1: <?php
2: /**
3: * Magento
4: *
5: * NOTICE OF LICENSE
6: *
7: * This source file is subject to the Open Software License (OSL 3.0)
8: * that is bundled with this package in the file LICENSE.txt.
9: * It is also available through the world-wide-web at this URL:
10: * http://opensource.org/licenses/osl-3.0.php
11: * If you did not receive a copy of the license and are unable to
12: * obtain it through the world-wide-web, please send an email
13: * to license@magentocommerce.com so we can send you a copy immediately.
14: *
15: * DISCLAIMER
16: *
17: * Do not edit or add to this file if you wish to upgrade Magento to newer
18: * versions in the future. If you wish to customize Magento for your
19: * needs please refer to http://www.magentocommerce.com for more information.
20: *
21: * @category Mage
22: * @package Mage_Api2
23: * @copyright Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
24: * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
25: */
26:
27: /**
28: * API2 filter ACL attribute resources permissions model
29: *
30: * @category Mage
31: * @package Mage_Api2
32: * @author Magento Core Team <core@magentocommerce.com>
33: */
34: class Mage_Api2_Model_Acl_Filter_Attribute_ResourcePermission
35: implements Mage_Api2_Model_Acl_PermissionInterface
36: {
37: /**
38: * Resources permissions
39: *
40: * @var array
41: */
42: protected $_resourcesPermissions;
43:
44: /**
45: * Filter item value
46: *
47: * @var string
48: */
49: protected $_userType;
50:
51: /**
52: * Flag if resource has entity only attributes
53: *
54: * @var bool
55: */
56: protected $_hasEntityOnlyAttributes = false;
57:
58: /**
59: * Get resources permissions for selected role
60: *
61: * @return array
62: */
63: public function getResourcesPermissions()
64: {
65: if (null === $this->_resourcesPermissions) {
66: $rulesPairs = array();
67:
68: if ($this->_userType) {
69: $allowedAttributes = array();
70:
71: /** @var $rules Mage_Api2_Model_Resource_Acl_Filter_Attribute_Collection */
72: $rules = Mage::getResourceModel('api2/acl_filter_attribute_collection');
73: $rules->addFilterByUserType($this->_userType);
74:
75: foreach ($rules as $rule) {
76: if (Mage_Api2_Model_Acl_Global_Rule::RESOURCE_ALL === $rule->getResourceId()) {
77: $rulesPairs[$rule->getResourceId()] = Mage_Api2_Model_Acl_Global_Rule_Permission::TYPE_ALLOW;
78: }
79:
80: /** @var $rule Mage_Api2_Model_Acl_Filter_Attribute */
81: if (null !== $rule->getAllowedAttributes()) {
82: $allowedAttributes[$rule->getResourceId()][$rule->getOperation()] = explode(
83: ',', $rule->getAllowedAttributes()
84: );
85: }
86: }
87:
88: /** @var $config Mage_Api2_Model_Config */
89: $config = Mage::getModel('api2/config');
90:
91: /** @var $operationSource Mage_Api2_Model_Acl_Filter_Attribute_Operation */
92: $operationSource = Mage::getModel('api2/acl_filter_attribute_operation');
93:
94: foreach ($config->getResourcesTypes() as $resource) {
95: $resourceUserPrivileges = $config->getResourceUserPrivileges($resource, $this->_userType);
96:
97: if (!$resourceUserPrivileges) { // skip user without any privileges for resource
98: continue;
99: }
100: $operations = $operationSource->toArray();
101:
102: if (empty($resourceUserPrivileges[Mage_Api2_Model_Resource::OPERATION_CREATE])
103: && empty($resourceUserPrivileges[Mage_Api2_Model_Resource::OPERATION_UPDATE])
104: ) {
105: unset($operations[Mage_Api2_Model_Resource::OPERATION_ATTRIBUTE_WRITE]);
106: }
107: if (empty($resourceUserPrivileges[Mage_Api2_Model_Resource::OPERATION_RETRIEVE])) {
108: unset($operations[Mage_Api2_Model_Resource::OPERATION_ATTRIBUTE_READ]);
109: }
110: if (!$operations) { // skip resource without any operations allowed
111: continue;
112: }
113: try {
114: /** @var $resourceModel Mage_Api2_Model_Resource */
115: $resourceModel = Mage::getModel($config->getResourceModel($resource));
116: if ($resourceModel) {
117: $resourceModel->setResourceType($resource)
118: ->setUserType($this->_userType);
119:
120: foreach ($operations as $operation => $operationLabel) {
121: if (!$this->_hasEntityOnlyAttributes
122: && $config->getResourceEntityOnlyAttributes($resource, $this->_userType, $operation)
123: ) {
124: $this->_hasEntityOnlyAttributes = true;
125: }
126: $availableAttributes = $resourceModel->getAvailableAttributes(
127: $this->_userType,
128: $operation
129: );
130: asort($availableAttributes);
131: foreach ($availableAttributes as $attribute => $attributeLabel) {
132: $status = isset($allowedAttributes[$resource][$operation])
133: && in_array($attribute, $allowedAttributes[$resource][$operation])
134: ? Mage_Api2_Model_Acl_Global_Rule_Permission::TYPE_ALLOW
135: : Mage_Api2_Model_Acl_Global_Rule_Permission::TYPE_DENY;
136:
137: $rulesPairs[$resource]['operations'][$operation]['attributes'][$attribute] = array(
138: 'status' => $status,
139: 'title' => $attributeLabel
140: );
141: }
142: }
143: }
144: } catch (Exception $e) {
145: // getModel() throws exception when application is in development mode
146: Mage::logException($e);
147: }
148: }
149: }
150: $this->_resourcesPermissions = $rulesPairs;
151: }
152: return $this->_resourcesPermissions;
153: }
154:
155: /**
156: * Set filter value
157: *
158: * Set user type
159: *
160: * @param string $userType
161: * @return Mage_Api2_Model_Acl_Filter_Attribute_ResourcePermission
162: */
163: public function setFilterValue($userType)
164: {
165: if (!array_key_exists($userType, Mage_Api2_Model_Auth_User::getUserTypes())) {
166: throw new Exception('Unknown user type.');
167: }
168: $this->_userType = $userType;
169: return $this;
170: }
171:
172: /**
173: * Get flag value
174: *
175: * @return bool
176: */
177: public function getHasEntityOnlyAttributes()
178: {
179: return $this->_hasEntityOnlyAttributes;
180: }
181: }
182: