private function hasAccessToSharedNavigationItem(&$config) { // TODO: Provide a more sophisticated solution if (isset($config['owner']) && $config['owner'] === $this->user->getUsername()) { unset($config['owner']); return true; } if (isset($config['users'])) { $users = array_map('trim', explode(',', strtolower($config['users']))); if (in_array('*', $users, true) || in_array($this->user->getUsername(), $users, true)) { unset($config['users']); return true; } } if (isset($config['groups'])) { $groups = array_map('trim', explode(',', strtolower($config['groups']))); if (in_array('*', $groups, true)) { unset($config['groups']); return true; } $userGroups = array_map('strtolower', $this->user->getGroups()); $matches = array_intersect($userGroups, $groups); if (!empty($matches)) { unset($config['groups']); return true; } } return false; }
/** * Apply permissions, restrictions and roles to the given user * * @param User $user */ public function applyRoles(User $user) { $username = $user->getUsername(); try { $roles = Config::app('roles'); } catch (NotReadableError $e) { Logger::error('Can\'t get permissions and restrictions for user \'%s\'. An exception was thrown:', $username, $e); return; } $userGroups = $user->getGroups(); $permissions = array(); $restrictions = array(); $roleObjs = array(); foreach ($roles as $roleName => $role) { if ($this->match($username, $userGroups, $role)) { $permissionsFromRole = StringHelper::trimSplit($role->permissions); $permissions = array_merge($permissions, array_diff($permissionsFromRole, $permissions)); $restrictionsFromRole = $role->toArray(); unset($restrictionsFromRole['users']); unset($restrictionsFromRole['groups']); unset($restrictionsFromRole['permissions']); foreach ($restrictionsFromRole as $name => $restriction) { if (!isset($restrictions[$name])) { $restrictions[$name] = array(); } $restrictions[$name][] = $restriction; } $roleObj = new Role(); $roleObjs[] = $roleObj->setName($roleName)->setPermissions($permissionsFromRole)->setRestrictions($restrictionsFromRole); } } $user->setPermissions($permissions); $user->setRestrictions($restrictions); $user->setRoles($roleObjs); }
private function hasAccessToSharedNavigationItem(&$config, Config $navConfig) { // TODO: Provide a more sophisticated solution if (isset($config['owner']) && strtolower($config['owner']) === strtolower($this->user->getUsername())) { unset($config['owner']); unset($config['users']); unset($config['groups']); return true; } if (isset($config['parent']) && $navConfig->hasSection($config['parent'])) { unset($config['owner']); if (isset($this->accessibleMenuItems[$config['parent']])) { return $this->accessibleMenuItems[$config['parent']]; } $parentConfig = $navConfig->getSection($config['parent']); $this->accessibleMenuItems[$config['parent']] = $this->hasAccessToSharedNavigationItem($parentConfig, $navConfig); return $this->accessibleMenuItems[$config['parent']]; } if (isset($config['users'])) { $users = array_map('trim', explode(',', strtolower($config['users']))); if (in_array('*', $users, true) || in_array(strtolower($this->user->getUsername()), $users, true)) { unset($config['owner']); unset($config['users']); unset($config['groups']); return true; } } if (isset($config['groups'])) { $groups = array_map('trim', explode(',', strtolower($config['groups']))); if (in_array('*', $groups, true)) { unset($config['owner']); unset($config['users']); unset($config['groups']); return true; } $userGroups = array_map('strtolower', $this->user->getGroups()); $matches = array_intersect($userGroups, $groups); if (!empty($matches)) { unset($config['owner']); unset($config['users']); unset($config['groups']); return true; } } return false; }
/** * Getter for groups belonged to authenticated user * * @return array * @see User::getGroups **/ public function getGroups() { return $this->user->getGroups(); }