/**
* check if a valid user Id is given. if not throw an exception
*
* @access private
* @throws Exception if no valid id is given
* @return integer the Id
*/
private function checkUserIdParam()
{
$id = $this->getRequest()->getParam('id');
if ($id === NULL || is_numeric($id) === FALSE || $this->dbUser->find($id)->count() === 0) {
throw new Admin_Model_Acl_Exception('Invalid or no Id Parameter given');
}
return (int) $id;
}
/**
* Edit a role and assign users and groups to this role
*
* @view /views/scripts/role/edit.phtml
* @access public
*/
public function editAction()
{
$roleRow = new Admin_Model_DbRow_Role($this->dbRole->find($this->checkRoleIdParam()));
$groups = array();
$users = array();
$inhterits = array();
foreach ($this->dbGroup->fetchAll() as $row) {
$groups[] = new Admin_Model_DbRow_Group($row);
}
foreach ($this->dbUser->fetchAll() as $row) {
$users[] = new Admin_Model_DbRow_User($row);
}
foreach ($this->dbRole->fetchAll() as $row) {
$inherit = new Admin_Model_DbRow_Role($row);
if ($inherit->get('id') !== $roleRow->get('id')) {
$inhterits[] = $inherit;
}
}
$form = new Admin_Form_Role_Edit($roleRow, $groups, $users, $inhterits);
if ($this->getRequest()->isPost()) {
if ($form->isValid($this->getRequest()->getParams())) {
$selectedGroups = $form->getValue('groups');
$selectedUsers = $form->getValue('users');
$roleInheritance = $form->getValue('inherit');
$this->dbRole->update($roleRow->toDbArray(array('name', 'description')), $roleRow->get('id'));
// delete current settings
$this->dbRoleInherit->deleteWithRoleId($roleRow->get('id'));
$this->dbRoleMember->deleteWithRoleId($roleRow->get('id'));
// add the new setting
foreach ($roleInheritance as $inherit) {
// dont insert "no inheritance" in the database or self as inheritance
if ($inherit == 0 || $inherit == $roleRow->get('id')) {
continue;
}
$this->dbRoleInherit->insert($roleRow->get('id'), $inherit);
}
foreach ($selectedGroups as $group) {
$this->dbRoleMember->insert($roleRow->get('id'), $group, Admin_Model_DbTable_Acl_RoleMember::MEMBER_TYPE_GROUP);
}
foreach ($selectedUsers as $user) {
$this->dbRoleMember->insert($roleRow->get('id'), $user, Admin_Model_DbTable_Acl_RoleMember::MEMBER_TYPE_USER);
}
$this->_redirect('admin/role/index');
}
}
$form->getElement('groups')->setValue($this->dbRoleMember->getRoleBindingToId($roleRow->get('id'), Admin_Model_DbTable_Acl_RoleMember::MEMBER_TYPE_GROUP));
$form->getElement('users')->setValue($this->dbRoleMember->getRoleBindingToId($roleRow->get('id'), Admin_Model_DbTable_Acl_RoleMember::MEMBER_TYPE_USER));
$form->getElement('inherit')->setValue($this->dbRoleInherit->getInheritedRoles($roleRow->get('id')));
$this->view->form = $form;
}
/**
* Update the informations for a selected role
*
* @return array
*/
public function saveEditRoleAction()
{
$roleModel = new Admin_Model_DbTable_Acl_Role();
$roleMembers = new Admin_Model_DbTable_Acl_RoleMember();
$roleInherits = new Admin_Model_DbTable_Acl_RoleInherit();
$userModel = new Admin_Model_DbTable_Users();
$groupModel = new Admin_Model_DbTable_Groups();
$roleRow = new Admin_Model_DbRow_Role($roleModel->find($this->request->getParam('id', 0)));
$pUsers = Zend_Json_Decoder::decode($this->request->getParam('users', ''));
$pGroups = Zend_Json_Decoder::decode($this->request->getParam('groups', ''));
$pRoles = Zend_Json_Decoder::decode($this->request->getParam('roles', ''));
$errors = array();
if (strtolower($this->request->getParam('name', '')) !== strtolower($roleRow->get('name'))) {
if ($roleModel->fetchRowByRoleName($this->request->getParam('name', ''))) {
return $this->responseFailure('Error saving informations', 'The role name is already used');
}
}
// validate the posted users, groups and inherited roles
if (is_array($pUsers)) {
$tmp = array();
foreach ($pUsers as $user) {
$u = $userModel->find($user);
if ($u->count() === 1) {
$tmp[] = new Admin_Model_DbRow_User($u);
}
}
$pUsers = $tmp;
}
if (is_array($pGroups)) {
$tmp = array();
foreach ($pGroups as $group) {
$g = $groupModel->find($group);
if ($g->count() === 1) {
$tmp[] = new Admin_Model_DbRow_Group($g);
}
}
$pGroups = $tmp;
}
if (is_array($pRoles)) {
$tmp = array();
foreach ($pRoles as $role) {
$r = $roleModel->find($role);
if ($r->count() === 1) {
$tmp[] = new Admin_Model_DbRow_Role($r);
}
}
$pRoles = $tmp;
}
if ($roleRow->get('id')) {
$roleRow->fromArray(array('name' => $this->request->getParam('name'), 'description' => $this->request->getParam('description', ''), 'enabled' => $this->request->getParam('enabled', 'false') == 'true' ? 1 : 0));
$roleModel->update($roleRow->toDbArray(), $roleRow->get('id'));
$roleMembers->deleteWithRoleId($roleRow->get('id'));
$roleInherits->deleteWithRoleId($roleRow->get('id'));
foreach ($pGroups as $group) {
$roleMembers->insert($roleRow->get('id'), $group->get('id'), Admin_Model_DbTable_Acl_RoleMember::MEMBER_TYPE_GROUP);
}
foreach ($pUsers as $user) {
$roleMembers->insert($roleRow->get('id'), $user->get('id'), Admin_Model_DbTable_Acl_RoleMember::MEMBER_TYPE_USER);
}
foreach ($pRoles as $inheritRole) {
// do not add self row als inherit role, could cause loop in acl
if ($inheritRole != $roleRow->get('id')) {
$roleInherits->insert($roleRow->get('id'), $inheritRole->get('id'));
}
}
return $this->responseSuccess();
}
return $this->responseFailure('Error saving informations', 'Unknown Role ID. Editing not possible');
}