File code/core/Mage/Admin/Model/Resource/Acl.php

  1: <?php
  2: /**
  3:  * Magento
  4:  *
  5:  * NOTICE OF LICENSE
  6:  *
  7:  * This source file is subject to the Open Software License (OSL 3.0)
  8:  * that is bundled with this package in the file LICENSE.txt.
  9:  * It is also available through the world-wide-web at this URL:
 10:  * http://opensource.org/licenses/osl-3.0.php
 11:  * If you did not receive a copy of the license and are unable to
 12:  * obtain it through the world-wide-web, please send an email
 13:  * to license@magentocommerce.com so we can send you a copy immediately.
 14:  *
 15:  * DISCLAIMER
 16:  *
 17:  * Do not edit or add to this file if you wish to upgrade Magento to newer
 18:  * versions in the future. If you wish to customize Magento for your
 19:  * needs please refer to http://www.magentocommerce.com for more information.
 20:  *
 21:  * @category    Mage
 22:  * @package     Mage_Admin
 23:  * @copyright   Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
 24:  * @license     http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
 25:  */
 26: 
 27: 
 28: /**
 29:  * Resource model for admin ACL
 30:  *
 31:  * @category    Mage
 32:  * @package     Mage_Admin
 33:  * @author      Magento Core Team <core@magentocommerce.com>
 34:  */
 35: class Mage_Admin_Model_Resource_Acl extends Mage_Core_Model_Resource_Db_Abstract
 36: {
 37:     const ACL_ALL_RULES = 'all';
 38: 
 39:     /**
 40:      * Initialize resource
 41:      *
 42:      */
 43:     protected function _construct()
 44:     {
 45:         $this->_init('admin/role', 'role_id');
 46:     }
 47: 
 48:     /**
 49:      * Load ACL for the user
 50:      *
 51:      * @return Mage_Admin_Model_Acl
 52:      */
 53:     public function loadAcl()
 54:     {
 55:         $acl = Mage::getModel('admin/acl');
 56: 
 57:         Mage::getSingleton('admin/config')->loadAclResources($acl);
 58: 
 59:         $roleTable   = $this->getTable('admin/role');
 60:         $ruleTable   = $this->getTable('admin/rule');
 61:         $assertTable = $this->getTable('admin/assert');
 62: 
 63:         $adapter = $this->_getReadAdapter();
 64: 
 65:         $select = $adapter->select()
 66:             ->from($roleTable)
 67:             ->order('tree_level');
 68: 
 69:         $rolesArr = $adapter->fetchAll($select);
 70: 
 71:         $this->loadRoles($acl, $rolesArr);
 72: 
 73:         $select = $adapter->select()
 74:             ->from(array('r' => $ruleTable))
 75:             ->joinLeft(
 76:                 array('a' => $assertTable),
 77:                 'a.assert_id = r.assert_id',
 78:                 array('assert_type', 'assert_data')
 79:             );
 80: 
 81:         $rulesArr = $adapter->fetchAll($select);
 82: 
 83:         $this->loadRules($acl, $rulesArr);
 84: 
 85:         return $acl;
 86:     }
 87: 
 88:     /**
 89:      * Load roles
 90:      *
 91:      * @param Mage_Admin_Model_Acl $acl
 92:      * @param array $rolesArr
 93:      * @return Mage_Admin_Model_Resource_Acl
 94:      */
 95:     public function loadRoles(Mage_Admin_Model_Acl $acl, array $rolesArr)
 96:     {
 97:         foreach ($rolesArr as $role) {
 98:             $parent = ($role['parent_id'] > 0) ? Mage_Admin_Model_Acl::ROLE_TYPE_GROUP . $role['parent_id'] : null;
 99:             switch ($role['role_type']) {
100:                 case Mage_Admin_Model_Acl::ROLE_TYPE_GROUP:
101:                     $roleId = $role['role_type'] . $role['role_id'];
102:                     $acl->addRole(Mage::getModel('admin/acl_role_group', $roleId), $parent);
103:                     break;
104: 
105:                 case Mage_Admin_Model_Acl::ROLE_TYPE_USER:
106:                     $roleId = $role['role_type'] . $role['user_id'];
107:                     if (!$acl->hasRole($roleId)) {
108:                         $acl->addRole(Mage::getModel('admin/acl_role_user', $roleId), $parent);
109:                     } else {
110:                         $acl->addRoleParent($roleId, $parent);
111:                     }
112:                     break;
113:             }
114:         }
115: 
116:         return $this;
117:     }
118: 
119:     /**
120:      * Load rules
121:      *
122:      * @param Mage_Admin_Model_Acl $acl
123:      * @param array $rulesArr
124:      * @return Mage_Admin_Model_Resource_Acl
125:      */
126:     public function loadRules(Mage_Admin_Model_Acl $acl, array $rulesArr)
127:     {
128:         foreach ($rulesArr as $rule) {
129:             $role = $rule['role_type'] . $rule['role_id'];
130:             $resource = $rule['resource_id'];
131:             $privileges = !empty($rule['privileges']) ? explode(',', $rule['privileges']) : null;
132: 
133:             $assert = null;
134:             if (0 != $rule['assert_id']) {
135:                 $assertClass = Mage::getSingleton('admin/config')->getAclAssert($rule['assert_type'])->getClassName();
136:                 $assert = new $assertClass(unserialize($rule['assert_data']));
137:             }
138:             try {
139:                 if ( $rule['permission'] == 'allow' ) {
140:                     if ($resource === self::ACL_ALL_RULES) {
141:                         $acl->allow($role, null, $privileges, $assert);
142:                     }
143:                     $acl->allow($role, $resource, $privileges, $assert);
144:                 } else if ( $rule['permission'] == 'deny' ) {
145:                     $acl->deny($role, $resource, $privileges, $assert);
146:                 }
147:             } catch (Exception $e) {
148:                 //$m = $e->getMessage();
149:                 //if ( eregi("^Resource '(.*)' not found", $m) ) {
150:                     // Deleting non existent resource rule from rules table
151:                     //$cond = $this->_write->quoteInto('resource_id = ?', $resource);
152:                     //$this->_write->delete(Mage::getSingleton('core/resource')->getTableName('admin/rule'), $cond);
153:                 //} else {
154:                     //TODO: We need to log such exceptions to somewhere like a system/errors.log
155:                 //}
156:             }
157:             /*
158:             switch ($rule['permission']) {
159:                 case Mage_Admin_Model_Acl::RULE_PERM_ALLOW:
160:                     $acl->allow($role, $resource, $privileges, $assert);
161:                     break;
162: 
163:                 case Mage_Admin_Model_Acl::RULE_PERM_DENY:
164:                     $acl->deny($role, $resource, $privileges, $assert);
165:                     break;
166:             }
167:             */
168:         }
169:         return $this;
170:     }
171: }
172:
Packages

Classes
