/**
* Returns true if and only if the assertion conditions are met
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param null $privilege
* @return bool
* @throws Exception
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
// We need specific objects to check against each other
if (NULL === $role || NULL === $resource) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
$orgId = $role->getOrganizationId();
switch (true) {
case $resource instanceof OrgModelAbstract:
return $orgId === $resource->getParentId();
case $resource instanceof Model\PreBillModel:
return true;
//TODO: we need serviceProviderId from ericsson
return $orgId === $resource->getServiceProvider()->getId();
case $resource instanceof UserModel:
try {
$org = $resource->getOrganization();
if (NULL !== $org) {
return $orgId === $org->getParentId();
}
App::log()->err("User (" . $resource->getId() . ") organization (" . $resource->getOrganizationId() . ") doesn't exist");
return false;
} catch (Exception $e) {
return false;
}
case $resource instanceof Model\CommercialGroupModel:
// customerId is one of service provider customers?
// TODO aggregatorId case?
$org = OrgService::getInstance()->load($resource->getCustomerId());
return $org && $orgId === $org->getParentId();
case $resource instanceof Model\ReportModel:
$params = $resource->getParams();
if (isset($params['orgId']) && !empty($params['orgId'])) {
$org = OrgService::getInstance()->load($params['orgId']);
return $org && $orgId === $org->getParentId();
} else {
return true;
}
}
throw new Exception('Resource must be an instance of OrgModelAbstract or UserModel');
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param string $privilege
* @return boolean
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
// We need specific objects to check against each other
if (NULL === $role || NULL === $resource) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
$orgId = $role->getOrganizationId();
switch (true) {
case $resource instanceof OrgModelAbstract:
return $orgId === $resource->getId();
case $resource instanceof UserModel:
case $resource instanceof TemplateModel:
return $orgId === $resource->getOrganizationId();
case $resource instanceof Async\Model\AsyncResponse:
$cOrgId = \Application\Model\Mapper\OrganizationMapper::cleanOrgId($orgId);
return $orgId === $resource->getOrganizationId() || $cOrgId === $resource->getOrganizationId();
case $resource instanceof Model\TariffPlanLifeCycleModel:
case $resource instanceof Model\TariffPlanServicesModel:
case $resource instanceof Model\RestrictionModel:
case $resource instanceof Model\ServicePackModel:
$orgType = Model\Mapper\OrganizationMapper::getTypeByOrgId($orgId);
switch ($orgType) {
case Model\Organization\OrgServiceProviderModel::ORG_TYPE:
return $orgId === $resource->getServiceProviderId();
case Model\Organization\OrgCustomerModel::ORG_TYPE:
// $spList = Service\ServicePackService::getInstance()->listAll();
// foreach ($spList->getItems() as $sp) {
// if ($sp->getId() === $resource->getId()) {
// return true;
// }
// }
/*
* There is no way to know if only one ServicePack is assigned to a customer,
* only retrieving all servicePacks assigned. It is too much slow. In Ericsson we trust.
*/
return true;
default:
return false;
}
case $resource instanceof Model\SupplServicesModel:
return $orgId === $resource->getServiceProviderId() || $orgId === $resource->getCustomerId();
case $resource instanceof Model\CommercialGroupModel:
case $resource instanceof Model\SupervisionGroupModel:
return $orgId === $resource->getCustomerId();
case $resource instanceof SimModel:
/** @var $resource \Application\Model\SimModel */
return $orgId === $resource->getMasterId() || $orgId === $resource->getServiceProviderCommercialId() || $orgId === $resource->getServiceProviderEnablerId() || $orgId === $resource->getAggregatorId() || $orgId === $resource->getCustomerId() || $orgId === $resource->getEndUserId();
case $resource instanceof Model\ReportModel:
$params = $resource->getParams();
if (isset($params['orgId']) && !empty($params['orgId'])) {
return $orgId === $params['orgId'];
} else {
return true;
}
}
throw new Exception('Resource must be an instance of OrgModelAbstract, UserModel or SimModel');
}
