/** * Manage permissions */ protected function adminPermissions() { $resource = new \core_kernel_classes_Resource($this->getRequestParameter('id')); $accessRights = AdminService::getUsersPermissions($resource->getUri()); $userList = $this->getUserList(); $roleList = $this->getRoleList(); $this->setData('privileges', PermissionProvider::getRightLabels()); $userData = array(); foreach (array_keys($accessRights) as $uri) { if (isset($userList[$uri])) { $userData[$uri] = array('label' => $userList[$uri], 'isRole' => false); unset($userList[$uri]); } elseif (isset($roleList[$uri])) { $userData[$uri] = array('label' => $roleList[$uri], 'isRole' => true); unset($roleList[$uri]); } else { \common_Logger::d('unknown user ' . $uri); } } $this->setData('users', $userList); $this->setData('roles', $roleList); $this->setData('userPrivileges', $accessRights); $this->setData('userData', $userData); $this->setData('uri', $resource->getUri()); $this->setData('label', _dh($resource->getLabel())); $this->setView('AdminAccessController/index.tpl'); }
/** * (non-PHPdoc) * @see \oat\generis\model\data\PermissionInterface::onResourceCreated() */ public function onResourceCreated(\core_kernel_classes_Resource $resource) { $dbAccess = new DataBaseAccess(); // test if class $class = new \core_kernel_classes_Class($resource); foreach (array_merge($resource->getTypes(), $class->getParentClasses()) as $parent) { foreach (AdminService::getUsersPermissions($parent->getUri()) as $userUri => $rights) { $dbAccess->addPermissions($userUri, $resource->getUri(), $rights); } } }
/** * * @param string $currentVersion * @return string $versionUpdatedTo */ public function update($initialVersion) { $currentVersion = $initialVersion; if ($currentVersion == '1.0') { $impl = new PermissionProvider(); // add read access to Items $class = new \core_kernel_classes_Class(TAO_ITEM_CLASS); AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, array('READ')); // add backoffice user rights to Tests $class = new \core_kernel_classes_Class(TAO_TEST_CLASS); AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, $impl->getSupportedRights()); $currentVersion = '1.0.1'; } return $currentVersion; }
/** * (non-PHPdoc) * @see \oat\generis\model\data\PermissionInterface::onResourceCreated() */ public function onResourceCreated(\core_kernel_classes_Resource $resource) { $dbAccess = new DataBaseAccess(); // verify resource is created $permissions = $dbAccess->getResourcePermissions($resource->getUri()); if (empty($permissions)) { // treat resources as classes without parent classes $class = new \core_kernel_classes_Class($resource); foreach (array_merge($resource->getTypes(), $class->getParentClasses()) as $parent) { foreach (AdminService::getUsersPermissions($parent->getUri()) as $userUri => $rights) { $dbAccess->addPermissions($userUri, $resource->getUri(), $rights); } } } }
/** * * @param string $currentVersion * @return string $versionUpdatedTo */ public function update($initialVersion) { $currentVersion = $initialVersion; if ($currentVersion == '1.0') { $impl = new PermissionProvider(); // add read access to Items $class = new \core_kernel_classes_Class(TAO_ITEM_CLASS); AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, array('READ')); // add backoffice user rights to Tests $class = new \core_kernel_classes_Class(TAO_TEST_CLASS); AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, $impl->getSupportedRights()); $currentVersion = '1.0.1'; } if ($currentVersion == '1.0.1') { $currentVersion = '1.0.2'; } if ($currentVersion == '1.0.2') { $taoClass = new \core_kernel_classes_Class(TAO_OBJECT_CLASS); $classAdmin = new AdminAction(); ClassActionRegistry::getRegistry()->registerAction($taoClass, $classAdmin); $currentVersion = '1.1'; } if ($currentVersion == '1.1') { $classesToAdd = array(new \core_kernel_classes_Class(CLASS_GENERIS_USER), new \core_kernel_classes_Class(CLASS_ROLE)); // add admin to new instances $classAdmin = new AdminAction(); foreach ($classesToAdd as $class) { ClassActionRegistry::getRegistry()->registerAction($class, $classAdmin); } // add base permissions to new classes $taoClass = new \core_kernel_classes_Class(TAO_OBJECT_CLASS); foreach ($taoClass->getSubClasses(false) as $class) { if (!in_array($class->getUri(), array(TAO_ITEM_CLASS, TAO_TEST_CLASS))) { $classesToAdd[] = $class; } } $rights = PermissionManager::getPermissionModel()->getSupportedRights(); foreach ($classesToAdd as $class) { if (count(AdminService::getUsersPermissions($class->getUri())) == 0) { AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, $rights); } else { \common_Logger::w('Unexpected rights present for ' . $class->getUri()); } } $currentVersion = '1.2.0'; } return $currentVersion; }
/** * Manage permissions * @requiresRight id GRANT */ public function adminPermissions() { $resource = new \core_kernel_classes_Resource($this->getRequestParameter('id')); $accessRights = AdminService::getUsersPermissions($resource->getUri()); $this->setData('privileges', PermissionProvider::getRightLabels()); $users = array(); $roles = array(); foreach ($accessRights as $uri => $privileges) { $identity = new \core_kernel_classes_Resource($uri); if ($identity->isInstanceOf(\tao_models_classes_RoleService::singleton()->getRoleClass())) { $roles[$uri] = array('label' => $identity->getLabel(), 'privileges' => $privileges); } else { $users[$uri] = array('label' => $identity->getLabel(), 'privileges' => $privileges); } } $this->setData('users', $users); $this->setData('roles', $roles); $this->setData('isClass', $resource->isClass()); $this->setData('uri', $resource->getUri()); $this->setData('label', _dh($resource->getLabel())); $this->setView('AdminAccessController/index.tpl'); }
* You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * * Copyright (c) 2013 (original work) Open Assessment Technologies SA (under the project TAO-PRODUCT); * * */ use oat\taoDacSimple\model\DataBaseAccess; use oat\generis\model\data\permission\PermissionManager; use oat\taoDacSimple\model\PermissionProvider; use oat\taoDacSimple\model\AdminService; $persistence = common_persistence_Manager::getPersistence('default'); $schemaManager = $persistence->getDriver()->getSchemaManager(); $schema = $schemaManager->createSchema(); $fromSchema = clone $schema; $table = $schema->createtable(DataBaseAccess::TABLE_PRIVILEGES_NAME); $table->addColumn('user_id', "string", array("notnull" => null, "length" => 255)); $table->addColumn('resource_id', "string", array("notnull" => null, "length" => 255)); $table->addColumn('privilege', "string", array("notnull" => null, "length" => 255)); $table->setPrimaryKey(array("user_id", "resource_id", "privilege")); $queries = $persistence->getPlatform()->getMigrateSchemaSql($fromSchema, $schema); foreach ($queries as $query) { $persistence->exec($query); } $impl = new PermissionProvider(); PermissionManager::setPermissionModel($impl); $rights = $impl->getSupportedRights(); foreach (PermissionProvider::getSupportedRootClasses() as $class) { AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, $rights); }