1: <?php
  2: /**
  3:  * Magento
  4:  *
  5:  * NOTICE OF LICENSE
  6:  *
  7:  * This source file is subject to the Open Software License (OSL 3.0)
  8:  * that is bundled with this package in the file LICENSE.txt.
  9:  * It is also available through the world-wide-web at this URL:
 10:  * http://opensource.org/licenses/osl-3.0.php
 11:  * If you did not receive a copy of the license and are unable to
 12:  * obtain it through the world-wide-web, please send an email
 13:  * to license@magentocommerce.com so we can send you a copy immediately.
 14:  *
 15:  * DISCLAIMER
 16:  *
 17:  * Do not edit or add to this file if you wish to upgrade Magento to newer
 18:  * versions in the future. If you wish to customize Magento for your
 19:  * needs please refer to http://www.magentocommerce.com for more information.
 20:  *
 21:  * @category    Mage
 22:  * @package     Mage_Admin
 23:  * @copyright   Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
 24:  * @license     http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
 25:  */
 26: 
 27: 
 28: /**
 29:  * ACL user resource
 30:  *
 31:  * @category    Mage
 32:  * @package     Mage_Admin
 33:  * @author      Magento Core Team <core@magentocommerce.com>
 34:  */
 35: class Mage_Admin_Model_Resource_User extends Mage_Core_Model_Resource_Db_Abstract
 36: {
 37:     /**
 38:      * Define main table
 39:      *
 40:      */
 41:     protected function _construct()
 42:     {
 43:         $this->_init('admin/user', 'user_id');
 44:     }
 45: 
 46:     /**
 47:      * Initialize unique fields
 48:      *
 49:      * @return Mage_Admin_Model_Resource_User
 50:      */
 51:     protected function _initUniqueFields()
 52:     {
 53:         $this->_uniqueFields = array(
 54:             array(
 55:                 'field' => 'email',
 56:                 'title' => Mage::helper('adminhtml')->__('Email')
 57:             ),
 58:             array(
 59:                 'field' => 'username',
 60:                 'title' => Mage::helper('adminhtml')->__('User Name')
 61:             ),
 62:         );
 63:         return $this;
 64:     }
 65: 
 66:     /**
 67:      * Authenticate user by $username and $password
 68:      *
 69:      * @param Mage_Admin_Model_User $user
 70:      * @return Mage_Admin_Model_Resource_User
 71:      */
 72:     public function recordLogin(Mage_Admin_Model_User $user)
 73:     {
 74:         $adapter = $this->_getWriteAdapter();
 75: 
 76:         $data = array(
 77:             'logdate' => now(),
 78:             'lognum'  => $user->getLognum() + 1
 79:         );
 80: 
 81:         $condition = array(
 82:             'user_id = ?' => (int) $user->getUserId(),
 83:         );
 84: 
 85:         $adapter->update($this->getMainTable(), $data, $condition);
 86: 
 87:         return $this;
 88:     }
 89: 
 90:     /**
 91:      * Load data by specified username
 92:      *
 93:      * @param string $username
 94:      * @return false|array
 95:      */
 96:     public function loadByUsername($username)
 97:     {
 98:         $adapter = $this->_getReadAdapter();
 99: 
100:         $select = $adapter->select()
101:                     ->from($this->getMainTable())
102:                     ->where('username=:username');
103: 
104:         $binds = array(
105:             'username' => $username
106:         );
107: 
108:         return $adapter->fetchRow($select, $binds);
109:     }
110: 
111:     /**
112:      * Check if user is assigned to any role
113:      *
114:      * @param int|Mage_Core_Admin_Model_User $user
115:      * @return null|false|array
116:      */
117:     public function hasAssigned2Role($user)
118:     {
119:         if (is_numeric($user)) {
120:             $userId = $user;
121:         } else if ($user instanceof Mage_Core_Model_Abstract) {
122:             $userId = $user->getUserId();
123:         } else {
124:             return null;
125:         }
126: 
127:         if ( $userId > 0 ) {
128:             $adapter = $this->_getReadAdapter();
129: 
130:             $select = $adapter->select();
131:             $select->from($this->getTable('admin/role'))
132:                 ->where('parent_id > :parent_id')
133:                 ->where('user_id = :user_id');
134: 
135:             $binds = array(
136:                 'parent_id' => 0,
137:                 'user_id' => $userId,
138:             );
139: 
140:             return $adapter->fetchAll($select, $binds);
141:         } else {
142:             return null;
143:         }
144:     }
145: 
146:     /**
147:      * Encrypt password
148:      *
149:      * @param string $pwStr
150:      * @return string
151:      */
152:     private function _encryptPassword($pwStr)
153:     {
154:         return Mage::helper('core')->getHash($pwStr, 2);
155:     }
156: 
157:     /**
158:      * Set created/modified values before user save
159:      *
160:      * @param Mage_Core_Model_Abstract $user
161:      * @return Mage_Admin_Model_Resource_User
162:      */
163:     protected function _beforeSave(Mage_Core_Model_Abstract $user)
164:     {
165:         if ($user->isObjectNew()) {
166:             $user->setCreated($this->formatDate(true));
167:         }
168:         $user->setModified($this->formatDate(true));
169: 
170:         return parent::_beforeSave($user);
171:     }
172: 
173:     /**
174:      * Unserialize user extra data after user save
175:      *
176:      * @param Mage_Core_Model_Abstract $user
177:      * @return Mage_Admin_Model_Resource_User
178:      */
179:     protected function _afterSave(Mage_Core_Model_Abstract $user)
180:     {
181:         $user->setExtra(unserialize($user->getExtra()));
182:         return $this;
183:     }
184: 
185:     /**
186:      * Unserialize user extra data after user load
187:      *
188:      * @param Mage_Core_Model_Abstract $user
189:      * @return Mage_Admin_Model_Resource_User
190:      */
191:     protected function _afterLoad(Mage_Core_Model_Abstract $user)
192:     {
193:         if (is_string($user->getExtra())) {
194:             $user->setExtra(unserialize($user->getExtra()));
195:         }
196:         return parent::_afterLoad($user);
197:     }
198: 
199:     /**
200:      * Delete user role record with user
201:      *
202:      * @param Mage_Core_Model_Abstract $user
203:      * @return bool
204:      */
205:     public function delete(Mage_Core_Model_Abstract $user)
206:     {
207:         $this->_beforeDelete($user);
208:         $adapter = $this->_getWriteAdapter();
209: 
210:         $uid = $user->getId();
211:         $adapter->beginTransaction();
212:         try {
213:             $conditions = array(
214:                 'user_id = ?' => $uid
215:             );
216: 
217:             $adapter->delete($this->getMainTable(), $conditions);
218:             $adapter->delete($this->getTable('admin/role'), $conditions);
219:         } catch (Mage_Core_Exception $e) {
220:             throw $e;
221:             return false;
222:         } catch (Exception $e){
223:             $adapter->rollBack();
224:             return false;
225:         }
226:         $adapter->commit();
227:         $this->_afterDelete($user);
228:         return true;
229:     }
230: 
231:     /**
232:      * TODO: unify _saveRelations() and add() methods, they make same things
233:      *
234:      * @param Mage_Core_Model_Abstract $user
235:      * @return Mage_Admin_Model_Resource_User
236:      */
237:     public function _saveRelations(Mage_Core_Model_Abstract $user)
238:     {
239:         $rolesIds = $user->getRoleIds();
240: 
241:         if( !is_array($rolesIds) || count($rolesIds) == 0 ) {
242:             return $user;
243:         }
244: 
245:         $adapter = $this->_getWriteAdapter();
246: 
247:         $adapter->beginTransaction();
248: 
249:         try {
250:             $conditions = array(
251:                 'user_id = ?' => (int) $user->getId(),
252:             );
253: 
254:             $adapter->delete($this->getTable('admin/role'), $conditions);
255:             foreach ($rolesIds as $rid) {
256:                 $rid = intval($rid);
257:                 if ($rid > 0) {
258:                     $row = Mage::getModel('admin/role')->load($rid)->getData();
259:                 } else {
260:                     $row = array('tree_level' => 0);
261:                 }
262: 
263:                 $data = new Varien_Object(array(
264:                     'parent_id'     => $rid,
265:                     'tree_level'    => $row['tree_level'] + 1,
266:                     'sort_order'    => 0,
267:                     'role_type'     => 'U',
268:                     'user_id'       => $user->getId(),
269:                     'role_name'     => $user->getFirstname()
270:                 ));
271: 
272:                 $insertData = $this->_prepareDataForTable($data, $this->getTable('admin/role'));
273:                 $adapter->insert($this->getTable('admin/role'), $insertData);
274:             }
275:             $adapter->commit();
276:         } catch (Mage_Core_Exception $e) {
277:             throw $e;
278:         } catch (Exception $e){
279:             $adapter->rollBack();
280:             throw $e;
281:         }
282: 
283:         return $this;
284:     }
285: 
286:     /**
287:      * Get user roles
288:      *
289:      * @param Mage_Core_Model_Abstract $user
290:      * @return array
291:      */
292:     public function getRoles(Mage_Core_Model_Abstract $user)
293:     {
294:         if ( !$user->getId() ) {
295:             return array();
296:         }
297: 
298:         $table  = $this->getTable('admin/role');
299:         $adapter   = $this->_getReadAdapter();
300: 
301:         $select = $adapter->select()
302:                     ->from($table, array())
303:                     ->joinLeft(
304:                         array('ar' => $table),
305:                         "(ar.role_id = {$table}.parent_id and ar.role_type = 'G')",
306:                         array('role_id'))
307:                     ->where("{$table}.user_id = :user_id");
308: 
309:         $binds = array(
310:             'user_id' => (int) $user->getId(),
311:         );
312: 
313:         $roles = $adapter->fetchCol($select, $binds);
314: 
315:         if ($roles) {
316:             return $roles;
317:         }
318: 
319:         return array();
320:     }
321: 
322:     /**
323:      * Save user roles
324:      *
325:      * @param Mage_Core_Model_Abstract $user
326:      * @return Mage_Admin_Model_Resource_User
327:      */
328:     public function add(Mage_Core_Model_Abstract $user)
329:     {
330:         $dbh = $this->_getWriteAdapter();
331: 
332:         $aRoles = $this->hasAssigned2Role($user);
333:         if ( sizeof($aRoles) > 0 ) {
334:             foreach($aRoles as $idx => $data){
335:                 $conditions = array(
336:                     'role_id = ?' => $data['role_id'],
337:                 );
338: 
339:                 $dbh->delete($this->getTable('admin/role'), $conditions);
340:             }
341:         }
342: 
343:         if ($user->getId() > 0) {
344:             $role = Mage::getModel('admin/role')->load($user->getRoleId());
345:         } else {
346:             $role = new Varien_Object();
347:             $role->setTreeLevel(0);
348:         }
349: 
350:         $data = new Varien_Object(array(
351:             'parent_id'  => $user->getRoleId(),
352:             'tree_level' => ($role->getTreeLevel() + 1),
353:             'sort_order' => 0,
354:             'role_type'  => 'U',
355:             'user_id'    => $user->getUserId(),
356:             'role_name'  => $user->getFirstname()
357:         ));
358: 
359:         $insertData = $this->_prepareDataForTable($data, $this->getTable('admin/role'));
360: 
361:         $dbh->insert($this->getTable('admin/role'), $insertData);
362: 
363:         return $this;
364:     }
365: 
366:     /**
367:      * Delete user role
368:      *
369:      * @param Mage_Core_Model_Abstract $user
370:      * @return Mage_Admin_Model_Resource_User
371:      */
372:     public function deleteFromRole(Mage_Core_Model_Abstract $user)
373:     {
374:         if ( $user->getUserId() <= 0 ) {
375:             return $this;
376:         }
377:         if ( $user->getRoleId() <= 0 ) {
378:             return $this;
379:         }
380: 
381:         $dbh = $this->_getWriteAdapter();
382: 
383:         $condition = array(
384:             'user_id = ?'   => (int) $user->getId(),
385:             'parent_id = ?' => (int) $user->getRoleId(),
386:         );
387: 
388:         $dbh->delete($this->getTable('admin/role'), $condition);
389:         return $this;
390:     }
391: 
392:     /**
393:      * Check if role user exists
394:      *
395:      * @param Mage_Core_Model_Abstract $user
396:      * @return array|false
397:      */
398:     public function roleUserExists(Mage_Core_Model_Abstract $user)
399:     {
400:         if ( $user->getUserId() > 0 ) {
401:             $roleTable = $this->getTable('admin/role');
402: 
403:             $dbh = $this->_getReadAdapter();
404: 
405:             $binds = array(
406:                 'parent_id' => $user->getRoleId(),
407:                 'user_id'   => $user->getUserId(),
408:             );
409: 
410:             $select = $dbh->select()->from($roleTable)
411:                 ->where('parent_id = :parent_id')
412:                 ->where('user_id = :user_id');
413: 
414:             return $dbh->fetchCol($select, $binds);
415:         } else {
416:             return array();
417:         }
418:     }
419: 
420:     /**
421:      * Check if user exists
422:      *
423:      * @param Mage_Core_Model_Abstract $user
424:      * @return array|false
425:      */
426:     public function userExists(Mage_Core_Model_Abstract $user)
427:     {
428:         $adapter = $this->_getReadAdapter();
429:         $select = $adapter->select();
430: 
431:         $binds = array(
432:             'username' => $user->getUsername(),
433:             'email'    => $user->getEmail(),
434:             'user_id'  => (int) $user->getId(),
435:         );
436: 
437:         $select->from($this->getMainTable())
438:             ->where('(username = :username OR email = :email)')
439:             ->where('user_id <> :user_id');
440: 
441:         return $adapter->fetchRow($select, $binds);
442:     }
443: 
444:     /**
445:      * Save user extra data
446:      *
447:      * @param Mage_Core_Model_Abstract $object
448:      * @param string $data
449:      * @return Mage_Admin_Model_Resource_User
450:      */
451:     public function saveExtra($object, $data)
452:     {
453:         if ($object->getId()) {
454:             $this->_getWriteAdapter()->update(
455:                 $this->getMainTable(),
456:                 array('extra' => $data),
457:                 array('user_id = ?' => (int) $object->getId())
458:             );
459:         }
460: 
461:         return $this;
462:     }
463: }
464: