/**
* Usuwanie uprawnień do kontrolerów/akcji
*
* Wszystkie zasoby dziedziczą po swoich przodkach (kontroler.akcja po kontrolerze, kontroler po module), podobnie role i grupy uprawnień.
* Rola użytkownika (w sensie ACL) to "profil_{id_profilu}" i do profilu przywiązane są grupy uprawnień i role.
*
* @return Zend_Acl
*/
public function getAcl()
{
$oddzial = ODDZIAL_ID;
$profil = $this->getCurrentProfile();
$aclProfileId = $profil ? $profil->id : 'none';
if ($aclProfileId !== "none") {
$cm = $this->getBootstrap()->getResource('cachemanager');
$cache = $cm->getCache('rolecache');
$front = Zend_Controller_Front::getInstance();
$pluginAcl = $front->getPlugin('Base_Controller_Plugin_Acl');
$branch_name = is_numeric(ODDZIAL_ID) && ODDZIAL_ID > 0 ? '_' . ODDZIAL_ID : '';
$this->acl = $cache->load('acl_profile_' . $aclProfileId . $branch_name);
if (!$this->acl) {
$this->acl = $front->getPlugin('Base_Controller_Plugin_Acl')->getAcl();
$this->_groups = $all_groups = $grupy = $this->getGroups();
$profileResourceDenyModel = new ProfileResourceDeny();
$profileResourceDeny = $profileResourceDenyModel->fetchAll("id_profile=" . $aclProfileId)->toArray();
$rup = array();
foreach ($profileResourceDeny as $gpr) {
$rupModel = new GroupLinkResource();
$rup = array_merge($rup, $rupModel->fetchAll("id_group=" . $gpr['id_group'])->toArray());
}
$tmp = $this->getResources();
$up = $tmp['mvc']->toArray();
$upArray = array();
/**
* Dla każdego zasobu dodajemy resource z odpowiednim przodkiem
*/
foreach ($up as $u) {
$upArray[$u['id']] = $u;
$module = $u['module'];
$controller = $u['controller'];
$action = $u['action'];
if ('*' == $controller) {
$resource = $this->buildResourceName('mvc', $module);
$parent = null;
}
if ('*' == $action) {
$resource = $this->buildResourceName('mvc', $module, $controller);
$parent = $this->buildResourceName('mvc', $module);
if (!$this->acl->has($parent)) {
$this->acl->add(new Zend_Acl_Resource($parent), null);
}
}
if ('*' != $action and $action) {
$resource = $this->buildResourceName('mvc', $module, $controller, $action);
$parent = $this->buildResourceName('mvc', $module, $controller);
if (!$this->acl->has($parent)) {
$this->acl->add(new Zend_Acl_Resource($parent), null);
}
}
if (!$this->acl->has($resource)) {
$this->acl->add(new Zend_Acl_Resource($resource), $parent);
}
}
/**
* Usuwanie resource'ów z ról/grup
*/
foreach ($rup as $r) {
$module = $upArray[$r['id_resource']]['module'];
$controller = $upArray[$r['id_resource']]['controller'];
$action = $upArray[$r['id_resource']]['action'];
$role = 'group_' . (int) $all_groups[$r['id_group']]['priority'] . "_" . $r['id_group'];
if ('*' == $controller) {
$resource = $this->buildResourceName('mvc', $module);
} elseif ('*' == $action) {
$resource = $this->buildResourceName('mvc', $module, $controller);
} elseif ('*' != $action and $action) {
$resource = $this->buildResourceName('mvc', $module, $controller, $action);
}
/**
* Usuwanie grup z profilu
*/
$this->acl->deny($role, $resource);
$cache->save($this->acl, 'acl_profile_' . $aclProfileId . $branch_name);
}
}
return $this->acl;
}
}
/**
* Pobieranie uprawnień dla profilu
* @param Integer $id
* @return Array $resources
*/
public function getResourcesForProfile($id)
{
$profileModel = new Profile();
$profile = $profileModel->findOne($id);
$cm = Zend_Controller_Front::getInstance()->getParam('bootstrap')->getResource('cachemanager');
$cache = $cm->getCache('filecache');
if (!($data = $cache->load('profile_' . $id))) {
$roles = $profile->findDependentRowset('ProfileRole')->toArray();
$roleGroupModel = new RoleGroup();
$profileResourceDenyModel = new ProfileResourceDeny();
$denyArr = $profileResourceDenyModel->fetchAll("id_profile=" . $id)->toArray();
foreach ($denyArr as $key => $deny) {
if ($key > 0) {
$comma = ", ";
}
$deniedGroups = $deniedGroups . $comma . $deny['id_group'];
}
$res['group'] = array();
foreach ($roles as $role) {
if ($deniedGroups) {
$groups = $roleGroupModel->fetchAll("id_role=" . $role['id_role'] . " AND id_group NOT IN (" . $deniedGroups . ")")->toArray();
} else {
$groups = $roleGroupModel->fetchAll("id_role=" . $role['id_role'])->toArray();
}
$res['group'] = array_merge($res['group'], $groups);
}
$cache->save($data, 'profile_' . $id, array('profiles', 'user_' . $this->id, 'groups'));
}
return $res;
}
