1: <?php
2: /**
3: * Magento
4: *
5: * NOTICE OF LICENSE
6: *
7: * This source file is subject to the Open Software License (OSL 3.0)
8: * that is bundled with this package in the file LICENSE.txt.
9: * It is also available through the world-wide-web at this URL:
10: * http://opensource.org/licenses/osl-3.0.php
11: * If you did not receive a copy of the license and are unable to
12: * obtain it through the world-wide-web, please send an email
13: * to license@magentocommerce.com so we can send you a copy immediately.
14: *
15: * DISCLAIMER
16: *
17: * Do not edit or add to this file if you wish to upgrade Magento to newer
18: * versions in the future. If you wish to customize Magento for your
19: * needs please refer to http://www.magentocommerce.com for more information.
20: *
21: * @category Mage
22: * @package Mage_Api2
23: * @copyright Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
24: * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
25: */
26:
27: /**
28: * API User ACL model
29: *
30: * @category Mage
31: * @package Mage_Api2
32: * @author Magento Core Team <core@magentocommerce.com>
33: */
34: class Mage_Api2_Model_Acl extends Zend_Acl
35: {
36: /**
37: * REST ACL roles collection
38: *
39: * @var Mage_Api2_Model_Resource_Acl_Global_Role_Collection
40: */
41: protected $_rolesCollection;
42:
43: /**
44: * API2 config model instance
45: *
46: * @var Mage_Api2_Model_Config
47: */
48: protected $_config;
49:
50: /**
51: * Resource type of request
52: *
53: * @var string
54: */
55: protected $_resourceType;
56:
57: /**
58: * Operation of request
59: *
60: * @var string
61: */
62: protected $_operation;
63:
64: /**
65: * Constructor
66: *
67: * @param array $options
68: */
69: public function __construct($options)
70: {
71: if (!isset($options['resource_type']) || empty($options['resource_type'])) {
72: throw new Exception("Passed parameter 'resource_type' is wrong.");
73: }
74: if (!isset($options['operation']) || empty($options['operation'])) {
75: throw new Exception("Passed parameter 'operation' is wrong.");
76: }
77: $this->_resourceType = $options['resource_type'];
78: $this->_operation = $options['operation'];
79:
80: $this->_setResources();
81: $this->_setRoles();
82: $this->_setRules();
83: }
84:
85: /**
86: * Retrieve REST ACL roles collection
87: *
88: * @return Mage_Api2_Model_Resource_Acl_Global_Role_Collection
89: */
90: protected function _getRolesCollection()
91: {
92: if (null === $this->_rolesCollection) {
93: $this->_rolesCollection = Mage::getResourceModel('api2/acl_global_role_collection');
94: }
95: return $this->_rolesCollection;
96: }
97:
98: /**
99: * Retrieve API2 config model instance
100: *
101: * @return Mage_Api2_Model_Config
102: */
103: protected function _getConfig()
104: {
105: if (null === $this->_config) {
106: $this->_config = Mage::getModel('api2/config');
107: }
108: return $this->_config;
109: }
110:
111: /**
112: * Retrieve resources types and set into ACL
113: *
114: * @return Mage_Api2_Model_Acl
115: */
116: protected function _setResources()
117: {
118: foreach ($this->_getConfig()->getResourcesTypes() as $type) {
119: $this->addResource($type);
120: }
121: return $this;
122: }
123:
124: /**
125: * Retrieve roles from DB and set into ACL
126: *
127: * @return Mage_Api2_Model_Acl
128: */
129: protected function _setRoles()
130: {
131: /** @var $role Mage_Api2_Model_Acl_Global_Role */
132: foreach ($this->_getRolesCollection() as $role) {
133: $this->addRole($role->getId());
134: }
135: return $this;
136: }
137:
138: /**
139: * Retrieve rules data from DB and inject it into ACL
140: *
141: * @return Mage_Api2_Model_Acl
142: */
143: protected function _setRules()
144: {
145: /** @var $rulesCollection Mage_Api2_Model_Resource_Acl_Global_Rule_Collection */
146: $rulesCollection = Mage::getResourceModel('api2/acl_global_rule_collection');
147:
148: /** @var $rule Mage_Api2_Model_Acl_Global_Rule */
149: foreach ($rulesCollection as $rule) {
150: if (Mage_Api2_Model_Acl_Global_Rule::RESOURCE_ALL === $rule->getResourceId()) {
151: if (in_array($rule->getRoleId(), Mage_Api2_Model_Acl_Global_Role::getSystemRoles())) {
152: /** @var $role Mage_Api2_Model_Acl_Global_Role */
153: $role = $this->_getRolesCollection()->getItemById($rule->getRoleId());
154: $privileges = $this->_getConfig()->getResourceUserPrivileges(
155: $this->_resourceType,
156: $role->getConfigNodeName()
157: );
158:
159: if (!array_key_exists($this->_operation, $privileges)) {
160: continue;
161: }
162: }
163:
164: $this->allow($rule->getRoleId());
165: } else {
166: $this->allow($rule->getRoleId(), $rule->getResourceId(), $rule->getPrivilege());
167: }
168: }
169: return $this;
170: }
171:
172: /**
173: * Adds a Role having an identifier unique to the registry
174: * OVERRIDE to allow numeric roles identifiers
175: *
176: * @param int $roleId Role identifier
177: * @param Zend_Acl_Role_Interface|string|array $parents
178: * @return Zend_Acl Provides a fluent interface
179: */
180: public function addRole($roleId, $parents = null)
181: {
182: if (!is_numeric($roleId)) {
183: throw new Exception('Invalid role identifier');
184: }
185: return parent::addRole((string) $roleId);
186: }
187: }
188: