/**
* Reset de ACL en bouw opnieuw op
*/
private function _initAcl()
{
$this->_acl = new \MUtil_Acl();
if (get_class(self::$_instanceOfSelf) !== 'Gems_Roles') {
throw new \Gems_Exception_Coding("Don't use project specific roles file anymore, you can now do so by using the gems_roles tabel and setup->roles from the interface.");
}
// Probeer eerst uit db in te lezen met fallback als dat niet lukt
try {
$this->loadDbAcl();
} catch (\Exception $e) {
\Gems_Log::getLogger()->logError($e);
// Reset all roles
unset($this->_acl);
$this->_acl = new \MUtil_Acl();
//Voeg standaard rollen en privileges in
$this->loadDefaultRoles();
$this->loadDefaultPrivileges();
}
// Now allow 'master' all access, except for the actions that have the
// nologin privilege (->the login action)
if (!$this->_acl->hasRole('master')) {
//Add role if not already present
$this->_acl->addRole('master');
}
$this->_acl->allow('master');
$this->_acl->deny('master', null, 'pr.nologin');
}
/**
* Adds elements from the model to the bridge that creates the form.
*
* Overrule this function to add different elements to the browse table, without
* having to recode the core table building code.
*
* @param \MUtil_Model_Bridge_FormBridgeInterface $bridge
* @param \MUtil_Model_ModelAbstract $model
*/
protected function addFormElements(\MUtil_Model_Bridge_FormBridgeInterface $bridge, \MUtil_Model_ModelAbstract $model)
{
$bridge->addHidden('grl_id_role');
$bridge->addText('grl_name');
$bridge->addText('grl_description');
$roles = $this->acl->getRoles();
if ($roles) {
$possibleParents = array_combine($roles, $roles);
} else {
$possibleParents = array();
}
if (isset($this->formData['grl_parents']) && $this->formData['grl_parents']) {
$this->formData['grl_parents'] = array_combine($this->formData['grl_parents'], $this->formData['grl_parents']);
} else {
$this->formData['grl_parents'] = array();
}
// Don't allow master, nologin or itself as parents
unset($possibleParents['master']);
unset($possibleParents['nologin']);
$disabled = array();
if (isset($this->formData['grl_name'])) {
foreach ($possibleParents as $parent) {
if ($this->acl->hasRole($this->formData['grl_name']) && $this->acl->inheritsRole($parent, $this->formData['grl_name'])) {
$disabled[] = $parent;
$possibleParents[$parent] .= ' ' . \MUtil_Html::create('small', $this->_('child of current role'), $this->view);
unset($this->formData['grl_parents'][$parent]);
} else {
foreach ($this->formData['grl_parents'] as $p2) {
if ($this->acl->hasRole($p2) && $this->acl->inheritsRole($p2, $parent)) {
$disabled[] = $parent;
$possibleParents[$parent] .= ' ' . \MUtil_Html::create('small', \MUtil_Html::raw(sprintf($this->_('inherited from %s'), \MUtil_Html::create('em', $p2, $this->view))), $this->view);
$this->formData['grl_parents'][$parent] = $parent;
}
}
}
}
$disabled[] = $this->formData['grl_name'];
if (isset($possibleParents[$this->formData['grl_name']])) {
$possibleParents[$this->formData['grl_name']] .= ' ' . \MUtil_Html::create('small', $this->_('this role'), $this->view);
}
}
// Add this for validator to allow empty list
$possibleParents[''] = '';
$bridge->addMultiCheckbox('grl_parents', 'multiOptions', $possibleParents, 'disable', $disabled, 'escape', false, 'required', false, 'onchange', 'this.form.submit();');
$allPrivileges = $this->usedPrivileges;
$rolePrivileges = $this->acl->getRolePrivileges();
if (isset($this->formData['grl_parents']) && $this->formData['grl_parents']) {
$inherited = $this->getInheritedPrivileges($this->formData['grl_parents']);
$privileges = array_diff_key($allPrivileges, $inherited);
$inheritedPrivileges = array_intersect_key($allPrivileges, $inherited);
} else {
$privileges = $allPrivileges;
$inheritedPrivileges = false;
}
$checkbox = $bridge->addMultiCheckbox('grl_privileges', 'multiOptions', $privileges, 'required', false);
$checkbox->setAttrib('escape', false);
//Don't use escaping, so the line breaks work
if ($inheritedPrivileges) {
$checkbox = $bridge->addMultiCheckbox('inherited', 'label', $this->_('Inherited'), 'multiOptions', $inheritedPrivileges, 'required', false, 'disabled', 'disabled');
$checkbox->setAttrib('escape', false);
//Don't use escaping, so the line breaks work
$checkbox->setValue(array_keys($inheritedPrivileges));
//To check the boxes
}
}
