/**
* Returns true if and only if the assertion conditions are met
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param null $privilege
* @return bool
* @throws Exception
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
// We need specific objects to check against each other
if (NULL === $role || NULL === $resource) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
$orgId = $role->getOrganizationId();
switch (true) {
case $resource instanceof OrgModelAbstract:
return $orgId === $resource->getParentId();
case $resource instanceof Model\PreBillModel:
return true;
//TODO: we need serviceProviderId from ericsson
return $orgId === $resource->getServiceProvider()->getId();
case $resource instanceof UserModel:
try {
$org = $resource->getOrganization();
if (NULL !== $org) {
return $orgId === $org->getParentId();
}
App::log()->err("User (" . $resource->getId() . ") organization (" . $resource->getOrganizationId() . ") doesn't exist");
return false;
} catch (Exception $e) {
return false;
}
case $resource instanceof Model\CommercialGroupModel:
// customerId is one of service provider customers?
// TODO aggregatorId case?
$org = OrgService::getInstance()->load($resource->getCustomerId());
return $org && $orgId === $org->getParentId();
case $resource instanceof Model\ReportModel:
$params = $resource->getParams();
if (isset($params['orgId']) && !empty($params['orgId'])) {
$org = OrgService::getInstance()->load($params['orgId']);
return $org && $orgId === $org->getParentId();
} else {
return true;
}
}
throw new Exception('Resource must be an instance of OrgModelAbstract or UserModel');
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which
* the authorization query applies. If the $role, $resource, or $privilege
* parameters are null, it means that the query applies to all Roles,
* Resources, or privileges, respectively.
*
* @param Zend_Acl $acl
* @param Zend_Acl_Role_Interface $role
* @param Zend_Acl_Resource_Interface $resource
* @param string $privilege
* @return boolean
*/
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
// We need specific objects to check against each other
if (NULL === $role || NULL === $resource) {
return false;
}
// Ensure we're handled User models
if (!$role instanceof Model\UserModel) {
throw new Exception('Role must be an instance of UserModel');
}
$orgId = $role->getOrganizationId();
switch (true) {
case $resource instanceof OrgModelAbstract:
$parent = OrgService::getInstance()->load($resource->getParentId());
if ($parent) {
return $orgId === $parent->getParentId();
}
return false;
}
throw new Exception('Resource must be an instance of OrgModelAbstract');
}
