/** * Get acl for role * * @param Zend_Acl_Role_Interface $role * @return Zend_Acl */ public function getAcl(Zend_Acl_Role_Interface $role) { if (isset($this->cache[$role->getRoleId()])) { return $this->cache[$role->getRoleId()]; } $acl = new Zend_Acl(); // set resources $resources = $this->getResources(); foreach (array_keys($resources) as $resource) { $acl->addResource($resource); } // get role parents if possible $method = self::PARENTS_METHOD; $parents = NULL; if (method_exists($role, $method)) { foreach ($role->{$method}() as $parent) { $parents[] = $parent; $acl->addRole($parent); $this->addRules($acl, $parent); } } // set role $acl->addRole($role, $parents); $this->addRules($acl, $role); return $this->cache[$role->getRoleId()] = $acl; }
/** * Add parent to the $role node * * @param \Zend_Acl_Role_Interface|string $role * @param array|\Zend_Acl_Role_Interface|string $parents * @return $this * @throws \Zend_Acl_Role_Registry_Exception */ public function addParent($role, $parents) { try { if ($role instanceof \Zend_Acl_Role_Interface) { $roleId = $role->getRoleId(); } else { $roleId = $role; $role = $this->get($role); } } catch (\Zend_Acl_Role_Registry_Exception $e) { throw new \Zend_Acl_Role_Registry_Exception("Child Role id '{$roleId}' does not exist"); } if (!is_array($parents)) { $parents = [$parents]; } foreach ($parents as $parent) { try { if ($parent instanceof \Zend_Acl_Role_Interface) { $roleParentId = $parent->getRoleId(); } else { $roleParentId = $parent; } $roleParent = $this->get($roleParentId); } catch (\Zend_Acl_Role_Registry_Exception $e) { throw new \Zend_Acl_Role_Registry_Exception("Parent Role id '{$roleParentId}' does not exist"); } $this->_roles[$roleId]['parents'][$roleParentId] = $roleParent; $this->_roles[$roleParentId]['children'][$roleId] = $role; } return $this; }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } if (!$resource instanceof WatcherModel) { throw new Exception('Resource must be an instance of WatcherModel'); } switch ($resource->scope) { case 'user': return $role->id == $resource->scopeId; case 'apiId': if (!$role instanceof \Application\Model\CurrentUserModel || !$role->isApiAuthUser()) { return FALSE; } return $role->apiId == $resource->scopeId; case 'token': if (Zend_Auth::getInstance()->hasIdentity() && ($ident = Zend_Auth::getInstance()->getIdentity()) && isset($ident['token'])) { return $ident['token'] === $resource->scopeId; } return false; case 'organization': return $role->organizationId === $resource->scopeId; } return false; }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } // Get the organization $orgService = \Application\Service\OrgService::getInstance(); $org = $orgService->load($role->getOrganizationId()); if ($org->getType() != OrgCustomerModel::ORG_TYPE) { $org = $orgService->getParentByType($org, OrgCustomerModel::ORG_TYPE); } if ($org && !is_null($org->getSupplementaryServicesId())) { // Check if the customer has supplementary services configured // with application originated SMS option activated $supplSrv = \Application\Service\SupplServicesService::getInstance(); $services = $supplSrv->load($org->getSupplementaryServicesId()); if ($services && $services->getApplicationOriginatedSms() == SupplServicesModel::ST_ACTIVATED) { return true; } } throw new Exception('Role must have applicationOriginatedSms activated'); }
/** * 判断是否有访问某个游戏的条件 * * @see Zend_Acl_Assert_Interface::assert() */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { if ($this->_request->has('gametype')) { $roleData = ZtChart_Model_Acl_Loader::getInstance()->getRole($role->getRoleId()); return in_array($this->_request->getParam('gametype'), $roleData['role_gametype']); } return true; }
/** * Get rules for role * * @param Zend_Acl_Role_Interface $role * @return array */ public function getRules(\Zend_Acl_Role_Interface $role) { $em = $this->doctrine->getManager(); $queryBuilder = $em->getRepository('Newscoop\\Entity\\Acl\\Rule')->createQueryBuilder('r')->select('r.resource, r.action, r.type')->where('r.role = :role')->setParameter('role', $role->getRoleId()); if (is_a($role, '\\Newscoop\\Entity\\User\\Group')) { // @fix WOBS-568: ignore deny rules for roles $queryBuilder->andWhere('r.type = :allow')->setParameter('allow', 'allow'); } return $queryBuilder->getQuery()->getArrayResult(); }
/** * Get rules for role * * @param Zend_Acl_Role_Interface $role * @return array */ public function getRules(\Zend_Acl_Role_Interface $role) { $em = $this->doctrine->getManager(); $repository = $em->getRepository('Newscoop\\Entity\\Acl\\Rule'); $criteria = array('role' => $role->getRoleId()); if (is_a($role, '\\Newscoop\\Entity\\User\\Group')) { // @fix WOBS-568: ignore deny rules for roles $criteria['type'] = 'allow'; } return $repository->findBy($criteria); }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } return $role->isImpersonating(); }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } if (!$resource instanceof App_ListFilter) { throw new Exception('Resource must be an instance of App_ListFilter'); } $filter = $resource->getOneFilterByFieldName(SimFilterFields::SERVICE_PROVIDER_COMM); if (!$filter) { return false; } return $filter->getValue() == $role->getOrganizationId(); }
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { if (NULL === $role) { return false; } // Ensure we're handled User models if (!$role instanceof \Application\Model\UserModel) { throw new Exception('Role must be an instance of UserModel'); } $org = $role->getOrganization(); $orgConfig = \Application\Service\OrgService::getInstance()->getOrgConfig($org); $keyConfig = $this->getKey(); $valueConfig = $this->getValue(); return $orgConfig->getConfig($keyConfig) == $valueConfig; }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param null $privilege * @return bool * @throws Exception */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof \Application\Model\UserModel) { throw new Exception('Role must be an instance of UserModel'); } $org = $role->getOrganization(); if (!$org instanceof \Application\Model\Organization\OrgServiceProviderModel) { throw new Exception('Org must be an instance of OrgServiceProviderModel'); } return \Application\Service\OrgService::getInstance()->isEnabler($org); }
/** * This assertion should receive the actual User objects. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $user * @param Zend_Acl_Resource_Interface $model * @param $privilege * @return bool */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $user = null, Zend_Acl_Resource_Interface $model = null, $privilege = null) { if ($user) { $sessions = $user->getSessionsToChair(); } else { return false; } $request = Zend_Controller_Front::getInstance()->getRequest(); $param = $request->getParam('id') ? $request->getParam('id') : $request->getParam('session_id'); // perform check if ($param !== null && in_array((int) $param, $sessions, true)) { return true; } else { return false; } }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } $orgId = $role->getOrganizationId(); if (!$resource instanceof SimModel) { throw new Exception('Resource must be an instance of SimModel'); } return $orgId === $resource->getServiceProviderCommercialId(); }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } if (!$resource instanceof OrgModelAbstract) { throw new Exception('Resource must be an instance of OrgModelAbstract'); } $type = $resource->getType(); if (!isset($this->_types[$type])) { throw new Exception('Resource has an undefined organization type'); } $org = $role->getOrganization(); $orgType = $org->getType(); return $this->_diff($this->_types[$orgType], $this->_types[$type]); }
/** * This assertion should receive the actual Presentation objects. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $user * @param Zend_Acl_Resource_Interface $model * @param $privilege * @return bool */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $user = null, Zend_Acl_Resource_Interface $model = null, $privilege = null) { if ($user) { $presentations = $user->getMyPresentations(); } else { return false; } $request = Zend_Controller_Front::getInstance()->getRequest(); $param = $request->getParam('id') ? $request->getParam('id') : $request->getParam('presentation_id'); $presentation = $model->getPresentationById($param); // perform check if ($param !== null && $presentation->isBeforeEditDeadline() && in_array((int) $param, $presentations, true)) { return true; } else { return false; } }
/** * Returns true if and only if the assertion conditions are met * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param null $privilege * @return bool * @throws Exception */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } $orgId = $role->getOrganizationId(); switch (true) { case $resource instanceof OrgModelAbstract: return $orgId === $resource->getParentId(); case $resource instanceof Model\PreBillModel: return true; //TODO: we need serviceProviderId from ericsson return $orgId === $resource->getServiceProvider()->getId(); case $resource instanceof UserModel: try { $org = $resource->getOrganization(); if (NULL !== $org) { return $orgId === $org->getParentId(); } App::log()->err("User (" . $resource->getId() . ") organization (" . $resource->getOrganizationId() . ") doesn't exist"); return false; } catch (Exception $e) { return false; } case $resource instanceof Model\CommercialGroupModel: // customerId is one of service provider customers? // TODO aggregatorId case? $org = OrgService::getInstance()->load($resource->getCustomerId()); return $org && $orgId === $org->getParentId(); case $resource instanceof Model\ReportModel: $params = $resource->getParams(); if (isset($params['orgId']) && !empty($params['orgId'])) { $org = OrgService::getInstance()->load($params['orgId']); return $org && $orgId === $org->getParentId(); } else { return true; } } throw new Exception('Resource must be an instance of OrgModelAbstract or UserModel'); }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } if (!$resource instanceof SimModel) { throw new Exception('Resource must be an instance of SimModel'); } // Get the organization $orgService = \Application\Service\OrgService::getInstance(); if ($orgService->getTypeById($role->getOrganizationId()) == OrgServiceProviderModel::ORG_TYPE) { $org = $orgService->load($resource->customerId); } else { $org = $orgService->load($role->getOrganizationId()); } if ($org->getType() != OrgCustomerModel::ORG_TYPE) { $org = $orgService->getParentByType($org, OrgCustomerModel::ORG_TYPE); } if ($org && !is_null($org->getSupplementaryServicesId())) { // Check if the customer has supplementary services configured // with application originated SMS option activated $supplSrv = \Application\Service\SupplServicesService::getInstance(); try { if ($orgService->getTypeById($role->getOrganizationId()) == OrgAggregatorModel::ORG_TYPE) { $services = $supplSrv->load($org->getSupplementaryServicesId(), $org); } else { $services = $supplSrv->load($org->getSupplementaryServicesId()); } } catch (\Exception $e) { \App::log()->warn($e); return False; } if ($services && $services->advancedSupervision == SupplServicesModel::ST_ACTIVATED) { return true; } } return false; }
/** * This assertion should receive the actual User objects. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $user * @param Zend_Acl_Resource_Interface $model * @param $privilege * @return bool */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $user = null, Zend_Acl_Resource_Interface $model = null, $privilege = null) { if ($user) { $presentations = $user->getMyPresentations(); } else { return false; } $param = Zend_Controller_Front::getInstance()->getRequest()->getParam('id', null); if (!$param) { return false; } // get presentation_id $presentation = $model->getResource('presentationsusers')->getItemById($param)->presentation_id; // perform check if ($presentation !== null && in_array((int) $presentation, $presentations, true)) { return true; } else { return false; } }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param null $privilege * @return bool * @throws Exception */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof \Application\Model\UserModel) { throw new Exception('Role must be an instance of UserModel'); } $org = $role->getOrganization(); if ($org instanceof \Application\Model\Organization\OrgServiceProviderModel) { $orgConfigValidator = new App_Acl_Assert_OrgConfig(array('key' => OrgConfigModel::ORG_CONFIG_LTE_ENABLED, 'value' => true)); return $orgConfigValidator->assert($acl, $role, $resource, $privilege); } else { if ($org instanceof \Application\Model\Organization\OrgCustomerModel) { return $org->lteEnabled; } } return false; }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof Model\UserModel) { throw new Exception('Role must be an instance of UserModel'); } $orgId = $role->getOrganizationId(); switch (true) { case $resource instanceof OrgModelAbstract: $parent = OrgService::getInstance()->load($resource->getParentId()); if ($parent) { return $orgId === $parent->getParentId(); } return false; } throw new Exception('Resource must be an instance of OrgModelAbstract'); }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } $orgId = $role->getOrganizationId(); $org = Service\OrgService::getInstance()->load($orgId); if (!$org) { return false; } switch (true) { case $resource instanceof Model\ServicePackModel: return $org->getParentId() === $resource->getServiceProvider(); } throw new Exception('Resource must be an instance of ServicePack'); }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } if (!$resource instanceof SimModel) { throw new Exception('Resource must be a sim'); } $org = $resource->getCustomer(); if (!$org) { $org = $role->getOrganization(); if (!$org instanceof OrgCustomerModel) { return false; } } return $org ? $org->timeAndConsumptionVoucherIsEnabled : false; }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } if ($resource instanceof WatcherModel) { if ($role instanceof \Application\Model\CurrentUserModel && $role->isApiAuthUser()) { return $role->apiId == $resource->owner; } return $role->id === $resource->owner; } if ($resource instanceof UserConfigModel) { return $role->id === $resource->userId; } if (!$resource instanceof UserModel) { throw new Exception('Resource must be an instance of UserModel'); } return $role->getId() === $resource->getId(); }
/** * Returns the rules associated with a Resource and a Role, or null if no such rules exist * * If either $resource or $role is null, this means that the rules returned are for all Resources or all Roles, * respectively. Both can be null to return the default rule set for all Resources and all Roles. * * If the $create parameter is true, then a rule set is first created and then returned to the caller. * * @param Zend_Acl_Resource_Interface $resource * @param Zend_Acl_Role_Interface $role * @param boolean $create * @return array|null */ protected function &_getRules(Zend_Acl_Resource_Interface $resource = null, Zend_Acl_Role_Interface $role = null, $create = false) { // create a reference to null $null = null; $nullRef =& $null; // follow $resource do { if (null === $resource) { $visitor =& $this->_rules['allResources']; break; } $resourceId = $resource->getResourceId(); if (!isset($this->_rules['byResourceId'][$resourceId])) { if (!$create) { return $nullRef; } $this->_rules['byResourceId'][$resourceId] = array(); } $visitor =& $this->_rules['byResourceId'][$resourceId]; } while (false); // follow $role if (null === $role) { if (!isset($visitor['allRoles'])) { if (!$create) { return $nullRef; } $visitor['allRoles']['byPrivilegeId'] = array(); } return $visitor['allRoles']; } $roleId = $role->getRoleId(); if (!isset($visitor['byRoleId'][$roleId])) { if (!$create) { return $nullRef; } $visitor['byRoleId'][$roleId]['byPrivilegeId'] = array(); $visitor['byRoleId'][$roleId]['allPrivileges'] = array('type' => null, 'assert' => null); } return $visitor['byRoleId'][$roleId]; }
/** * Returns true if and only if the Role exists in the registry * * The $role parameter can either be a Role or a Role identifier. * * @param Zend_Acl_Role_Interface|string $role * @return boolean */ public function has($role) { if ($role instanceof Zend_Acl_Role_Interface) { $roleId = $role->getRoleId(); } else { $roleId = (string) $role; } return isset($this->_roles[$roleId]); }
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { global $db; //If asserting is off then return true right away if (isset($resource->assert) && $resource->assert == false || isset($acl->_entrada_last_query) && isset($acl->_entrada_last_query->assert) && $acl->_entrada_last_query->assert == false) { return true; } if (isset($resource->eform_id)) { $eform_id = $resource->eform_id; } else { if (isset($acl->_entrada_last_query->eform_id)) { $eform_id = $acl->_entrada_last_query->eform_id; } else { //Parse out the user ID and course ID $resource_id = $resource->getResourceId(); $resource_type = preg_replace('/[0-9]+/', "", $resource_id); if ($resource_type !== "evaluationform") { //This only asserts for users authoring evaluation forms. return false; } $eform_id = preg_replace('/[^0-9]+/', "", $resource_id); } } $role_id = $role->getRoleId(); $access_id = preg_replace('/[^0-9]+/', "", $role_id); $query = "SELECT `user_id` FROM `" . AUTH_DATABASE . "`.`user_access`\n\t\t\t\t\tWHERE `id` = " . $db->qstr($access_id); $user_id = $db->GetOne($query); if (!isset($user_id) || !$user_id) { $role_id = $acl->_entrada_last_query_role->getRoleId(); $access_id = preg_replace('/[^0-9]+/', "", $role_id); $query = "SELECT `user_id` FROM `" . AUTH_DATABASE . "`.`user_access`\n\t\t\t\t\t\tWHERE `id` = " . $db->qstr($access_id); $user_id = $db->GetOne($query); } $permissions = Models_Evaluation::getFormAuthorPermissions($eform_id); if ($permissions) { return true; } else { return false; } }
/** * Removes the Role from the registry * * The $role parameter can either be a Role or a Role identifier. * * @param Zend_Acl_Role_Interface|string $role * @uses Zend_Acl::removeRole() * @return Zend_Acl Provides a fluent interface */ public function removeRole($role) { if ($this->hasCachingAdapter()) { $this->_checkCaching(); } $roleId = $role instanceof Zend_Acl_Role_Interface ? $role->getRoleId() : (string) $role; $this->_setRoleUnloaded($roleId); $arrRoles = $this->_getAdapter()->removeRole($roleId); foreach ($arrRoles as $role) { if ($this->hasRole($role) && $role != $roleId) { parent::removeRole($role); } if ($this->hasRoleLoaded($role)) { $this->_setRoleUnloaded($role); } //Zum Cachen freigeben if ($this->hasCachingAdapter()) { $this->_getCachingAdapter()->change($role, null); } } //Zum Cachen freigeben: if ($this->hasCachingAdapter()) { $this->_getCachingAdapter()->change($roleId, null); } return parent::removeRole($roleId); }
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { if (ProfileTable::PUBLIC_FLAG_FRIEND == $resource->getPublicFlag()) { return 'self' === $role->getRoleId() || 'friend' === $role->getRoleId(); } if (ProfileTable::PUBLIC_FLAG_PRIVATE == $resource->getPublicFlag()) { return 'self' === $role->getRoleId(); } return true; }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } $orgId = $role->getOrganizationId(); switch (true) { case $resource instanceof OrgModelAbstract: return $orgId === $resource->getId(); case $resource instanceof UserModel: case $resource instanceof TemplateModel: return $orgId === $resource->getOrganizationId(); case $resource instanceof Async\Model\AsyncResponse: $cOrgId = \Application\Model\Mapper\OrganizationMapper::cleanOrgId($orgId); return $orgId === $resource->getOrganizationId() || $cOrgId === $resource->getOrganizationId(); case $resource instanceof Model\TariffPlanLifeCycleModel: case $resource instanceof Model\TariffPlanServicesModel: case $resource instanceof Model\RestrictionModel: case $resource instanceof Model\ServicePackModel: $orgType = Model\Mapper\OrganizationMapper::getTypeByOrgId($orgId); switch ($orgType) { case Model\Organization\OrgServiceProviderModel::ORG_TYPE: return $orgId === $resource->getServiceProviderId(); case Model\Organization\OrgCustomerModel::ORG_TYPE: // $spList = Service\ServicePackService::getInstance()->listAll(); // foreach ($spList->getItems() as $sp) { // if ($sp->getId() === $resource->getId()) { // return true; // } // } /* * There is no way to know if only one ServicePack is assigned to a customer, * only retrieving all servicePacks assigned. It is too much slow. In Ericsson we trust. */ return true; default: return false; } case $resource instanceof Model\SupplServicesModel: return $orgId === $resource->getServiceProviderId() || $orgId === $resource->getCustomerId(); case $resource instanceof Model\CommercialGroupModel: case $resource instanceof Model\SupervisionGroupModel: return $orgId === $resource->getCustomerId(); case $resource instanceof SimModel: /** @var $resource \Application\Model\SimModel */ return $orgId === $resource->getMasterId() || $orgId === $resource->getServiceProviderCommercialId() || $orgId === $resource->getServiceProviderEnablerId() || $orgId === $resource->getAggregatorId() || $orgId === $resource->getCustomerId() || $orgId === $resource->getEndUserId(); case $resource instanceof Model\ReportModel: $params = $resource->getParams(); if (isset($params['orgId']) && !empty($params['orgId'])) { return $orgId === $params['orgId']; } else { return true; } } throw new Exception('Resource must be an instance of OrgModelAbstract, UserModel or SimModel'); }
protected function &_getRules($type, $name, Zend_Acl_Role_Interface $role = null, $create = false) { // create a reference to null $null = null; $nullRef =& $null; // follow $resource do { if (null === $name) { $visitor =& $this->_rules['all' . $type . 's']; break; } if (!isset($this->_rules['by' . $type . 'Id'][$name])) { if (!$create) { return $nullRef; } $this->_rules['by' . $type . 'Id'][$name] = array(); } $visitor =& $this->_rules['by' . $type . 'Id'][$name]; } while (false); // follow $role if (null === $role) { if (!isset($visitor['allRoles'])) { if (!$create) { return $nullRef; } $visitor['allRoles'] = array(); } return $visitor['allRoles']; } $roleId = $role->getRoleId(); if (!isset($visitor['byRoleId'][$roleId])) { if (!$create) { return $nullRef; } $visitor['byRoleId'][$roleId] = array(); } return $visitor['byRoleId'][$roleId]; }