ACL Extension  0.3
 All Data Structures Namespaces Files Functions Variables
PmAro.php
Go to the documentation of this file.
1 <?php
2 
17 class PmAro extends PmAclObject
18 {
19 
26  public function grant($obj, $actions){
27  $obj = $this->loadObject($obj, 'Aco');
28  $actions = Action::translateActions($obj, $actions);
29 
30  $aroNodes = $this->getNodes();
31  $acoNodes = $obj->getNodes();
32 
33  foreach($actions as $action){
34  //First check: does that already exist?
35 
38 
39  $action = Action::model()->find('name = :name', array(':name' => $action));
40 
41  if($action === NULL)
42  throw new RuntimeException('Invalid action');
43 
44  $permission = Permission::model()->find('action_id = :action_id AND aco_id '.$acoIn.' AND aro_id '.$aroIn,
45  array(':action_id' => $action->id));
46  //Only grant if it's not yet granted
47  if($permission === NULL){
48  foreach($aroNodes as $aroNode){
49  foreach($acoNodes as $acoNode){
50 
51  $perm = new Permission();
52  $perm->aro_id = $aroNode->id;
53  $perm->aro_path = $aroNode->getOwnPath();
54  $perm->aco_id = $acoNode->id;
55  $perm->aco_path = $acoNode->getOwnPath();
56  $perm->action_id = $action->id;
57 
58  if(!$perm->save())
59  throw new RuntimeException('Unable to grant permission of '.$action->name.' from '
60  .$aroNode->id.' to '.$acoNode->id);
61  }
62  }
63  }
64 
65  }
66  }
67 
74  public function deny($obj, $actions){
75  $obj = $this->loadObject($obj, 'Aco');
76  $actions = Action::translateActions($obj, $actions);
77 
78  $aroNodes = $this->getNodes();
79  $acoNodes = $obj->getNodes();
80 
83 
84  foreach($actions as $action){
85 
86  $action = Action::model()->find('name = :name', array(':name' => $action));
87 
88  if($action === NULL)
89  throw new RuntimeException('Invalid action');
90 
91  //Now, delete all the rows
92  $suc = Permission::model()->deleteAll('aco_id '.$acoIn.' AND aro_id '.$aroIn.' AND action_id = :action_id',
93  array(':action_id' => $action->id));
94 
95  if($suc === false)
96  throw new RuntimeException('Unabel to deny permission '.$action->id.' of '.$this->id.' to '.$obj->id);
97  }
98  }
99 
107  public function may($obj, $actions){
108  $obj = $this->loadObject($obj, 'Aco');
109  $actions = Action::translateActions($obj, $actions);
110 
111  $aroPaths = $this->getPaths();
112  $aroCondition = $this->addPositionCheck($aroPaths, 'aro');
113 
114  $acoPaths = $obj->getPaths();
115  $acoCondition = $this->addPositionCheck($acoPaths, 'aco');
116 
117  foreach($actions as $action){
118  //First fetch the action
119  $action = Action::model()->find('name = :name', array(':name' => $action));
120  if($action === NULL)
121  throw new RuntimeException('Invalid action');
122 
123  //An action which is not possible is never allowed
124  if(isset($obj::$possibleActions) && !in_array($action, $possibleActions))
125  return false;
126 
127  $perm = Permission::model()->find('action_id = :action_id AND '.$aroCondition.' AND '.$acoCondition,
128  array(':action_id' => $action->id));
129 
130  if($perm === NULL)
131  return false;
132  }
133 
134  return true;
135  }
136 
142  public static function model($className=__CLASS__)
143  {
144  return parent::model($className);
145  }
146 
150  public function tableName()
151  {
152  return '{{aro_collection}}';
153  }
154 
158  public function rules()
159  {
160  // NOTE: you should only define rules for those attributes that
161  // will receive user inputs.
162  return array(
163  );
164  }
165 
169  public function relations()
170  {
171  // NOTE: you may need to adjust the relation name and the related
172  // class name for the relations automatically generated below.
173  return array(
174  'aroNodes' => array(static::HAS_MANY, 'PmAroNode', 'collection_id'),
175  'permissions' => array(static::HAS_MANY, 'Permission', 'aro_id')
176  );
177  }
178 
182  public function attributeLabels()
183  {
184  return array(
185  'id' => 'ID',
186  'alias' => 'Alias',
187  'model' => 'Model',
188  'foreign_key' => 'Foreign Key',
189  'created' => 'Created'
190  );
191  }
192 }
193 ?>