/**
* validacao se o controle está ativo
* @param Zend_Acl_Resource_Interface $oResource
* @param string $sPrivilegio
*/
protected function validaControleAtivo(Zend_Acl_Resource_Interface $oResource, $sPrivilegio)
{
$aIdentidadeControle = explode(':', $oResource->getResourceId());
$sIdentidadeControle = $aIdentidadeControle[1];
$sIdentidadeModulo = $aIdentidadeControle[0];
$oModulo = Administrativo_Model_Modulo::getByAttribute('identidade', $sIdentidadeModulo);
$aControles = $oModulo->getControles();
foreach ($aControles as $oControle) {
if ($oControle->getIdentidade() != $sIdentidadeControle) {
continue;
}
if (!$oControle->getVisivel()) {
return TRUE;
}
}
return TRUE;
}
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
$auth = Zend_Auth::getInstance();
if (!$auth->hasIdentity()) {
return false;
}
$ident = $auth->getIdentity();
if ($resource->getResourceId() == 'projects_m_project') {
foreach ($resource->Projects_Model_Leader as $leader) {
if ($leader->user_id == $ident->id) {
return true;
}
}
return false;
} else {
$q = Doctrine_Query::create()->from('Projects_Model_Leader pl')->where('user_id = ?', $ident->id);
if ($q->count()) {
return true;
}
return false;
}
}
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
if (!$resource instanceof Issues_Model_Abstract) {
throw new Issues_Model_Exception('Invalid resource for this assertion');
}
list($resourceType, $resourceId) = explode('-', $resource->getResourceId());
if (!$resource->isPrivate()) {
return $acl->isAllowed($role, $resourceType, $privilege);
}
$userService = Zend_Registry::get('Default_DiContainer')->getUserService();
$userRoles = $userService->getIdentity()->getRoles();
foreach ($userRoles as $i) {
$roles[] = $i->getRoleId();
}
$aclService = Zend_Registry::get('Default_DiContainer')->getAclService();
$records = $aclService->getResourceRecords($roles, $resourceType, $resourceId);
if (count($records)) {
return false;
} else {
return true;
}
}
/**
* Returns the rules associated with a Resource and a Role, or null if no such rules exist
*
* If either $resource or $role is null, this means that the rules returned are for all Resources or all Roles,
* respectively. Both can be null to return the default rule set for all Resources and all Roles.
*
* If the $create parameter is true, then a rule set is first created and then returned to the caller.
*
* @param Zend_Acl_Resource_Interface $resource
* @param Zend_Acl_Role_Interface $role
* @param boolean $create
* @return array|null
*/
protected function &_getRules(Zend_Acl_Resource_Interface $resource = null, Zend_Acl_Role_Interface $role = null,
$create = false)
{
// create a reference to null
$null = null;
$nullRef =& $null;
// follow $resource
do {
if (null === $resource) {
$visitor =& $this->_rules['allResources'];
break;
}
$resourceId = $resource->getResourceId();
if (!isset($this->_rules['byResourceId'][$resourceId])) {
if (!$create) {
return $nullRef;
}
$this->_rules['byResourceId'][$resourceId] = array();
}
$visitor =& $this->_rules['byResourceId'][$resourceId];
} while (false);
// follow $role
if (null === $role) {
if (!isset($visitor['allRoles'])) {
if (!$create) {
return $nullRef;
}
$visitor['allRoles']['byPrivilegeId'] = array();
}
return $visitor['allRoles'];
}
$roleId = $role->getRoleId();
if (!isset($visitor['byRoleId'][$roleId])) {
if (!$create) {
return $nullRef;
}
$visitor['byRoleId'][$roleId]['byPrivilegeId'] = array();
$visitor['byRoleId'][$roleId]['allPrivileges'] = array('type' => null, 'assert' => null);
}
return $visitor['byRoleId'][$roleId];
}
/**
* Checks the Acl to see if this $user (role) can preform this $action on this $resource. If no specific rules have been defined for this $resource, the resource's type will be found
* and it will be checked.
*
* @param string|Zend_Acl_Role_Interface $user The user to check
* @param string|Zend_Acl_Resource_Interface $resource The resource to check
* @param string $action The privilege to check
* @return boolean
*/
function isAllowed($user, $resource, $action)
{
//Store role for use by assertions
if ($user instanceof Zend_Acl_Role_Interface) {
$this->acl->_entrada_last_query_role = $user;
} else {
$this->acl->_entrada_last_query_role = new Zend_Acl_Role($user);
}
//Grab resource ID and store resource for use by assertions
if ($resource instanceof Zend_Acl_Resource_Interface) {
$resource_id = $resource->getResourceId();
$this->acl->_entrada_last_query = $resource;
} else {
$resource_id = $resource;
$this->acl->_entrada_last_query = new Zend_Acl_Resource($resource);
}
$resourcetype = preg_replace('/[0-9]+/', '', $resource_id);
if ($this->acl->has($resource)) {
return $this->acl->isAllowed($user, $resource, $action);
} else {
if ($this->acl->has($resourcetype)) {
if ($resource instanceof Zend_Acl_Resource_Interface) {
$resourcetype = $resource;
$resourcetype->specific = false;
}
return $this->acl->isAllowed($user, $resourcetype, $action);
}
}
return false;
}
/**
* Removes a Resource and all of its children
*
* The $resource parameter can either be a Resource or a Resource identifier.
*
* @param Zend_Acl_Resource_Interface|string $resource
* @throws {@link Zend_Acl_Exception}
* @return Zend_Acl Provides a fluent interface
*/
public function remove($resource)
{
if ($this->hasCachingAdapter()) {
$this->_checkCaching();
}
$resourceId = $resource instanceof Zend_Acl_Resource_Interface ? $resource->getResourceId() : (string) $resource;
$this->_setResourceUnloaded($resourceId);
$arrResources = $this->_getAdapter()->removeResource($resourceId);
foreach ($arrResources as $resource) {
if ($this->has($resource) && $resource != $resourceId) {
parent::remove($role);
}
if ($this->hasResourceLoaded($resource)) {
$this->_setResourceUnloaded($resource);
}
//Zum Cachen freigeben:
if ($this->hasCachingAdapter()) {
$this->_getCachingAdapter()->change(null, $resource);
}
}
//Zum Cachen freigeben:
if ($this->hasCachingAdapter()) {
$this->_getCachingAdapter()->change(null, $resourceId);
}
return parent::remove($resourceId);
}
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
{
global $db;
//If asserting is off then return true right away
if (isset($resource->assert) && $resource->assert == false || isset($acl->_entrada_last_query) && isset($acl->_entrada_last_query->assert) && $acl->_entrada_last_query->assert == false) {
return true;
}
if (isset($resource->eform_id)) {
$eform_id = $resource->eform_id;
} else {
if (isset($acl->_entrada_last_query->eform_id)) {
$eform_id = $acl->_entrada_last_query->eform_id;
} else {
//Parse out the user ID and course ID
$resource_id = $resource->getResourceId();
$resource_type = preg_replace('/[0-9]+/', "", $resource_id);
if ($resource_type !== "evaluationform") {
//This only asserts for users authoring evaluation forms.
return false;
}
$eform_id = preg_replace('/[^0-9]+/', "", $resource_id);
}
}
$role_id = $role->getRoleId();
$access_id = preg_replace('/[^0-9]+/', "", $role_id);
$query = "SELECT `user_id` FROM `" . AUTH_DATABASE . "`.`user_access`\n\t\t\t\t\tWHERE `id` = " . $db->qstr($access_id);
$user_id = $db->GetOne($query);
if (!isset($user_id) || !$user_id) {
$role_id = $acl->_entrada_last_query_role->getRoleId();
$access_id = preg_replace('/[^0-9]+/', "", $role_id);
$query = "SELECT `user_id` FROM `" . AUTH_DATABASE . "`.`user_access`\n\t\t\t\t\t\tWHERE `id` = " . $db->qstr($access_id);
$user_id = $db->GetOne($query);
}
$permissions = Models_Evaluation::getFormAuthorPermissions($eform_id);
if ($permissions) {
return true;
} else {
return false;
}
}
/**
* <p>Lädt eine Resource.</p>
* <p>Der zurückgegebene Array sieht ist wie folgt aufgebaut:
* <code>
* $array = array(
* 0 => array(
* 0 => 'resource1',
* 1 => null
* ),
* 1 => array(
* 0 => 'resource2',
* 1 => null
* ),
* 2 => array(
* 0 => 'resource3',
* 1 => 'resource1'
* ),
* 3 => array(
* 0 => 'resource4',
* 1 => 'resource2'
* )
* );
* </code>
* </p>
* @param Zend_Acl_Resource_Interface|string|null $resource
* @return array
*/
public function loadResource($resource)
{
$resourceId = $resource instanceof Zend_Acl_Resource_Interface ? $resource->getResourceId() : (string) $resource;
$arrResources = $this->_loadResources($resourceId);
$arrReturn = array();
foreach ($arrResources as $arrResource) {
$arrReturn[] = array(0 => $arrResource[$this->_getResourceColumn(self::RESOURCE_NAME)], 1 => isset($arrResource[$this->_getResourceColumn(self::RESOURCE_PARENT)]) ? $arrResource[$this->_getResourceColumn(self::RESOURCE_PARENT)] : null);
}
return $arrReturn;
}
