(array('config', 'acl')));
}
$fields = array(DAO_WorkerRole::NAME => $name);
if (empty($id)) {
// create
$id = DAO_WorkerRole::create($fields);
} else {
// edit
DAO_WorkerRole::update($id, $fields);
}
// Update role roster
DAO_WorkerRole::setRoleWorkers($id, $worker_ids);
// Update role privs
DAO_WorkerRole::setRolePrivileges($id, $acl_privs, true);
DevblocksPlatform::setHttpResponse(new DevblocksHttpResponse(array('config', 'acl')));
}
