/** * Returns true if and only if the assertion conditions are met * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param null $privilege * @return bool * @throws Exception */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } $orgId = $role->getOrganizationId(); switch (true) { case $resource instanceof OrgModelAbstract: return $orgId === $resource->getParentId(); case $resource instanceof Model\PreBillModel: return true; //TODO: we need serviceProviderId from ericsson return $orgId === $resource->getServiceProvider()->getId(); case $resource instanceof UserModel: try { $org = $resource->getOrganization(); if (NULL !== $org) { return $orgId === $org->getParentId(); } App::log()->err("User (" . $resource->getId() . ") organization (" . $resource->getOrganizationId() . ") doesn't exist"); return false; } catch (Exception $e) { return false; } case $resource instanceof Model\CommercialGroupModel: // customerId is one of service provider customers? // TODO aggregatorId case? $org = OrgService::getInstance()->load($resource->getCustomerId()); return $org && $orgId === $org->getParentId(); case $resource instanceof Model\ReportModel: $params = $resource->getParams(); if (isset($params['orgId']) && !empty($params['orgId'])) { $org = OrgService::getInstance()->load($params['orgId']); return $org && $orgId === $org->getParentId(); } else { return true; } } throw new Exception('Resource must be an instance of OrgModelAbstract or UserModel'); }