/** * Create role for provided user of provided type * * @param int $parentId * @param ModelUser $user * @return void */ protected function _createUserRole($parentId, ModelUser $user) { if ($parentId > 0) { /** @var \Magento\Authorization\Model\Role $parentRole */ $parentRole = $this->_roleFactory->create()->load($parentId); } else { $role = new \Magento\Framework\DataObject(); $role->setTreeLevel(0); } if ($parentRole->getId()) { $data = new \Magento\Framework\DataObject( [ 'parent_id' => $parentRole->getId(), 'tree_level' => $parentRole->getTreeLevel() + 1, 'sort_order' => 0, 'role_type' => RoleUser::ROLE_TYPE, 'user_id' => $user->getId(), 'user_type' => UserContextInterface::USER_TYPE_ADMIN, 'role_name' => $user->getFirstname(), ] ); $insertData = $this->_prepareDataForTable($data, $this->getTable('authorization_role')); $this->getConnection()->insert($this->getTable('authorization_role'), $insertData); $this->_aclCache->clean(); } }
/** * Build Access Control List * * @return \Magento\Framework\Acl * @throws \LogicException */ public function getAcl() { try { if ($this->_cache->has()) { $this->_acl = $this->_cache->get(); } else { $this->_acl = $this->_aclFactory->create(); foreach ($this->_loaderPool as $loader) { $loader->populateAcl($this->_acl); } $this->_cache->save($this->_acl); } } catch (\Exception $e) { throw new \LogicException('Could not create acl object: ' . $e->getMessage()); } return $this->_acl; }
/** * Create role for provided user of provided type * * @param int $parentId * @param ModelUser $user * @return void */ protected function _createUserRole($parentId, ModelUser $user) { if ($parentId > 0) { /** @var \Magento\User\Model\Role $parentRole */ $parentRole = $this->_roleFactory->create()->load($parentId); } else { $role = new \Magento\Framework\Object(); $role->setTreeLevel(0); } if ($parentRole->getId()) { $data = new \Magento\Framework\Object(array('parent_id' => $parentRole->getId(), 'tree_level' => $parentRole->getTreeLevel() + 1, 'sort_order' => 0, 'role_type' => RoleUser::ROLE_TYPE, 'user_id' => $user->getId(), 'role_name' => $user->getFirstname())); $insertData = $this->_prepareDataForTable($data, $this->getTable('admin_role')); $this->_getWriteAdapter()->insert($this->getTable('admin_role'), $insertData); $this->_aclCache->clean(); } }
/** * Save ACL resources * * @param \Magento\Authorization\Model\Rules $rule * @return void * @throws \Magento\Framework\Exception\LocalizedException */ public function saveRel(\Magento\Authorization\Model\Rules $rule) { try { $connection = $this->getConnection(); $connection->beginTransaction(); $roleId = $rule->getRoleId(); $condition = ['role_id = ?' => (int) $roleId]; $connection->delete($this->getMainTable(), $condition); $postedResources = $rule->getResources(); if ($postedResources) { $row = ['resource_id' => $this->_rootResource->getId(), 'privileges' => '', 'role_id' => $roleId, 'permission' => 'allow']; // If all was selected save it only and nothing else. if ($postedResources === [$this->_rootResource->getId()]) { $insertData = $this->_prepareDataForTable(new \Magento\Framework\DataObject($row), $this->getMainTable()); $connection->insert($this->getMainTable(), $insertData); } else { /** Give basic admin permissions to any admin */ $postedResources[] = \Magento\Backend\App\AbstractAction::ADMIN_RESOURCE; $acl = $this->_aclBuilder->getAcl(); /** @var $resource \Magento\Framework\Acl\AclResource */ foreach ($acl->getResources() as $resourceId) { $row['permission'] = in_array($resourceId, $postedResources) ? 'allow' : 'deny'; $row['resource_id'] = $resourceId; $insertData = $this->_prepareDataForTable(new \Magento\Framework\DataObject($row), $this->getMainTable()); $connection->insert($this->getMainTable(), $insertData); } } } $connection->commit(); $this->_aclCache->clean(); } catch (\Magento\Framework\Exception\LocalizedException $e) { $connection->rollBack(); throw $e; } catch (\Exception $e) { $connection->rollBack(); $this->_logger->critical($e); } }
/** * Save ACL resources * * @param \Magento\User\Model\Rules $rule * @return void * @throws \Magento\Framework\Model\Exception */ public function saveRel(\Magento\User\Model\Rules $rule) { try { $adapter = $this->_getWriteAdapter(); $adapter->beginTransaction(); $roleId = $rule->getRoleId(); $condition = array('role_id = ?' => (int) $roleId); $adapter->delete($this->getMainTable(), $condition); $postedResources = $rule->getResources(); if ($postedResources) { $row = array('resource_id' => $this->_rootResource->getId(), 'privileges' => '', 'role_id' => $roleId, 'permission' => 'allow'); // If all was selected save it only and nothing else. if ($postedResources === array($this->_rootResource->getId())) { $insertData = $this->_prepareDataForTable(new \Magento\Framework\Object($row), $this->getMainTable()); $adapter->insert($this->getMainTable(), $insertData); } else { $acl = $this->_aclBuilder->getAcl(); /** @var $resource \Magento\Framework\Acl\Resource */ foreach ($acl->getResources() as $resourceId) { $row['permission'] = in_array($resourceId, $postedResources) ? 'allow' : 'deny'; $row['resource_id'] = $resourceId; $insertData = $this->_prepareDataForTable(new \Magento\Framework\Object($row), $this->getMainTable()); $adapter->insert($this->getMainTable(), $insertData); } } } $adapter->commit(); $this->_aclCache->clean(); } catch (\Magento\Framework\Model\Exception $e) { $adapter->rollBack(); throw $e; } catch (\Exception $e) { $adapter->rollBack(); $this->_logger->logException($e); } }