/** * Budowanie uprawnień do formularzy * * @return Zend_Acl */ public function getAcl() { $oddzial = ODDZIAL_ID; $profil = $this->getCurrentProfile(); $aclProfileId = $profil ? $profil->id : 'none'; $cm = $this->getBootstrap()->getResource('cachemanager'); $cache = $cm->getCache('rolecache'); $branch_name = is_numeric(ODDZIAL_ID) && ODDZIAL_ID > 0 ? '_' . ODDZIAL_ID : ''; if (!($this->acl = $cache->load('form_acl_profile_' . $aclProfileId . $branch_name))) { $this->acl = new Base_Acl(); $this->_groups = $all_groups = $grupy = $this->getGroups(); $this->_roles = $all_roles = $role = $this->getRoles($profil); foreach ($grupy as $grupa) { $this->addAclRole($grupa, 'group'); } $profil = $this->getCurrentProfile(); foreach ($role as $rola) { $this->addAclRole($rola, 'role'); } $tmp = $this->getResources(array('form', 'filter')); $rupModel = new GroupFormResource(); $rup = $rupModel->fetchAll()->toArray(); $up = $tmp['form']->toArray(); $upArray = array(); foreach ($up as $u) { $upArray[$u['id']] = $u; $module = $u['module']; $controller = $u['form_class']; $action = $u['form_element']; if ('*' == $controller) { $resource = $this->buildResourceName('form', $module); $parent = null; } elseif ('*' == $action) { $resource = $this->buildResourceName('form', $module, $controller); $parent = preg_replace('/\\.[_a-zA-Z]*$/', '', $resource); } elseif ('*' != $action and $action) { $resource = $this->buildResourceName('form', $module, $controller, $action); $parent = preg_replace('/\\.[_a-zA-Z]*$/', '', $resource); } if ($parent && !$this->acl->has($parent)) { $this->acl->add(new Zend_Acl_Resource($parent), preg_replace('/\\.[_a-zA-Z]*$/', '', $parent)); } if (!$this->acl->has($resource)) { $this->acl->add(new Zend_Acl_Resource($resource), $parent); } } $acl_feed = array(); foreach ($rup as $r) { $module = $upArray[$r['id_resource']]['module']; $controller = $upArray[$r['id_resource']]['form_class']; $action = $upArray[$r['id_resource']]['form_element']; $role = 'group_' . (int) $all_groups[$r['id_group']]['priority'] . "_" . $r['id_group']; if ('*' == $controller) { $resource = $this->buildResourceName('form', $module); } elseif ('*' == $action) { $resource = $this->buildResourceName('form', $module, $controller); } elseif ('*' != $action and $action) { $resource = $this->buildResourceName('form', $module, $controller, $action); } if ($r['deny']) { $this->acl->deny($role, $resource); } else { $this->acl->allow($role, $resource); } } /** * Domyślnie allow na wszystkie formularze */ $this->acl->allow(null, 'form:default'); $rupModel = new RoleFilterResource(); $rup = $rupModel->fetchAll()->toArray(); $up = $tmp['filter']->toArray(); $upArray = array(); $resource = $this->buildResourceName('filter', 'default'); if (!$this->acl->has($resource)) { $this->acl->add(new Zend_Acl_Resource($resource)); } foreach ($up as $u) { $upArray[$u['id']] = $u; $filter = $u['id']; $resource = $this->buildResourceName('filter', 'default', $filter); $parent = $this->buildResourceName('filter', 'default'); if (!$this->acl->has($resource)) { $this->acl->add(new Zend_Acl_Resource($resource), $parent); } } $acl_feed = array(); foreach ($rup as $r) { $filter = $upArray[$r['id_filter']]['id']; $role = 'role_' . (int) $all_roles[$r['id_role']]['priority'] . '_' . $r['id_role']; $resource = $this->buildResourceName('filter', 'default', $filter); if ($this->acl->hasRole($role)) { $this->acl->allow($role, $resource); } } $cache->save($this->acl, 'form_acl_profile_' . $aclProfileId . $branch_name); } /** * Domyślnie deny na wszystkie filtry */ $this->acl->deny(null, 'filter:default'); $identity = Zend_Auth::getInstance()->getIdentity(); $data = array(); $roles = array(); if (!$identity) { $defaultRole = $this->getDefaultRole(); $data['roles'][] = $defaultRole; } else { if (!($data = $cache->load('user_data_' . $identity->id . '_profile_' . $aclProfileId . $branch_name))) { $profilModel = new Profile(); $profil = $profilModel->fetchRow(array("id_user = {$identity->id}", "id_branch = {$oddzial}", 'ghost = false')); // $profil = $this->getCurrentProfile(); if ($profil->id) { $profil = $profil->toArray(); $profil['parents']['role'] = array(); $profil['parents']['group'] = array(); $profilRola = new ProfileRole(); $ru = $profilRola->fetchAll("id_profile = {$profil['id']}")->toArray(); foreach ($ru as $r) { $roles[] = 'role_' . (int) $all_roles[$r['id_role']]['priority'] . '_' . $r['id_role']; $profil['parents']['role'][] = array('id' => $r['id_role'], 'priority' => (int) $all_roles[$r['id_role']]['priority']); } $profilGrupa = new ProfileGroup(); $gu = $profilGrupa->fetchAll("id_profile = {$profil['id']}")->toArray(); foreach ($gu as $g) { $roles[] = 'group_' . (int) $all_groups[$g['id_group']]['priority'] . "_" . $g['id_group']; $profil['parents']['group'][] = array('id' => $g['id_group'], 'priority' => (int) $all_groups[$g['id_group']]['priority']); } $this->addAclRole($profil, 'profile'); } $data['roles'] = $roles; $data['profil'] = $profil; $cache->save($data, 'user_data_' . $identity->id . '_profile_' . $aclProfileId . $branch_name); } else { // FROM CACHE if ($data['profil']['id']) { $this->addAclRole($data['profil'], 'profile'); } } } return $this->acl; }
public function getAcl() { $profil = $this->getCurrentProfile(); $aclProfileId = $profil ? $profil->id : 'none'; $cm = $this->getBootstrap()->getResource('cachemanager'); $cache = $cm->getCache('rolecache'); $front = Zend_Controller_Front::getInstance(); $pluginAcl = $front->getPlugin('Base_Controller_Plugin_Acl'); $branch_name = is_numeric(ODDZIAL_ID) && ODDZIAL_ID > 0 ? '_' . ODDZIAL_ID : ''; $this->acl = $cache->load('vacl_profile_' . $aclProfileId . $branch_name); if (!$this->acl) { $this->acl = new Base_Acl(); $this->_groups = $all_groups = $grupy = $this->getGroups(); $this->_roles = $all_roles = $role = $this->getRoles($profil); foreach ($grupy as $grupa) { $this->addAclRole($grupa, 'group'); } foreach ($role as $rola) { $this->addAclRole($rola, 'role'); } $uprawnienia = new Logic_Privileges(); $rupModel = new GroupVirtualResource(); $rup = $rupModel->fetchAll()->toArray(); $tmp = $uprawnienia->getResources(array('vresource')); $up = $tmp['vresource']->toArray(); $upArray = array(); /** * Dla każdego zasobu dodajemy do acl'ki resource */ foreach ($up as $u) { $upArray[$u['id']] = $u; $resource = $u['resource_name']; if (!$this->acl->has($resource)) { $this->acl->add(new Zend_Acl_Resource($resource)); } } /** * Dodawanie resource'ów do ról/grup */ foreach ($rup as $r) { $resource = $upArray[$r['id_resource']]['resource_name']; $role = 'group_' . (int) $all_groups[$r['id_group']]['priority'] . "_" . $r['id_group']; $this->acl->allow($role, $resource); } $identity = Zend_Auth::getInstance()->getIdentity(); /** * Budowanie uprawnień dla danego profilu, jeśli istnieje. * Jeśli nie istnieje ustawienie roli na domyślną (ustawioną w configu). */ $data = array(); $data['roles'] = array(); $roles = array(); if (!$identity) { $defaultRole = $this->getDefaultRole(); $data['roles'][] = $defaultRole; } else { $data = $cache->load('user_data_' . $identity->id . '_profile_' . $aclProfileId . $branch_name); if (!$data) { if ($profil->id) { $profil = $profil->toArray(); $profil['parents']['role'] = array(); $profil['parents']['group'] = array(); $profilRola = new ProfileRole(); $ru = $profilRola->fetchAll("id_profile = {$profil['id']}")->toArray(); foreach ($ru as $r) { $roles[] = 'role_' . $r['id_role']; $profil['parents']['role'][] = array('id' => $r['id_role'], 'priority' => (int) $all_roles[$r['id_role']]['priority']); } $profilGrupa = new ProfileGroup(); $gu = $profilGrupa->fetchAll("id_profile = {$profil['id']}")->toArray(); foreach ($gu as $g) { $roles[] = 'group_' . $g['id_group']; $profil['parents']['group'][] = array('id' => $g['id_group'], 'priority' => (int) $all_groups[$g['id_group']]['priority']); } $this->addAclRole($profil, 'profile'); $pluginAcl->setRole(new Zend_Acl_Role('profile_' . $profil['id'])); $identity->profile_id = $profil['id']; } else { $pluginAcl->setRole(new Zend_Acl_Role($defaultRole)); } $data['roles'] = $roles; $data['profil'] = $profil; $cache->save($data, 'user_data_' . $identity->id . '_profile_' . $aclProfileId . $branch_name); } else { // FROM CACHE if ($data['profil']['id']) { $this->addAclRole($data['profil'], 'profile'); $pluginAcl->setRole(new Zend_Acl_Role('profile_' . $data['profil']['id'])); $identity->profile_id = $data['profil']['id']; } else { $pluginAcl->setRole(new Zend_Acl_Role($defaultRole)); } } } $cache->save($this->acl, 'vacl_profile_' . $aclProfileId . $branch_name); } return $this->acl; }
/** * Budowanie uprawnień do kontrolerów/akcji * * Wszystkie zasoby dziedziczą po swoich przodkach (kontroler.akcja po kontrolerze, kontroler po module), podobnie role i grupy uprawnień. * Rola użytkownika (w sensie ACL) to "profil_{id_profilu}" i do profilu przywiązane są grupy uprawnień i role. * * @return Zend_Acl */ public function getAcl() { $oddzial = ODDZIAL_ID; $profil = $this->getCurrentProfile(); $aclProfileId = $profil ? $profil->id : 'none'; $cm = $this->getBootstrap()->getResource('cachemanager'); $cache = $cm->getCache('rolecache'); $front = Zend_Controller_Front::getInstance(); $pluginAcl = $front->getPlugin('Base_Controller_Plugin_Acl'); $branch_name = is_numeric(ODDZIAL_ID) && ODDZIAL_ID > 0 ? '_' . ODDZIAL_ID : ''; $this->acl = $cache->load('acl_profile_' . $aclProfileId . $branch_name); if (!$this->acl) { $this->acl = new Base_Acl(); $this->_groups = $all_groups = $grupy = $this->getGroups(); $this->_roles = $all_roles = $role = $this->getRoles($profil); foreach ($grupy as $grupa) { $this->addAclRole($grupa, 'group'); } foreach ($role as $rola) { $this->addAclRole($rola, 'role'); } $rupModel = new GroupLinkResource(); $rup = $rupModel->fetchAll()->toArray(); $tmp = $this->getResources(); $up = $tmp['mvc']->toArray(); $upArray = array(); /** * Dla każdego zasobu dodajemy resource z odpowiednim przodkiem */ foreach ($up as $u) { $upArray[$u['id']] = $u; $module = $u['module']; $controller = $u['controller']; $action = $u['action']; if ('*' == $controller) { $resource = $this->buildResourceName('mvc', $module); $parent = null; } if ('*' == $action) { $resource = $this->buildResourceName('mvc', $module, $controller); $parent = $this->buildResourceName('mvc', $module); if (!$this->acl->has($parent)) { $this->acl->add(new Zend_Acl_Resource($parent), null); } } if ('*' != $action and $action) { $resource = $this->buildResourceName('mvc', $module, $controller, $action); $parent = $this->buildResourceName('mvc', $module, $controller); if (!$this->acl->has($parent)) { $this->acl->add(new Zend_Acl_Resource($parent), null); } } if (!$this->acl->has($resource)) { $this->acl->add(new Zend_Acl_Resource($resource), $parent); } } /** * Dodawanie resource'ów do ról/grup */ foreach ($rup as $r) { $module = $upArray[$r['id_resource']]['module']; $controller = $upArray[$r['id_resource']]['controller']; $action = $upArray[$r['id_resource']]['action']; $role = 'group_' . (int) $all_groups[$r['id_group']]['priority'] . "_" . $r['id_group']; if ('*' == $controller) { $resource = $this->buildResourceName('mvc', $module); } elseif ('*' == $action) { $resource = $this->buildResourceName('mvc', $module, $controller); } elseif ('*' != $action and $action) { $resource = $this->buildResourceName('mvc', $module, $controller, $action); } $this->acl->allow($role, $resource); } $cache->save($this->acl, 'acl_profile_' . $aclProfileId . $branch_name); } $identity = Zend_Auth::getInstance()->getIdentity(); /** * Budowanie uprawnień dla danego profilu, jeśli istnieje. * Jeśli nie istnieje ustawienie roli na domyślną (ustawioną w configu). */ $data = array(); $data['roles'] = array(); $roles = array(); if (!$identity) { $defaultRole = $this->getDefaultRole(); $data['roles'][] = $defaultRole; $pluginAcl->setRole(new Zend_Acl_Role($defaultRole)); } else { $data = $cache->load('user_data_' . $identity->id . '_profile_' . $aclProfileId . $branch_name); if (!$data) { if ($profil->id) { $profil = $profil->toArray(); $profil['parents']['role'] = array(); $profil['parents']['group'] = array(); $profilRola = new ProfileRole(); $ru = $profilRola->fetchAll("ghost = false and id_profile = {$profil['id']}")->toArray(); foreach ($ru as $r) { $roles[] = 'role_' . (int) $all_roles[$r['id_role']]['priority'] . '_' . $r['id_role']; $profil['parents']['role'][] = array('id' => $r['id_role'], 'priority' => (int) $all_roles[$r['id_role']]['priority']); } $profilGrupa = new ProfileGroup(); $gu = $profilGrupa->fetchAll("ghost = false and id_profile = {$profil['id']}")->toArray(); foreach ($gu as $g) { $roles[] = 'group_' . (int) $all_groups[$g['id_group']]['priority'] . "_" . $g['id_group']; $profil['parents']['group'][] = array('id' => $g['id_group'], 'priority' => (int) $all_groups[$g['id_group']]['priority']); } $this->addAclRole($profil, 'profile'); $pluginAcl->setRole(new Zend_Acl_Role('profile_' . $profil['id'])); $identity->profile_id = $profil['id']; } else { $pluginAcl->setRole(new Zend_Acl_Role($defaultRole)); } $data['roles'] = $roles; $data['profil'] = $profil; $cache->save($data, 'user_data_' . $identity->id . '_profile_' . $aclProfileId . $branch_name); } else { // diee($data); // FROM CACHE if ($data['profil']['id']) { $this->addAclRole($data['profil'], 'profile'); $pluginAcl->setRole(new Zend_Acl_Role('profile_' . $data['profil']['id'])); $identity->profile_id = $data['profil']['id']; } else { $pluginAcl->setRole(new Zend_Acl_Role($defaultRole)); } } } $pluginAcl->setAcl($this->acl); $pluginAcl->setErrorHandlerModule('default'); $pluginAcl->setErrorHandlerController('error'); $pluginAcl->setErrorHandlerAction('error'); $pluginAcl->setResourcePrefix('mvc:'); $pluginAcl->setResourceSeparator('.'); $pluginAcl->setLoginPage('login', 'auth'); $config = Zend_Registry::get('config'); if ($oddzial < 0) { if ($config['resources']['branch']['branch_after_login']) { if (isset($_GET['set_login_page']) && $_GET['set_login_page'] == true) { $pluginAcl->setLoginPage('selectbranchafterlogin', 'branch'); } } else { $pluginAcl->setLoginPage('select', 'branch'); } } return $this->acl; }
/** * Aktualizacja ról oraz grup dla profilu * * @param Base_Form_Abstract $form formularz z danymi do zapisania * @param integer $id id profilu * @return integer ilość poprawionych wierszy */ public function _updateProfile($form, $id, $id_user) { $model = new User(); $userRow = $model->findOne($id_user)->toArray(); $profileRoleModel = new ProfileRole(); $profileGroupModel = new ProfileGroup(); $log = Zend_Registry::get('admin_log'); $profileGroupModel->getAdapter()->beginTransaction(); try { $select = $profileRoleModel->select()->where('id_profile = ' . $id . ' and ghost = false')->setIntegrityCheck(false); $dataArray = $profileRoleModel->fetchAll($select)->toArray(); foreach ($dataArray as $key => $val) { $profileRoleRow = $profileRoleModel->findOne($val['id']); $roleModel = new Role(); $roleData = $roleModel->findOne($val['id_role'])->toArray(); $profileRoleRowData = $profileRoleRow->toArray(); $log->roledelete(array('old' => $profileRoleRow)); $profileRoleRow->delete(); } $select = $profileGroupModel->select()->where('id_profile = ' . $id . ' and ghost = false')->setIntegrityCheck(false); $dataArray = $profileGroupModel->fetchAll($select)->toArray(); foreach ($dataArray as $key => $val) { $profileGroupRow = $profileGroupModel->findOne($val['id']); $profileGroupRow->setFromArray(array('ghost' => 't')); $profileGroupRow->save(); } // dodanie grupy logowania $groupModel = new Group(); $logGroupRow = $groupModel->fetchRow(array('group_name = ?' => 'logowanie')); $profileGroupModel->insert(array('id_profile' => $id, 'id_group' => $logGroupRow->id)); $values = $form->getValues(); $roleModel = new Role(); $roleNames = array(); foreach ($values['role'] as $roleId) { $roleRow = $roleModel->findOne($roleId); $roleNames[] = $roleRow->role_name; } if (!empty($values['role'][0])) { $landingRole = $roleModel->findOne($values['role'][0]); $landing = $landingRole->landing; } else { $landing = '/login'; } // $landing = in_array('dsk', $roleNames) ? '/dsk' : '/admin'; $profileModel = new Profile(); $profileRow = $profileModel->findOne($id); $profileRow->landing = $landing; $profileRow->save(); if (isset($values['role']) && !empty($values['role'])) { foreach ($values['role'] as $role_id) { $profileRoleRow = $profileRoleModel->createRow(array('id_profile' => $id, 'id_role' => $role_id)); $log->roleadd(array('new' => $profileRoleRow)); $profileRoleRow->save(); $roleModel = new Role(); $roleData = $roleModel->findOne($role_id)->toArray(); $profileRoleRowData = $profileRoleRow->toArray(); $roleGroupModel = new RoleGroup(); $roleGroupsSelect = $roleGroupModel->select()->where('id_role = ?', $role_id); $roleGroups = $roleGroupModel->fetchAll($roleGroupsSelect); foreach ($roleGroups as $roleRow) { $profileGroupRow = $profileGroupModel->createRow(array('id_profile' => $id, 'id_group' => $roleRow->id_group)); $profileGroupRow->save(); } } } $profileGroupModel->getAdapter()->commit(); $cache = Zend_Controller_Front::getInstance()->getParam('bootstrap')->getResource('cachemanager')->getCache('rolecache'); $cache->clean(Zend_Cache::CLEANING_MODE_ALL); } catch (Exception $e) { $profileGroupModel->getAdapter()->rollBack(); } }