/** * Initialize the ACL object, checking for user types and user roles * * @return void */ protected function initAcl() { // Get the user type from either session or the URI $sess = \Pop\Web\Session::getInstance(); $type = str_replace(BASE_PATH, '', $_SERVER['REQUEST_URI']); // If the URI matches the system user URI if (substr($type, 0, strlen(APP_URI)) == APP_URI) { $type = 'user'; // Else, set user type } else { $type = substr($type, 1); if (strpos($type, '/') !== false) { $type = substr($type, 0, strpos($type, '/')); } } // Create the type object and pass it to the Acl object if (isset($sess->user->type_id)) { $typeObj = \Phire\Table\UserTypes::findById($sess->user->type_id); } else { $typeObj = \Phire\Table\UserTypes::findBy(array('type' => $type)); } $this->getService('acl')->setType($typeObj); // Set the roles for this user type in the Acl object $perms = \Phire\Table\UserRoles::getAllRoles($typeObj->id); if (count($perms['roles']) > 0) { foreach ($perms['roles'] as $role) { $this->getService('acl')->addRole($role); } } // Set up the ACL object's resources and permissions if (count($perms['resources']) > 0) { foreach ($perms['resources'] as $role => $perm) { if (count($perm['allow']) > 0) { foreach ($perm['allow'] as $resource => $p) { $this->getService('acl')->addResource($resource); if (count($p) > 0) { $this->getService('acl')->allow($role, $resource, $p); } else { $this->getService('acl')->allow($role, $resource); } } } else { $this->getService('acl')->allow($role); } if (count($perm['deny']) > 0) { foreach ($perm['deny'] as $resource => $p) { $this->getService('acl')->addResource($resource); if (count($p) > 0) { $this->getService('acl')->deny($role, $resource, $p); } else { $this->getService('acl')->deny($role, $resource); } } } } } }