/**
* @param String $key
* @return boolean
*/
public function isAllowed($key)
{
if (!$this->getPermission($key)) {
// check roles
foreach ($this->getRoles() as $roleId) {
$role = User_Role::getById($roleId);
if ($role->getPermission($key)) {
return true;
}
}
}
return $this->getPermission($key);
}
/**
* find all elements which the user may not list and therefore may never be shown to the user
* @param string $type asset|object|document
* @return array
*/
public static function findForbiddenPaths($type, $user)
{
if ($user->isAdmin()) {
return array();
}
// get workspaces
$workspaces = $user->{"getWorkspaces" . ucfirst($type)}();
foreach ($user->getRoles() as $roleId) {
$role = User_Role::getById($roleId);
$workspaces = array_merge($workspaces, $role->{"getWorkspaces" . ucfirst($type)}());
}
$forbidden = array();
if (count($workspaces) > 0) {
foreach ($workspaces as $workspace) {
if (!$workspace->getList()) {
$forbidden[] = $workspace->getCpath();
}
}
} else {
$forbidden[] = "/";
}
return $forbidden;
}
public function roleGetAction()
{
$role = User_Role::getById(intval($this->_getParam("id")));
// workspaces
$types = array("asset", "document", "object");
foreach ($types as $type) {
$workspaces = $role->{"getWorkspaces" . ucfirst($type)}();
foreach ($workspaces as $workspace) {
$el = Element_Service::getElementById($type, $workspace->getCid());
if ($el) {
// direct injection => not nice but in this case ok ;-)
$workspace->path = $el->getFullPath();
}
}
}
// get available permissions
$availableUserPermissionsList = new User_Permission_Definition_List();
$availableUserPermissions = $availableUserPermissionsList->load();
$this->_helper->json(array("success" => true, "role" => $role, "permissions" => $role->generatePermissionList(), "availablePermissions" => $availableUserPermissions));
}
