/** * Returns the current roles a user may set. * * NOTE! A user can set a role, unless it <em>requires a higher role level</em>. * * I.e. an admin is not allowed to set a super role as super inherits and expands admin. But it is * allowed to set the nologin and respondent roles that are not inherited by the admin as they are * in a different hierarchy. * * An exception is the role master as it is set by the system. You gotta be a master to set the master * role. * * @return array With identical keys and values roleId => roleId */ public function getAllowedRoles() { $userRole = $this->getRole(); if ($userRole === 'master') { $output = $this->acl->getRoles(); return array_combine($output, $output); } $output = array($userRole => $userRole); foreach ($this->acl->getRoles() as $role) { if (!$this->acl->inheritsRole($role, $userRole, true)) { $output[$role] = $role; } } unset($output['master']); return $output; }
/** * Adds elements from the model to the bridge that creates the form. * * Overrule this function to add different elements to the browse table, without * having to recode the core table building code. * * @param \MUtil_Model_Bridge_FormBridgeInterface $bridge * @param \MUtil_Model_ModelAbstract $model */ protected function addFormElements(\MUtil_Model_Bridge_FormBridgeInterface $bridge, \MUtil_Model_ModelAbstract $model) { $bridge->addHidden('grl_id_role'); $bridge->addText('grl_name'); $bridge->addText('grl_description'); $roles = $this->acl->getRoles(); if ($roles) { $possibleParents = array_combine($roles, $roles); } else { $possibleParents = array(); } if (isset($this->formData['grl_parents']) && $this->formData['grl_parents']) { $this->formData['grl_parents'] = array_combine($this->formData['grl_parents'], $this->formData['grl_parents']); } else { $this->formData['grl_parents'] = array(); } // Don't allow master, nologin or itself as parents unset($possibleParents['master']); unset($possibleParents['nologin']); $disabled = array(); if (isset($this->formData['grl_name'])) { foreach ($possibleParents as $parent) { if ($this->acl->hasRole($this->formData['grl_name']) && $this->acl->inheritsRole($parent, $this->formData['grl_name'])) { $disabled[] = $parent; $possibleParents[$parent] .= ' ' . \MUtil_Html::create('small', $this->_('child of current role'), $this->view); unset($this->formData['grl_parents'][$parent]); } else { foreach ($this->formData['grl_parents'] as $p2) { if ($this->acl->hasRole($p2) && $this->acl->inheritsRole($p2, $parent)) { $disabled[] = $parent; $possibleParents[$parent] .= ' ' . \MUtil_Html::create('small', \MUtil_Html::raw(sprintf($this->_('inherited from %s'), \MUtil_Html::create('em', $p2, $this->view))), $this->view); $this->formData['grl_parents'][$parent] = $parent; } } } } $disabled[] = $this->formData['grl_name']; if (isset($possibleParents[$this->formData['grl_name']])) { $possibleParents[$this->formData['grl_name']] .= ' ' . \MUtil_Html::create('small', $this->_('this role'), $this->view); } } // Add this for validator to allow empty list $possibleParents[''] = ''; $bridge->addMultiCheckbox('grl_parents', 'multiOptions', $possibleParents, 'disable', $disabled, 'escape', false, 'required', false, 'onchange', 'this.form.submit();'); $allPrivileges = $this->usedPrivileges; $rolePrivileges = $this->acl->getRolePrivileges(); if (isset($this->formData['grl_parents']) && $this->formData['grl_parents']) { $inherited = $this->getInheritedPrivileges($this->formData['grl_parents']); $privileges = array_diff_key($allPrivileges, $inherited); $inheritedPrivileges = array_intersect_key($allPrivileges, $inherited); } else { $privileges = $allPrivileges; $inheritedPrivileges = false; } $checkbox = $bridge->addMultiCheckbox('grl_privileges', 'multiOptions', $privileges, 'required', false); $checkbox->setAttrib('escape', false); //Don't use escaping, so the line breaks work if ($inheritedPrivileges) { $checkbox = $bridge->addMultiCheckbox('inherited', 'label', $this->_('Inherited'), 'multiOptions', $inheritedPrivileges, 'required', false, 'disabled', 'disabled'); $checkbox->setAttrib('escape', false); //Don't use escaping, so the line breaks work $checkbox->setValue(array_keys($inheritedPrivileges)); //To check the boxes } }