public function _new() { parent::_new(); $permissions = new PermissionCollection(new Permission()); $sh = new SearchHandler($permissions, FALSE); $sh->addConstraint(new Constraint('parent_id', 'is', 'NULL')); $sh->setOrderby('title'); $permissions->load($sh); $systemcompany = $this->_uses[$this->modeltype]; if ($systemcompany->isLoaded()) { $companypermissions = new CompanypermissionCollection(new Companypermission()); $checked = $companypermissions->getPermissionIDs($systemcompany->id); $this->view->set('checked', $checked); $debug = DebugOption::getCompanyOption($systemcompany->id); $this->view->set('debug_id', $debug->id); $this->view->set('selected_options', $debug->getOptions()); foreach ($permissions as $permission) { $permission->setAdditional('permissions'); if (isset($checked[$permission->id])) { $permission->permissions = TRUE; } else { $permission->permissions = FALSE; } } } $this->view->set('permissions', $permissions); $debug = new DebugOption(); $this->view->set('debug_options', $debug->getEnumOptions('options')); }
/** * Test to ensure permissions are returned when searched by child id */ public function testFindChidlrenByPermissionId() { $permId = 1; $return = array(array('name' => 'perm1', 'description' => 'Permission #1'), array('name' => 'perm2', 'description' => 'Permission #2')); $ds = $this->buildMock($return, 'fetch'); $permissions = new PermissionCollection($ds); $permissions->findChildrenByPermissionId($permId); $this->assertCount(2, $permissions); }
function getPermissionTree($permissions = array(), $parent = null) { $nextlevel = new PermissionCollection(); $sh = new SearchHandler($nextlevel, false); if (!empty($permissions)) { $sh->addConstraint(new Constraint('id', 'in', '(' . implode($permissions, ',') . ')')); } if (empty($parent)) { $sh->addConstraint(new Constraint('parent_id', 'is', 'NULL')); } else { $sh->addConstraint(new Constraint('parent_id', '=', $parent)); } $sh->setOrderby('position'); $rows = $nextlevel->load($sh, null, RETURN_ROWS); $tree = array(); if (!empty($rows)) { foreach ($rows as $permission) { $tree[$permission['id']] = $permission; $tree[$permission['id']]['children'] = $this->getPermissionTree($permissions, $permission['id']); } } return $tree; }
/** * Check in the list of permission to see if this user has access to the requested action * * @param string the name of the action to be checked * @param string the controller name * @param string the module name * @return boolean if has permission return true else return false * */ public function hasPermission($modules, $controller = '', $action = '', $pid = '') { if (!is_array($modules)) { $modules = array('module' => $modules); } //echo 'AccessObject:hasPermission modules='.implode('=',$modules).' controller='.$controller.' action='.$action.' pid='.$pid.'<br>'; debug('AccessObject::hasPermission modules ' . implode('=', $modules) . ' : controller ' . $controller . ' : action ' . $action); $controller = str_replace('controller', '', strtolower($controller)); if ($modules['module'] == 'dashboard' && (empty($controller) || $controller == 'index')) { return true; } if ($modules['module'] == 'login' || trim($modules['module']) == '') { return true; } // if($this->check('egs')) { // return true; // } $action = strtolower($action); if ($this->getCache($modules, $controller, $action)) { return true; } if (isset($pid) && !isset($this->permissions[$pid])) { $permission = DataObjectFactory::Factory('Permission'); $permission->load($pid); if ($permission->isLoaded()) { // permission exists but user does not have access to it return false; } } if ($action == 'new') { $action = '_new'; } if (isset($pid) && isset($this->permissions[$pid])) { switch ($this->permissions[$pid]['type']) { case 'g': case 'm': if (!in_array($this->permissions[$pid]['permission'], $modules)) { return false; } break; case 'c': if ($this->permissions[$pid]['permission'] != $controller) { return false; } break; case 'a': if ($this->permissions[$pid]['permission'] != $action) { return false; } break; } return true; } // TODO : Need to check down the modules tree and $permissions = new PermissionCollection(); $module_permissions = $permissions->checkPermission($modules, array('g', 'm')); if (count($module_permissions) == 0) { // module does not exist in permissions so user cannot have access to it return false; } $parent_ids = array(); foreach ($module_permissions as $permission) { if (isset($this->permissions[$permission['id']])) { $parent_ids[] = $permission['id']; } } if (empty($parent_ids)) { // module exists in permissions but user does not have access to it return false; } // Need to use default controller if controller is empty? if ($controller !== '') { // echo 'AccessObject:hasPermission checking controller '.$controller.'<br>'; $permissions = new PermissionCollection(); $controller_permissions = $permissions->checkPermission($controller, 'c', $parent_ids); if (count($controller_permissions) == 0) { // controller does not exist in permissions so user has access to it by default return true; } $parent_ids = array(); foreach ($controller_permissions as $permission) { if (isset($this->permissions[$permission['id']])) { $parent_ids[] = $permission['id']; } } if (empty($parent_ids)) { // controller exists in permissions but user does not have access to it return false; } } // Need to use default action if action is empty? if ($action !== '') { // echo 'AccessObject:hasPermission checking action '.$action.'<br>'; $permissions = new PermissionCollection(); $action_permissions = $permissions->checkPermission($action, 'a', $parent_ids); if (count($action_permissions) == 0) { // action does not exist in permissions so user has access to it by default return true; } $parent_ids = array(); foreach ($action_permissions as $permission) { if (isset($this->permissions[$permission['id']])) { $parent_ids[] = $permission['id']; } } if (empty($parent_ids)) { // action exists in permissions but user does not have access to it return false; } } return true; }
private function get_related_menu_items() { $menu_items = array(); if (!isset($_GET['pid'])) { $ao = AccessObject::Instance(); $pid = $ao->getPermission($_GET['module'], $_GET['controller'], $_GET['action']); } else { $pid = $_GET['pid']; } $permission = new Permission(); $permissions = new PermissionCollection(); $sh = new SearchHandler($permissions, FALSE); $sh->addConstraint(new Constraint('parent_id', '=', $pid)); $sh->addConstraint(new Constraint('display_in_sidebar', 'IS', 'true')); $data = $permissions->load($sh, null, RETURN_ROWS); if (!empty($data)) { foreach ($data as $item) { $link_array = array(); foreach ($permission->build_link($item['id']) as $key => $value) { $link_array[$key] = $value; } $menu_items[] = array('tag' => $item['title'], 'link' => $link_array); } } if (!empty($menu_items)) { $this->addList('Related Menu Items', $menu_items); } }
public function tree() { $permissions = new PermissionCollection($this->_templateobject); $this->view->set('tree', $permissions->getPermissionTree()); $this->setTemplateName('tree'); }
public function view() { $flash = Flash::Instance(); if (!$this->loadData()) { sendBack(); } $role = $this->_uses['Role']; if ($role === false) { sendBack(); } $this->addSidebar($role); $moduleadmin = DataObjectFactory::Factory('ModuleAdmin'); $moduleadmins = $moduleadmin->getModuleName($role->{$role->idField}); $this->view->set('moduleadmin', $moduleadmins); $this->view->set('no_ordering', true); $this->view->set('reports', $role->getReports()); $this->view->set('users', $role->getUsers()); $companypermissions = DataObjectFactory::Factory('Companypermission'); $modulepermissions = $companypermissions->getAll(); // Note: If no company permissions have been defined ($modulepermissions is empty) // then all permissions will be displayed; i.e. default is to allow access to // all permissions if no company permissions override $permissions = new PermissionCollection(DataObjectFactory::Factory('Permission')); $this->view->set('items', $permissions->getPermissionTree($modulepermissions)); $this->view->set('permissions_tree', $this->getTemplateName('permissions_tree')); $this->view->set('current', $role->getPermissions()); $this->view->set('view', true); }