protected function loadMigrated() { $db = $this->db; isset($this->sql[$sqlKey = 'load_migrated']) or $this->sql[$sqlKey] = strtr('SELECT * FROM `table`', ['`table`' => $db->escapeIdentifier($this->table)]); $this->rawMigrated = $this->db->fetchAll($this->sql[$sqlKey]); foreach ($this->rawMigrated as $row) { $this->migrated[$row['file']] = $row['run_at']; } return $this; }
/** * Check whether a role is allowed to access an action from a resource * * <code> * //Does Andres have access to the customers resource to create? * $acl->isAllowed('Andres', 'Products', 'create'); * * //Do guests have access to any resource to edit? * $acl->isAllowed('guests', '*', 'edit'); * </code> * * @param string $roleName * @param string $resourceName * @param mixed $accessName * @return boolean */ public function isAllowed($roleName, $resourceName, $accessName) { $exists = $this->_db->fetchOne('SELECT id FROM ' . $this->_options['roles'] . " WHERE name = ?", null, [$roleName]); if (!array_key_exists(0, $exists)) { throw new \Engine\Exception("Role '" . $roleName . "' does not exist in ACL"); } $roleId = $exists[0]; $exists = $this->_db->fetchOne('SELECT id FROM ' . $this->_options['resources'] . " WHERE name = ?", null, [$resourceName]); if (!$exists[0]) { throw new \Engine\Exception("Resource '" . $resourceName . "' does not exist in ACL"); } $resourceId = $exists[0]; $sql = 'SELECT id FROM ' . $this->_options['resourcesAccesses'] . " WHERE resource_id = ? AND name = ?"; $exists = $this->_db->fetchOne($sql, null, [$resourceId, $accessName]); if (!$exists[0]) { throw new \Engine\Exception("Access '" . $accessName . "' does not exist in resource '" . $resourceName . "' in ACL"); } $accessId = $exists[0]; $sql = 'SELECT id FROM ' . $this->_options['resourcesAccesses'] . " WHERE resource_id = ? AND name = ?"; $exists = $this->_db->fetchOne($sql, null, [$resourceId, '*']); if (!$exists[0]) { throw new \Engine\Exception("Access '*' does not exist in resource '" . $resourceName . "' in ACL"); } $accessIdZero = $exists[0]; /** * Check if there is a specific rule for that resource/access */ $sql = 'SELECT allowed FROM ' . $this->_options['accessList'] . " WHERE role_id = ? AND resource_id = ? AND access_id = ?"; $allowed = $this->_db->fetchOne($sql, \Phalcon\Db::FETCH_NUM, [$roleId, $resourceId, $accessId]); if (is_array($allowed)) { return (int) $allowed[0]; } /** * Check if there is an common rule for that resource */ /*$sql = 'SELECT COUNT(*) FROM '.$this->_options['accessList']." WHERE role_id = ? AND resource_id = ? AND access_id = ?"; $allowed = $this->_db->fetchOne($sql, \Phalcon\Db::FETCH_NUM, [$roleId, $resourceId, $accessIdZero]); if (is_array($allowed)) { return (int) $allowed[0]; }*/ $sql = 'SELECT inherit_role_id FROM ' . $this->_options['rolesInherits'] . ' WHERE role_id = ?'; $inheritedRoles = $this->_db->fetchAll($sql, \Phalcon\Db::FETCH_NUM, [$roleId]); /** * Check inherited roles for a specific rule */ foreach ($inheritedRoles as $row) { $sql = 'SELECT allowed FROM ' . $this->_options['accessList'] . " WHERE role_id = ? AND resource_id = ? AND access_id = ?"; $allowed = $this->_db->fetchOne($sql, \Phalcon\Db::FETCH_NUM, [$row[0], $resourceId, $accessId]); if (is_array($allowed)) { return (int) $allowed[0]; } } /** * Check if there is a common rule for that access */ $exists = $this->_db->fetchOne('SELECT id FROM ' . $this->_options['resources'] . " WHERE name = ?", null, ['*']); if (!$exists[0]) { throw new \Engine\Exception("Resource '*' does not exist in ACL"); } $resourceIdZero = $exists[0]; $sql = 'SELECT allowed FROM ' . $this->_options['accessList'] . " WHERE role_id = ? AND resource_id = ? AND access_id = ?"; $allowed = $this->_db->fetchOne($sql, \Phalcon\Db::FETCH_NUM, [$roleId, $resourceIdZero, $accessId]); if (is_array($allowed)) { return (int) $allowed[0]; } /** * Return the default access action */ return $this->_defaultAccess; }