/**
* Initialize the ACL object, checking for user types and user roles
*
* @return void
*/
protected function initAcl()
{
// Get the user type from either session or the URI
$sess = \Pop\Web\Session::getInstance();
$type = str_replace(BASE_PATH, '', $_SERVER['REQUEST_URI']);
// If the URI matches the system user URI
if (substr($type, 0, strlen(APP_URI)) == APP_URI) {
$type = 'user';
// Else, set user type
} else {
$type = substr($type, 1);
if (strpos($type, '/') !== false) {
$type = substr($type, 0, strpos($type, '/'));
}
}
// Create the type object and pass it to the Acl object
if (isset($sess->user->type_id)) {
$typeObj = \Phire\Table\UserTypes::findById($sess->user->type_id);
} else {
$typeObj = \Phire\Table\UserTypes::findBy(array('type' => $type));
}
$this->getService('acl')->setType($typeObj);
// Set the roles for this user type in the Acl object
$perms = \Phire\Table\UserRoles::getAllRoles($typeObj->id);
if (count($perms['roles']) > 0) {
foreach ($perms['roles'] as $role) {
$this->getService('acl')->addRole($role);
}
}
// Set up the ACL object's resources and permissions
if (count($perms['resources']) > 0) {
foreach ($perms['resources'] as $role => $perm) {
if (count($perm['allow']) > 0) {
foreach ($perm['allow'] as $resource => $p) {
$this->getService('acl')->addResource($resource);
if (count($p) > 0) {
$this->getService('acl')->allow($role, $resource, $p);
} else {
$this->getService('acl')->allow($role, $resource);
}
}
} else {
$this->getService('acl')->allow($role);
}
if (count($perm['deny']) > 0) {
foreach ($perm['deny'] as $resource => $p) {
$this->getService('acl')->addResource($resource);
if (count($p) > 0) {
$this->getService('acl')->deny($role, $resource, $p);
} else {
$this->getService('acl')->deny($role, $resource);
}
}
}
}
}
}
