1: <?php
2: /**
3: * Magento
4: *
5: * NOTICE OF LICENSE
6: *
7: * This source file is subject to the Open Software License (OSL 3.0)
8: * that is bundled with this package in the file LICENSE.txt.
9: * It is also available through the world-wide-web at this URL:
10: * http://opensource.org/licenses/osl-3.0.php
11: * If you did not receive a copy of the license and are unable to
12: * obtain it through the world-wide-web, please send an email
13: * to license@magentocommerce.com so we can send you a copy immediately.
14: *
15: * DISCLAIMER
16: *
17: * Do not edit or add to this file if you wish to upgrade Magento to newer
18: * versions in the future. If you wish to customize Magento for your
19: * needs please refer to http://www.magentocommerce.com for more information.
20: *
21: * @category Mage
22: * @package Mage_Api
23: * @copyright Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
24: * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
25: */
26:
27:
28: /**
29: * Resource model for admin ACL
30: *
31: * @category Mage
32: * @package Mage_Api
33: * @author Magento Core Team <core@magentocommerce.com>
34: */
35: class Mage_Api_Model_Resource_Acl extends Mage_Core_Model_Resource_Db_Abstract
36: {
37: /**
38: * Initialize resource connections
39: *
40: */
41: protected function _construct()
42: {
43: $this->_init('api/role', 'role_id');
44: }
45:
46: /**
47: * Load ACL for the user
48: *
49: * @return Mage_Api_Model_Acl
50: */
51: public function loadAcl()
52: {
53: $acl = Mage::getModel('api/acl');
54: $adapter = $this->_getReadAdapter();
55:
56: Mage::getSingleton('api/config')->loadAclResources($acl);
57:
58: $rolesArr = $adapter->fetchAll(
59: $adapter->select()
60: ->from($this->getTable('api/role'))
61: ->order(array('tree_level', 'role_type'))
62: );
63: $this->loadRoles($acl, $rolesArr);
64:
65: $rulesArr = $adapter->fetchAll(
66: $adapter->select()
67: ->from(array('r'=>$this->getTable('api/rule')))
68: ->joinLeft(
69: array('a'=>$this->getTable('api/assert')),
70: 'a.assert_id=r.assert_id',
71: array('assert_type', 'assert_data')
72: ));
73: $this->loadRules($acl, $rulesArr);
74: return $acl;
75: }
76:
77: /**
78: * Load roles
79: *
80: * @param Mage_Api_Model_Acl $acl
81: * @param array $rolesArr
82: * @return Mage_Api_Model_Resource_Acl
83: */
84: public function loadRoles(Mage_Api_Model_Acl $acl, array $rolesArr)
85: {
86: foreach ($rolesArr as $role) {
87: $parent = $role['parent_id']>0 ? Mage_Api_Model_Acl::ROLE_TYPE_GROUP.$role['parent_id'] : null;
88: switch ($role['role_type']) {
89: case Mage_Api_Model_Acl::ROLE_TYPE_GROUP:
90: $roleId = $role['role_type'].$role['role_id'];
91: $acl->addRole(Mage::getModel('api/acl_role_group', $roleId), $parent);
92: break;
93:
94: case Mage_Api_Model_Acl::ROLE_TYPE_USER:
95: $roleId = $role['role_type'].$role['user_id'];
96: if (!$acl->hasRole($roleId)) {
97: $acl->addRole(Mage::getModel('api/acl_role_user', $roleId), $parent);
98: } else {
99: $acl->addRoleParent($roleId, $parent);
100: }
101: break;
102: }
103: }
104:
105: return $this;
106: }
107:
108: /**
109: * Load rules
110: *
111: * @param Mage_Api_Model_Acl $acl
112: * @param array $rulesArr
113: * @return Mage_Api_Model_Resource_Acl
114: */
115: public function loadRules(Mage_Api_Model_Acl $acl, array $rulesArr)
116: {
117: foreach ($rulesArr as $rule) {
118: $role = $rule['role_type'].$rule['role_id'];
119: $resource = $rule['resource_id'];
120: $privileges = !empty($rule['api_privileges']) ? explode(',', $rule['api_privileges']) : null;
121:
122: $assert = null;
123: if (0!=$rule['assert_id']) {
124: $assertClass = Mage::getSingleton('api/config')->getAclAssert($rule['assert_type'])->getClassName();
125: $assert = new $assertClass(unserialize($rule['assert_data']));
126: }
127: try {
128: if ($rule['api_permission'] == 'allow') {
129: $acl->allow($role, $resource, $privileges, $assert);
130: } else if ($rule['api_permission'] == 'deny') {
131: $acl->deny($role, $resource, $privileges, $assert);
132: }
133: } catch (Exception $e) {
134: //$m = $e->getMessage();
135: //if ( eregi("^Resource '(.*)' not found", $m) ) {
136: // Deleting non existent resource rule from rules table
137: //$cond = $this->_write->quoteInto('resource_id = ?', $resource);
138: //$this->_write->delete(Mage::getSingleton('core/resource')->getTableName('admin/rule'), $cond);
139: //} else {
140: //TODO: We need to log such exceptions to somewhere like a system/errors.log
141: //}
142: }
143: /*
144: switch ($rule['api_permission']) {
145: case Mage_Api_Model_Acl::RULE_PERM_ALLOW:
146: $acl->allow($role, $resource, $privileges, $assert);
147: break;
148:
149: case Mage_Api_Model_Acl::RULE_PERM_DENY:
150: $acl->deny($role, $resource, $privileges, $assert);
151: break;
152: }
153: */
154: }
155: return $this;
156: }
157: }
158: