/** * Usuwanie uprawnień do kontrolerów/akcji * * Wszystkie zasoby dziedziczą po swoich przodkach (kontroler.akcja po kontrolerze, kontroler po module), podobnie role i grupy uprawnień. * Rola użytkownika (w sensie ACL) to "profil_{id_profilu}" i do profilu przywiązane są grupy uprawnień i role. * * @return Zend_Acl */ public function getAcl() { $oddzial = ODDZIAL_ID; $profil = $this->getCurrentProfile(); $aclProfileId = $profil ? $profil->id : 'none'; if ($aclProfileId !== "none") { $cm = $this->getBootstrap()->getResource('cachemanager'); $cache = $cm->getCache('rolecache'); $front = Zend_Controller_Front::getInstance(); $pluginAcl = $front->getPlugin('Base_Controller_Plugin_Acl'); $branch_name = is_numeric(ODDZIAL_ID) && ODDZIAL_ID > 0 ? '_' . ODDZIAL_ID : ''; $this->acl = $cache->load('acl_profile_' . $aclProfileId . $branch_name); if (!$this->acl) { $this->acl = $front->getPlugin('Base_Controller_Plugin_Acl')->getAcl(); $this->_groups = $all_groups = $grupy = $this->getGroups(); $profileResourceDenyModel = new ProfileResourceDeny(); $profileResourceDeny = $profileResourceDenyModel->fetchAll("id_profile=" . $aclProfileId)->toArray(); $rup = array(); foreach ($profileResourceDeny as $gpr) { $rupModel = new GroupLinkResource(); $rup = array_merge($rup, $rupModel->fetchAll("id_group=" . $gpr['id_group'])->toArray()); } $tmp = $this->getResources(); $up = $tmp['mvc']->toArray(); $upArray = array(); /** * Dla każdego zasobu dodajemy resource z odpowiednim przodkiem */ foreach ($up as $u) { $upArray[$u['id']] = $u; $module = $u['module']; $controller = $u['controller']; $action = $u['action']; if ('*' == $controller) { $resource = $this->buildResourceName('mvc', $module); $parent = null; } if ('*' == $action) { $resource = $this->buildResourceName('mvc', $module, $controller); $parent = $this->buildResourceName('mvc', $module); if (!$this->acl->has($parent)) { $this->acl->add(new Zend_Acl_Resource($parent), null); } } if ('*' != $action and $action) { $resource = $this->buildResourceName('mvc', $module, $controller, $action); $parent = $this->buildResourceName('mvc', $module, $controller); if (!$this->acl->has($parent)) { $this->acl->add(new Zend_Acl_Resource($parent), null); } } if (!$this->acl->has($resource)) { $this->acl->add(new Zend_Acl_Resource($resource), $parent); } } /** * Usuwanie resource'ów z ról/grup */ foreach ($rup as $r) { $module = $upArray[$r['id_resource']]['module']; $controller = $upArray[$r['id_resource']]['controller']; $action = $upArray[$r['id_resource']]['action']; $role = 'group_' . (int) $all_groups[$r['id_group']]['priority'] . "_" . $r['id_group']; if ('*' == $controller) { $resource = $this->buildResourceName('mvc', $module); } elseif ('*' == $action) { $resource = $this->buildResourceName('mvc', $module, $controller); } elseif ('*' != $action and $action) { $resource = $this->buildResourceName('mvc', $module, $controller, $action); } /** * Usuwanie grup z profilu */ $this->acl->deny($role, $resource); $cache->save($this->acl, 'acl_profile_' . $aclProfileId . $branch_name); } } return $this->acl; } }
/** * Pobieranie uprawnień dla profilu * @param Integer $id * @return Array $resources */ public function getResourcesForProfile($id) { $profileModel = new Profile(); $profile = $profileModel->findOne($id); $cm = Zend_Controller_Front::getInstance()->getParam('bootstrap')->getResource('cachemanager'); $cache = $cm->getCache('filecache'); if (!($data = $cache->load('profile_' . $id))) { $roles = $profile->findDependentRowset('ProfileRole')->toArray(); $roleGroupModel = new RoleGroup(); $profileResourceDenyModel = new ProfileResourceDeny(); $denyArr = $profileResourceDenyModel->fetchAll("id_profile=" . $id)->toArray(); foreach ($denyArr as $key => $deny) { if ($key > 0) { $comma = ", "; } $deniedGroups = $deniedGroups . $comma . $deny['id_group']; } $res['group'] = array(); foreach ($roles as $role) { if ($deniedGroups) { $groups = $roleGroupModel->fetchAll("id_role=" . $role['id_role'] . " AND id_group NOT IN (" . $deniedGroups . ")")->toArray(); } else { $groups = $roleGroupModel->fetchAll("id_role=" . $role['id_role'])->toArray(); } $res['group'] = array_merge($res['group'], $groups); } $cache->save($data, 'profile_' . $id, array('profiles', 'user_' . $this->id, 'groups')); } return $res; }