function testLoadRole()
{
$ur = User_Role::getOneFromDb(['user_role_link_id' => 301], $this->DB);
$this->assertEqual(301, $ur->user_role_link_id);
$ur->loadRole();
$this->assertEqual(3, $ur->role->role_id);
}
public function getUsers()
{
$urs = User_Role::getAllFromDb(['role_id' => $this->role_id], $this->dbConnection);
$user_ids = Db_Linked::arrayOfAttrValues($urs, 'user_id');
$users = User::getAllFromDb(['user_id' => $user_ids], $this->dbConnection);
usort($users, 'User::cmp');
return $users;
}
public function editAction()
{
//add role if it is provided
parent::editAction();
if ($this->_hasParam('roles_list')) {
$objUser = $this->view->object;
// when the list of roles is submitted directly with user form
$arrExistingRoles = array();
foreach ($objUser->getRoles() as $objRole) {
$arrExistingRoles[$objRole->getId()] = $objRole->getId();
}
$arrNewIds = array();
$arrIds = explode(",", $this->_getParam('roles_list'));
foreach ($arrIds as $nRoleId) {
$nRoleId = trim($nRoleId);
if ($nRoleId == '') {
continue;
}
$arrNewIds[$nRoleId] = $nRoleId;
if (!isset($arrExistingRoles[$nRoleId])) {
// need to add a role
$objUserRole = User_UserRole::Table()->createRow();
$objUserRole->ucur_user_id = $objUser->getId();
$objUserRole->ucur_role_id = $nRoleId;
$objUserRole->save(false);
}
}
// walking through existing roles, delete IDs
foreach ($arrExistingRoles as $nRoleId) {
if (!isset($arrNewIds[$nRoleId])) {
// this role has to be deleted
$objUserRole = User_UserRole::Table()->findRole($objUser->getId(), $nRoleId);
if (is_object($objUserRole)) {
$objUserRole->delete();
}
}
}
$objUser->cleanCache();
$this->view->object = $objUser;
} else {
if ($this->_hasParam('role') && $this->_getParam('role') != '') {
$strRole = $this->_getParam('role');
$objRole = User_Role::Table()->findByName($strRole);
if (!is_object($objRole)) {
throw new App_Exception('Invalid User Role');
}
$objUser = $this->view->object;
if (!$objUser->hasRole($strRole)) {
$objUserRole = User_UserRole::Table()->createRow();
$objUserRole->ucur_user_id = $objUser->getId();
$objUserRole->ucur_role_id = $objRole->getId();
$objUserRole->save(false);
$objUser->cleanCache();
}
}
}
}
public function getRoles()
{
$user_roles = array();
$user_roles = User_Role::getAllFromDb(['user_id' => $this->user_id], $this->dbConnection);
if (count($user_roles) <= 0) {
return array(Role::getOneFromDb(['name' => 'public'], $this->dbConnection));
}
// $roles = Role::getAllFromDb(['role_id'=>array_map(function($e){return $e->role_id;},$user_roles)],
$roles = Role::getAllFromDb(['role_id' => Db_Linked::arrayOfAttrValues($user_roles, 'role_id')], $this->dbConnection);
return $roles;
}
/**
* find all elements which the user may not list and therefore may never be shown to the user
* @param string $type asset|object|document
* @return array
*/
public static function findForbiddenPaths($type, $user)
{
if ($user->isAdmin()) {
return array();
}
// get workspaces
$workspaces = $user->{"getWorkspaces" . ucfirst($type)}();
foreach ($user->getRoles() as $roleId) {
$role = User_Role::getById($roleId);
$workspaces = array_merge($workspaces, $role->{"getWorkspaces" . ucfirst($type)}());
}
$forbidden = array();
if (count($workspaces) > 0) {
foreach ($workspaces as $workspace) {
if (!$workspace->getList()) {
$forbidden[] = $workspace->getCpath();
}
}
} else {
$forbidden[] = "/";
}
return $forbidden;
}
/**
* @return void
*/
protected function _addDefaultAccounts()
{
$cfgDefaultAccounts = App_Application::getInstance()->getConfig()->user->list;
if (is_object($cfgDefaultAccounts)) {
$cfgDefaultAccount = null;
$tblRole = User_Role::Table();
$tblUserRole = User_UserRole::Table();
/** @var $cfgDefaultAccount User_Account */
foreach ($cfgDefaultAccounts as $cfgDefaultAccount) {
$objAccount = $this->_addDefaultAccount($cfgDefaultAccount->toArray());
if (is_object($cfgDefaultAccount->roles)) {
// add roles for a user...
$arrRoles = $cfgDefaultAccount->roles;
foreach ($arrRoles as $strRoleName) {
$objRole = $tblRole->findByName($strRoleName);
if (is_object($objRole) && !is_object($tblUserRole->findRole($objAccount->getId(), $objRole->getId()))) {
$objUserRole = $tblUserRole->createRow();
$objUserRole->ucur_user_id = $objAccount->getId();
$objUserRole->ucur_role_id = $objRole->getId();
$objUserRole->save();
}
}
}
}
}
}
/**
* @param string $strRole
* @return void
*/
public function removeRole($strRole)
{
$objRole = User_Role::Table()->findByName($strRole);
if (!is_object($objRole)) {
throw new App_Exception('Invalid user role ' . $strRole);
}
$nRoleId = $objRole->getId();
$objUserRole = User_UserRole::Table()->findRole($this->getId(), $nRoleId);
if (is_object($objUserRole)) {
$objUserRole->delete();
$this->cleanCache();
}
}
/**
* @param String $key
* @return boolean
*/
public function isAllowed($key)
{
if (!$this->getPermission($key)) {
// check roles
foreach ($this->getRoles() as $roleId) {
$role = User_Role::getById($roleId);
if ($role->getPermission($key)) {
return true;
}
}
}
return $this->getPermission($key);
}
public function roleGetAction()
{
$role = User_Role::getById(intval($this->_getParam("id")));
// workspaces
$types = array("asset", "document", "object");
foreach ($types as $type) {
$workspaces = $role->{"getWorkspaces" . ucfirst($type)}();
foreach ($workspaces as $workspace) {
$el = Element_Service::getElementById($type, $workspace->getCid());
if ($el) {
// direct injection => not nice but in this case ok ;-)
$workspace->path = $el->getFullPath();
}
}
}
// get available permissions
$availableUserPermissionsList = new User_Permission_Definition_List();
$availableUserPermissions = $availableUserPermissionsList->load();
$this->_helper->json(array("success" => true, "role" => $role, "permissions" => $role->generatePermissionList(), "availablePermissions" => $availableUserPermissions));
}
