public function runConfigureRole(TBGRequest $request)
{
try {
$role = new TBGRole($request['role_id']);
} catch (Exception $e) {
$this->getResponse()->setHttpStatus(400);
return $this->renderJSON(array('error' => $this->getI18n()->__('This is not a valid role')));
}
if ($role->isSystemRole()) {
$access_level = $this->getAccessLevel($request['section'], 'core');
} else {
$access_level = $this->getUser()->canManageProject($role->getProject()) ? TBGSettings::ACCESS_FULL : TBGSettings::ACCESS_READ;
}
switch ($request['mode']) {
case 'list_permissions':
return $this->renderTemplate('configuration/rolepermissionslist', array('role' => $role));
break;
case 'edit':
if (!$access_level == TBGSettings::ACCESS_FULL) {
$this->getResponse()->setHttpStatus(400);
return $this->renderJSON(array('error' => $this->getI18n()->__('You do not have access to edit these permissions')));
}
if ($request->isPost()) {
$role->setName($request['name']);
$role->save();
$new_permissions = array();
foreach ($request['permissions'] as $new_permission) {
$permission_details = explode(',', $new_permission);
$new_permissions[$permission_details[2]] = array('module' => $permission_details[0], 'target_id' => $permission_details[1]);
}
foreach ($role->getPermissions() as $existing_permission) {
if (!array_key_exists($existing_permission->getPermission(), $new_permissions)) {
$role->removePermission($existing_permission);
}
}
foreach ($new_permissions as $permission_key => $details) {
$p = new TBGRolePermission();
$p->setModule($details['module']);
$p->setPermission($permission_key);
if ($details['target_id']) {
$p->setTargetID($details['target_id']);
}
$role->addPermission($p);
}
return $this->renderJSON(array('message' => $this->getI18n()->__('Permissions updated'), 'permissions_count' => count($request['permissions']), 'role_name' => $role->getName()));
}
return $this->renderTemplate('configuration/rolepermissionsedit', array('role' => $role));
case 'delete':
if (!$access_level == TBGSettings::ACCESS_FULL || !$request->isPost()) {
$this->getResponse()->setHttpStatus(400);
return $this->renderJSON(array('error' => $this->getI18n()->__('This role cannot be removed')));
}
$role->delete();
return $this->renderJSON(array('message' => $this->getI18n()->__('Role deleted')));
}
}
public function addPermission(TBGRolePermission $permission)
{
$permission->setRole($this);
$permission->save();
if ($this->_permissions !== null) {
$this->_permissions[$permission->getID()] = $permission;
}
TBGPermissionsTable::getTable()->addRolePermission($this->getID(), $permission);
}
public function addRolePermission($role_id, TBGRolePermission $rolepermission)
{
$crit = $this->getCriteria();
$crit->addWhere(self::ROLE_ID, $role_id);
$existing_identifiables = array('users' => array(), 'teams' => array());
if ($res = $this->doSelect($crit)) {
while ($row = $res->getNextRow()) {
$key = $row->get(self::UID) ? self::UID : self::TID;
$existing_identifiables[$key][$row->get($key)] = array('id' => $row->get($key), 'target_id' => $row->get(self::TARGET_ID));
}
foreach ($existing_identifiables as $key => $identifiables) {
foreach ($identifiables as $identifiable) {
$crit = $this->getCriteria();
$crit->addInsert(self::SCOPE, TBGContext::getScope()->getID());
$crit->addInsert(self::PERMISSION_TYPE, $rolepermission->getPermission());
$crit->addInsert(self::TARGET_ID, $identifiable['target_id']);
$crit->addInsert($key, $identifiable['id']);
$crit->addInsert(self::ALLOWED, true);
$crit->addInsert(self::MODULE, $rolepermission->getModule());
$crit->addInsert(self::ROLE_ID, $role_id);
$res = $this->doInsert($crit);
}
}
}
}