File code/core/Mage/Api2/Model/Acl/Global/Rule/Tree.php

  1: <?php
  2: /**
  3:  * Magento
  4:  *
  5:  * NOTICE OF LICENSE
  6:  *
  7:  * This source file is subject to the Open Software License (OSL 3.0)
  8:  * that is bundled with this package in the file LICENSE.txt.
  9:  * It is also available through the world-wide-web at this URL:
 10:  * http://opensource.org/licenses/osl-3.0.php
 11:  * If you did not receive a copy of the license and are unable to
 12:  * obtain it through the world-wide-web, please send an email
 13:  * to license@magentocommerce.com so we can send you a copy immediately.
 14:  *
 15:  * DISCLAIMER
 16:  *
 17:  * Do not edit or add to this file if you wish to upgrade Magento to newer
 18:  * versions in the future. If you wish to customize Magento for your
 19:  * needs please refer to http://www.magentocommerce.com for more information.
 20:  *
 21:  * @category    Mage
 22:  * @package     Mage_Api2
 23:  * @copyright   Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
 24:  * @license     http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
 25:  */
 26: 
 27: /**
 28:  * API2 acl global rule tree
 29:  *
 30:  * @category   Mage
 31:  * @package    Mage_Api2
 32:  * @author     Magento Core Team <core@magentocommerce.com>
 33:  */
 34: class Mage_Api2_Model_Acl_Global_Rule_Tree extends Mage_Core_Helper_Abstract
 35: {
 36:     /**#@+
 37:      * Tree types
 38:      */
 39:     const TYPE_ATTRIBUTE = 'attribute';
 40:     const TYPE_PRIVILEGE = 'privilege';
 41:     /**#@-*/
 42: 
 43:     /**#@+
 44:      * Names
 45:      */
 46:     const NAME_CHILDREN         = 'children';
 47:     const NAME_PRIVILEGE        = 'privilege';
 48:     const NAME_OPERATION        = 'operation';
 49:     const NAME_ATTRIBUTE        = 'attribute';
 50:     const NAME_RESOURCE         = 'resource';
 51:     const NAME_RESOURCE_GROUPS  = 'resource_groups';
 52:     const NAME_GROUP            = 'group';
 53:     /**#@-*/
 54: 
 55:     /**
 56:      * Separator for tree ID
 57:      */
 58:     const ID_SEPARATOR = '-';
 59: 
 60:     /**
 61:      * Role
 62:      *
 63:      * @var Mage_Api2_Model_Acl_Global_Role
 64:      */
 65:     protected $_role;
 66: 
 67:     /**
 68:      * Resources permissions
 69:      *
 70:      * @var array
 71:      */
 72:     protected $_resourcesPermissions;
 73: 
 74:     /**
 75:      * Resources from config model
 76:      *
 77:      * @var Varien_Simplexml_Element
 78:      */
 79:     protected $_resourcesConfig;
 80: 
 81:     /**
 82:      * Exist privileges
 83:      *
 84:      * @var array
 85:      */
 86:     protected $_existPrivileges;
 87: 
 88:     /**
 89:      * Exist operations
 90:      *
 91:      * @var array
 92:      */
 93:     protected $_existOperations;
 94: 
 95:     /**
 96:      * Tree type
 97:      *
 98:      * @var string
 99:      */
100:     protected $_type;
101: 
102:     /**
103:      * Initialized
104:      *
105:      * @var bool
106:      */
107:     protected $_initialized = false;
108: 
109:     /**
110:      * Flag if resource has entity only attributes
111:      *
112:      * @var bool
113:      */
114:     protected $_hasEntityOnlyAttributes = false;
115: 
116:     /**
117:      * Constructor
118:      *
119:      * In the constructor should be set tree type: attributes or privileges.
120:      * Attributes for tree with resources, operations and attributes.
121:      * Privileges for tree with resources and privileges.
122:      *
123:      * @param array $options
124:      */
125:     public function __construct($options)
126:     {
127:         $this->_type = $options['type'];
128: 
129:         switch ($this->_type) {
130:             case self::TYPE_ATTRIBUTE:
131:                 /** @var $operationSource Mage_Api2_Model_Acl_Filter_Attribute_Operation */
132:                 $operationSource = Mage::getModel('api2/acl_filter_attribute_operation');
133:                 $this->_existOperations = $operationSource->toArray();
134:                 break;
135: 
136:             case self::TYPE_PRIVILEGE:
137:                 /** @var $privilegeSource Mage_Api2_Model_Acl_Global_Rule_Privilege */
138:                 $privilegeSource = Mage::getModel('api2/acl_global_rule_privilege');
139:                 $this->_existPrivileges = $privilegeSource->toArray();
140:                 break;
141: 
142:             default:
143:                 throw new Exception(sprintf('Unknown tree type "%s".', $this->_type));
144:                 break;
145:         }
146:     }
147: 
148:     /**
149:      * Initialize block
150:      *
151:      * @return Mage_Api2_Model_Acl_Global_Rule_Tree
152:      * @throws Exception
153:      */
154:     protected function _init()
155:     {
156:         if ($this->_initialized) {
157:             return $this;
158:         }
159: 
160:         /** @var $config Mage_Api2_Model_Config */
161:         $config = Mage::getModel('api2/config');
162:         $this->_resourcesConfig = $config->getResourceGroups();
163: 
164:         if ($this->_type == self::TYPE_ATTRIBUTE && !$this->_existOperations) {
165:             throw new Exception('Operations is not set');
166:         }
167: 
168:         if ($this->_type == self::TYPE_PRIVILEGE && !$this->_existPrivileges) {
169:             throw new Exception('Privileges is not set.');
170:         }
171: 
172:         return $this;
173:     }
174: 
175:     /**
176:      * Convert to array serialized post data from tree grid
177:      *
178:      * @return array
179:      */
180:     public function getPostResources()
181:     {
182:         $isAll = Mage::app()->getRequest()->getParam(Mage_Api2_Model_Acl_Global_Rule::RESOURCE_ALL);
183:         $allow = Mage_Api2_Model_Acl_Global_Rule_Permission::TYPE_ALLOW;
184:         if ($isAll) {
185:             $resources = array(
186:                 Mage_Api2_Model_Acl_Global_Rule::RESOURCE_ALL => array(
187:                     null => $allow
188:                 )
189:             );
190:         } else {
191:             $resources = array();
192:             $checkedResources = explode(',', Mage::app()->getRequest()->getParam('resource'));
193:             $prefixResource  = self::NAME_RESOURCE . self::ID_SEPARATOR;
194:             switch ($this->_type) {
195:                 case self::TYPE_PRIVILEGE:
196:                     $prefixPrivilege = self::NAME_PRIVILEGE . self::ID_SEPARATOR;
197:                     $nameResource = null;
198:                     foreach ($checkedResources as $i => $item) {
199:                         if (0 === strpos($item, $prefixResource)) {
200:                             $nameResource = substr($item, mb_strlen($prefixResource, 'UTF-8'));
201:                             $resources[$nameResource] = array();
202:                         } elseif (0 === strpos($item, $prefixPrivilege)) {
203:                             $name = substr($item, mb_strlen($prefixPrivilege, 'UTF-8'));
204:                             $namePrivilege = str_replace($nameResource . self::ID_SEPARATOR, '', $name);
205:                             $resources[$nameResource][$namePrivilege] = $allow;
206:                         } else {
207:                             unset($checkedResources[$i]);
208:                         }
209:                     }
210:                     break;
211: 
212:                 case self::TYPE_ATTRIBUTE:
213:                     $prefixOperation = self::NAME_OPERATION . self::ID_SEPARATOR;
214:                     $prefixAttribute = self::NAME_ATTRIBUTE . self::ID_SEPARATOR;
215:                     $nameResource = null;
216:                     foreach ($checkedResources as $i => $item) {
217:                         if (0 === strpos($item, $prefixResource)) {
218:                             $nameResource = substr($item, mb_strlen($prefixResource, 'UTF-8'));
219:                             $resources[$nameResource] = array();
220:                         } elseif (0 === strpos($item, $prefixOperation)) {
221:                             $name = substr($item, mb_strlen($prefixOperation, 'UTF-8'));
222:                             $operationName = str_replace($nameResource . self::ID_SEPARATOR, '', $name);
223:                             $resources[$nameResource][$operationName] = array();
224:                         } elseif (0 === strpos($item, $prefixAttribute)) {
225:                             $name = substr($item, mb_strlen($prefixOperation, 'UTF-8'));
226:                             $attributeName = str_replace(
227:                                 $nameResource . self::ID_SEPARATOR . $operationName . self::ID_SEPARATOR,
228:                                 '',
229:                                 $name
230:                             );
231:                             $resources[$nameResource][$operationName][$attributeName] = $allow;
232:                         } else {
233:                             unset($checkedResources[$i]);
234:                         }
235:                     }
236:                     break;
237: 
238:                 //no default
239:             }
240:         }
241:         return $resources;
242:     }
243: 
244:     /**
245:      * Check if everything is allowed
246:      *
247:      * @return boolean
248:      */
249:     public function getEverythingAllowed()
250:     {
251:         $this->_init();
252: 
253:         $all = Mage_Api2_Model_Acl_Global_Rule::RESOURCE_ALL;
254:         return !empty($this->_resourcesPermissions[$all]);
255:     }
256: 
257:     /**
258:      * Get tree resources
259:      *
260:      * @return array
261:      */
262:     public function getTreeResources()
263:     {
264:         $this->_init();
265:         $root = $this->_getTreeNode($this->_resourcesConfig, 1);
266:         return isset($root[self::NAME_CHILDREN]) ? $root[self::NAME_CHILDREN] : array();
267:     }
268: 
269:     /**
270:      * Get tree node
271:      *
272:      * @param Varien_Simplexml_Element|array $node
273:      * @param int $level
274:      * @return array
275:      */
276:     protected function _getTreeNode($node, $level = 0)
277:     {
278:         $item = array();
279: 
280:         $isResource = false;
281:         $isGroup    = false;
282:         $name       = null;
283: 
284:         if ($level != 0) {
285:             $name = $node->getName();
286:             if (!(int) $node->resource) {
287:                 if (self::NAME_RESOURCE_GROUPS != $name) {
288:                     $isGroup = true;
289:                     $item['id'] = self::NAME_GROUP . self::ID_SEPARATOR . $name;
290:                 }
291:                 $item['text'] = (string) $node->title;
292:             } else {
293:                 $isResource = true;
294:                 $item['id'] = self::NAME_RESOURCE . self::ID_SEPARATOR . $name;
295:                 $item['text'] = $this->__('%s', (string) $node->title);
296:             }
297:             $item['checked'] = false;
298:             $item['sort_order'] = isset($node->sort_order) ? (string) $node->sort_order : 0;
299:         }
300:         if (isset($node->children)) {
301:             $children = $node->children->children();
302:         } else {
303:             $children = $node->children();
304:         }
305: 
306:         if (empty($children)) {
307:             /**
308:              * Node doesn't have any child nodes
309:              * and it should be skipped
310:              */
311:             return $item;
312:         }
313: 
314:         $item[self::NAME_CHILDREN] = array();
315: 
316:         if ($isResource) {
317:             if (self::TYPE_ATTRIBUTE == $this->_type) {
318:                 if (!$this->_addOperations($item, $node, $name)) {
319:                     return null;
320:                 }
321:             } elseif (self::TYPE_PRIVILEGE == $this->_type) {
322:                 if (!$this->_addPrivileges($item, $node, $name)) {
323:                     return null;
324:                 }
325:             }
326:         }
327: 
328:         /** @var $child Varien_Simplexml_Element */
329:         foreach ($children as $child) {
330:             if ($child->getName() != 'title' && $child->getName() != 'sort_order') {
331:                 if (!(string) $child->title) {
332:                     continue;
333:                 }
334: 
335:                 if ($level != 0) {
336:                     $subNode = $this->_getTreeNode($child, $level + 1);
337:                     if (!$subNode) {
338:                         continue;
339:                     }
340:                     //if sub-node check then check current node
341:                     if (!empty($subNode['checked'])) {
342:                         $item['checked'] = true;
343:                     }
344:                     $item[self::NAME_CHILDREN][] = $subNode;
345:                 } else {
346:                     $item = $this->_getTreeNode($child, $level + 1);
347:                 }
348:             }
349:         }
350:         if (!empty($item[self::NAME_CHILDREN])) {
351:             usort($item[self::NAME_CHILDREN], array($this, '_sortTree'));
352:         } elseif ($isGroup) {
353:             //skip empty group
354:             return null;
355:         }
356:         return $item;
357:     }
358: 
359:     /**
360:      * Add privileges
361:      *
362:      * @param array $item                       Tree node
363:      * @param Varien_Simplexml_Element $node    XML node
364:      * @param string $name                      Resource name
365:      * @return bool
366:      */
367:     protected function _addPrivileges(&$item, Varien_Simplexml_Element $node, $name)
368:     {
369:         $roleConfigNodeName = $this->getRole()->getConfigNodeName();
370:         $possibleList = array();
371:         if (isset($node->privileges)) {
372:             $possibleRoles = $node->privileges->asArray();
373:             if (isset($possibleRoles[$roleConfigNodeName])) {
374:                 $possibleList = $possibleRoles[$roleConfigNodeName];
375:             }
376:         }
377: 
378:         if (!$possibleList) {
379:             return false;
380:         }
381: 
382:         $cnt = 0;
383:         foreach ($this->_existPrivileges as $key => $title) {
384:             if (empty($possibleList[$key])) {
385:                 continue;
386:             }
387:             $checked = !empty($this->_resourcesPermissions[$name]['privileges'][$roleConfigNodeName][$key]);
388:             $item['checked'] = $checked ? $checked : $item['checked'];
389:             $subItem = array(
390:                 'id' => self::NAME_PRIVILEGE . self::ID_SEPARATOR . $name . self::ID_SEPARATOR . $key,
391:                 'text' => $title,
392:                 'checked' => $checked,
393:                 'sort_order' => ++$cnt,
394:             );
395:             $item[self::NAME_CHILDREN][] = $subItem;
396:         }
397:         return true;
398:     }
399: 
400:     /**
401:      * Add operation
402:      *
403:      * @param array $item                       Tree node
404:      * @param Varien_Simplexml_Element $node    XML node
405:      * @param string $name                      Resource name
406:      * @return bool
407:      */
408:     protected function _addOperations(&$item, Varien_Simplexml_Element $node, $name)
409:     {
410:         $cnt = 0;
411:         foreach ($this->_existOperations as $key => $title) {
412:             $subItem = array(
413:                 'id' => self::NAME_OPERATION . self::ID_SEPARATOR . $name . self::ID_SEPARATOR . $key,
414:                 'text' => $title,
415:                 'checked' => false,
416:                 'sort_order' => ++$cnt,
417:             );
418: 
419:             if (!empty($this->_resourcesPermissions[$name]['operations'][$key]['attributes'])) {
420:                 if (!$this->_addAttribute($subItem, $node, $name, $key)) {
421:                     $cnt--;
422:                     continue;
423:                 }
424:             } else {
425:                 $cnt--;
426:                 continue;
427:             }
428:             if (!empty($subItem['checked'])) {
429:                 $item['checked'] = true;
430:             }
431:             $item[self::NAME_CHILDREN][] = $subItem;
432:         }
433:         if (!$cnt) {
434:             return false;
435:         }
436:         return true;
437:     }
438: 
439:     /**
440:      * Add privileges
441:      *
442:      * @param array $item Tree node
443:      * @param Varien_Simplexml_Element $node XML node
444:      * @param string $name Node name
445:      * @param string $privilege Privilege name
446:      * @return bool
447:      */
448:     protected function _addAttribute(&$item, Varien_Simplexml_Element $node, $name, $privilege)
449:     {
450:         $cnt = 0;
451:         foreach ($this->_resourcesPermissions[$name]['operations'][$privilege]['attributes'] as $key => $attribute) {
452:             $title = $attribute['title'];
453:             $status = $attribute['status'];
454: 
455:             $checked = $status == Mage_Api2_Model_Acl_Global_Rule_Permission::TYPE_ALLOW;
456:             $item['checked'] = $checked ? $checked : $item['checked'];
457:             $item[self::NAME_CHILDREN][] = array(
458:                 'id' => self::NAME_ATTRIBUTE . self::ID_SEPARATOR . $name . self::ID_SEPARATOR . $privilege
459:                     . self::ID_SEPARATOR . $key,
460:                 'text' => $title,
461:                 'checked' => $checked,
462:                 'sort_order' => ++$cnt,
463:             );
464:         }
465: 
466:         return true;
467:     }
468: 
469:     /**
470:      * Compare two nodes of the Resource Tree
471:      *
472:      * @param array $a
473:      * @param array $b
474:      * @return int
475:      */
476:     protected function _sortTree($a, $b)
477:     {
478:         return $a['sort_order'] < $b['sort_order'] ? -1 : ($a['sort_order'] > $b['sort_order'] ? 1 : 0);
479:     }
480: 
481:     /**
482:      * Set role
483:      *
484:      * @param Mage_Api2_Model_Acl_Global_Role $role
485:      * @return Mage_Api2_Model_Acl_Global_Rule_Tree
486:      */
487:     public function setRole($role)
488:     {
489:         $this->_role = $role;
490:         return $this;
491:     }
492: 
493:     /**
494:      * Get role
495:      *
496:      * @return Mage_Api2_Model_Acl_Global_Role
497:      */
498:     public function getRole()
499:     {
500:         return $this->_role;
501:     }
502: 
503:     /**
504:      * Set resources permissions
505:      *
506:      * @param array $resourcesPermissions
507:      * @return Mage_Api2_Model_Acl_Global_Rule_Tree
508:      */
509:     public function setResourcesPermissions($resourcesPermissions)
510:     {
511:         $this->_resourcesPermissions = $resourcesPermissions;
512:         return $this;
513:     }
514: 
515:     /**
516:      * Get resources permissions
517:      *
518:      * @return array
519:      */
520:     public function getResourcesPermissions()
521:     {
522:         return $this->_resourcesPermissions;
523:     }
524: 
525:     /**
526:      * Set has entity only attributes flag
527:      *
528:      * @param bool $hasEntityOnlyAttributes
529:      * @return Mage_Api2_Model_Acl_Global_Rule_Tree
530:      */
531:     public function setHasEntityOnlyAttributes($hasEntityOnlyAttributes)
532:     {
533:         $this->_hasEntityOnlyAttributes = $hasEntityOnlyAttributes;
534:         return $this;
535:     }
536: 
537:     /**
538:      * Get has entity only attributes flag
539:      *
540:      * @return bool
541:      */
542:     public function getHasEntityOnlyAttributes()
543:     {
544:         return $this->_hasEntityOnlyAttributes;
545:     }
546: }
547:
Packages

Classes

Interfaces

Exceptions
