- Files:
-
- /trunk/lib/Sensei/Acl/GroupAccess.php (modified) (2 diffs)
- /trunk/lib/Sensei/Acl/ResourcePermission.php (modified) (1 diff)
- /trunk/lib/Sensei/Acl/UserAccess.php (modified) (2 diffs)
- /trunk/lib/Sensei/Acl/Resource.php (modified) (1 diff)
- /trunk/lib/Sensei/Acl/Permission.php (modified) (1 diff)
- /trunk/lib/Sensei/TagMap.php (modified) (1 diff)
- /trunk/lib/Sensei/Manager.php (modified) (2 diffs)
- /trunk/lib/Sensei/GroupUser.php (modified) (1 diff)
- /trunk/lib/Sensei/Tag.php (modified) (1 diff)
- /trunk/lib/Sensei/Group.php (modified) (2 diffs)
- /trunk/lib/Sensei/Record.php (added)
- /trunk/lib/Sensei/User.php (modified) (8 diffs)
- /trunk/lib/Sensei/Acl.php (modified) (2 diffs)
- /trunk/lib/Sensei/TextItem.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
/trunk/lib/Sensei/Acl/GroupAccess.php
r17 r29 33 33 * @since 1.0 34 34 */ 35 require_once(dirname(__FILE__).'/Resource.php'); 36 class Sensei_Acl_GroupAccess extends Doctrine_Record 35 class Sensei_Acl_GroupAccess extends Sensei_Record 37 36 { 38 37 public function setTableDefinition() 39 38 { 40 $this->hasColumn('groupId', 'integer', 8, array('notnull' => true)); 41 $this->hasColumn('resourceId', 'integer', 8, array('notnull' => true)); 42 $this->hasColumn('permissionId', 'integer', 8, array('notnull' => true)); 39 $this->hasColumn('group_id', 'integer', 8, array('primary' => true)); 40 $this->hasColumn('resource', 'string', 200, array('primary' => true)); 41 $this->hasColumn('permission', 'string', 200, array('primary' => true)); 42 $this->hasColumn('allow', 'boolean', null, array('notnull' => true)); 43 43 } 44 44 … … 46 46 { 47 47 $this->hasOne('Sensei_Group as Group', 48 'Sensei_Acl_GroupAccess.group Id');48 'Sensei_Acl_GroupAccess.group_id'); 49 49 $this->hasOne('Sensei_Acl_Resource as Resource', 50 50 'Sensei_Acl_GroupAccess.resource'); /trunk/lib/Sensei/Acl/ResourcePermission.php
r13 r29 33 33 * @since 1.0 34 34 */ 35 class Sensei_Acl_ResourcePermission extends Doctrine_Record35 class Sensei_Acl_ResourcePermission extends Sensei_Record 36 36 { 37 37 public function setTableDefinition() /trunk/lib/Sensei/Acl/UserAccess.php
r17 r29 33 33 * @since 1.0 34 34 */ 35 class Sensei_Acl_UserAccess extends Doctrine_Record35 class Sensei_Acl_UserAccess extends Sensei_Record 36 36 { 37 37 public function setTableDefinition() 38 38 { 39 $this->hasColumn('user_id', 'integer', 8, array('primary' => true)); 40 $this->hasColumn('resource', 'string', 200, array('primary' => true)); 41 $this->hasColumn('permission', 'string', 200, array('primary' => true)); 39 42 $this->hasColumn('allow', 'boolean', null, array('notnull' => true)); 40 $this->hasColumn('userId', 'integer', 8, array('notnull' => true));41 $this->hasColumn('resource', 'string', 200, array('notnull' => true));42 $this->hasColumn('permission', 'string', 200, array('notnull' => true));43 44 $this->index('resource', array('fields' => 'resource'));45 $this->index('permission', array('fields' => 'permission'));46 43 } 47 44 … … 49 46 { 50 47 $this->hasOne('Sensei_Acl_User as User', 51 'Sensei_Acl_UserAccess.user Id');48 'Sensei_Acl_UserAccess.user_id'); 52 49 $this->hasOne('Sensei_Acl_Resource as Resource', 53 50 'Sensei_Acl_UserAccessModel.resource'); /trunk/lib/Sensei/Acl/Resource.php
r17 r29 33 33 * @since 1.0 34 34 */ 35 require_once(dirname(__FILE__) . '/Permission.php'); 36 require_once(dirname(__FILE__) . '/ResourcePermission.php'); 37 class Sensei_Acl_Resource extends Doctrine_Record 35 class Sensei_Acl_Resource extends Sensei_Record 38 36 { 39 37 public function setTableDefinition() /trunk/lib/Sensei/Acl/Permission.php
r17 r29 33 33 * @since 1.0 34 34 */ 35 class Sensei_Acl_Permission extends Doctrine_Record35 class Sensei_Acl_Permission extends Sensei_Record 36 36 { 37 37 public function setTableDefinition() /trunk/lib/Sensei/TagMap.php
r19 r29 32 32 * @since 1.0 33 33 */ 34 class Sensei_TagMap extends Doctrine_Record34 class Sensei_TagMap extends Sensei_Record 35 35 { 36 36 public function setTableDefinition() /trunk/lib/Sensei/Manager.php
r20 r28 49 49 * returns the service for given name and connection 50 50 * 51 * @return object51 * @return Sensei_Service 52 52 */ 53 53 public function getService($serviceName, Doctrine_Connection $connection) … … 72 72 return $this->services[$serviceName][$connName]; 73 73 } 74 /** 75 * getRecordService 76 * 77 * @param Doctrine_Record $record 78 * @param string $serviceName 79 * @return Sensei_Service 80 */ 81 public function getRecordService(Doctrine_Record $record, $serviceName = null) 82 { 83 $table = $record->getTable(); 84 85 86 return $this->getService($e[1], $table->getConnection()); 87 } 88 /** 89 * service 90 * 91 * @return Sensei_Service 92 */ 93 public static function service($serviceName = null, $component) 94 { 95 if ($component instanceof Doctrine_Connection) { 96 $conn = $component; 97 } elseif ($component instanceof Doctrine_Record) { 98 $conn = $component->getTable()->getConnection(); 99 if ($serviceName === null) { 100 $e = explode('_', $table->getComponentName()); 101 102 if ( ! isset($e[1])) { 103 throw new Sensei_Exception("Couldn't get service."); 104 } 105 106 } elseif ($component instanceof Doctrine_Table) { 107 $conn = $component->getConnection(); 108 } 109 110 return self::getInstance()->getRecordService($component, $serviceName); 111 } 112 74 113 /** 75 114 * getInstance /trunk/lib/Sensei/GroupUser.php
r13 r29 32 32 * @since 1.0 33 33 */ 34 class Sensei_GroupUser 34 class Sensei_GroupUser extends Sensei_Record 35 35 { 36 36 public function setTableDefinition() 37 37 { 38 $this->hasColumn('user Id', 'integer', 8, array('notnull' => true));39 $this->hasColumn('group Id', 'integer', 8, array('notnull' => true));38 $this->hasColumn('user_id', 'integer', 8, array('notnull' => true)); 39 $this->hasColumn('group_id', 'integer', 8, array('notnull' => true)); 40 40 } 41 41 /trunk/lib/Sensei/Tag.php
r19 r29 32 32 * @since 1.0 33 33 */ 34 class Sensei_Tag extends Doctrine_Record34 class Sensei_Tag extends Sensei_Record 35 35 { 36 36 public function setTableDefinition() /trunk/lib/Sensei/Group.php
r17 r29 32 32 * @since 1.0 33 33 */ 34 class Sensei_Group extends Doctrine_Record34 class Sensei_Group extends Sensei_Record 35 35 { 36 36 public function setTableDefinition() … … 42 42 public function setUp() 43 43 { 44 $this->hasMany('Sensei_Acl_GroupAccess as Accesses', 'Sensei_Acl_GroupAccess.group Id');45 $this->hasMany('Sensei_User as Users', 'Sensei_GroupUser.user Id');44 $this->hasMany('Sensei_Acl_GroupAccess as Accesses', 'Sensei_Acl_GroupAccess.group_id'); 45 $this->hasMany('Sensei_User as Users', 'Sensei_GroupUser.user_id'); 46 46 } 47 47 /trunk/lib/Sensei/User.php
r17 r29 32 32 * @since 1.0 33 33 */ 34 class Sensei_User extends Doctrine_Record34 class Sensei_User extends Sensei_Record 35 35 { 36 36 public function setTableDefinition() … … 44 44 public function setUp() 45 45 { 46 $this->hasMany('Sensei_Group as Groups', 'Sensei_GroupUser.group Id');46 $this->hasMany('Sensei_Group as Groups', 'Sensei_GroupUser.group_id'); 47 47 } 48 48 … … 58 58 public function hasAccess($resource, $permission) 59 59 { 60 /** 61 * FIXME: Related data should be automatically loaded. 62 */ 60 $acl = $this->service('acl'); 61 63 62 if ( ! isset($this->Accesses) || ! isset($this->Group)) { 64 throw new Sensei_Exception('Related data not loaded.');63 $acl->fetchUserAccesses($this); 65 64 } 66 65 66 $globalResourceAccess = null; 67 $globalPermissionAccess = null; 67 68 $globalAccess = null; 69 70 $defPerm = $acl->getAttribute(Sensei_Acl::ATTR_DEFAULT_PERMISSION); 71 $defRes = $acl->getAttribute(Sensei_Acl::ATTR_DEFAULT_RESOURCE); 68 72 69 73 foreach ($this->Accesses as $access) { … … 71 75 if ($access->permission === $permission) { 72 76 return $access->allow; 73 } elseif ($access->permission === 'all') {74 $global Access = $access->allow;77 } elseif ($access->permission === $defPerm) { 78 $globalPermissionAccess = $access->allow; 75 79 } 76 } elseif ($access->resource === 'all') { 77 if ($access->permission === $permission || 78 $access->permission === 'all') { 80 } elseif ($access->resource === $defRes) { 81 if ($access->permission === $permission) { 82 $globalResourceAccess = null; 83 } elseif ($access->permission === $defPerm) { 79 84 $globalAccess = $access->allow; 80 85 } … … 82 87 } 83 88 84 if ($globalAccess !== null) { 89 if ($globalResourceAccess !== null) { 90 return $globalResourceAccess; 91 } elseif ($globalPermissionAccess !== null) { 92 return $globalPermissionAccess; 93 } elseif ($globalAccess !== null) { 85 94 return $globalAccess; 86 95 } 87 96 97 /* FIXME: How to differentiate between a deny rule and no rule at all? 98 * Also allow > deny */ 88 99 foreach ($this->Group as $group) { 89 100 if ($ret = $this->Group->hasAccess($resource, $permission)) { … … 128 139 * @param string $resource name of the resource 129 140 * @param string $permission name of the permission 141 * @param boolean $allow defines whether this user has access to 142 * given resource with given permission or not 130 143 * @return Sensei_Acl_UserAccess 131 144 */ 132 145 protected function setAccess($resource = null, $permission = null, $allow) 133 146 { 147 $acl = $this->service('acl'); 148 134 149 if ($permission === null) { 135 $permission = 'all';150 $permission = $acl->getAttribute(Sensei_Acl::ATTR_DEFAULT_PERMISSION); 136 151 } 137 152 if ($resource === null) { 138 $resource = 'all'; 139 } 153 $resource = $acl->getAttribute(Sensei_Acl::ATTR_DEFAULT_RESOURCE); 154 } 155 156 $conn = $this->getTable()->getConnection(); 157 140 158 $query = 'FROM Sensei_Acl_UserAccess p ' 141 159 . 'WHERE p.resource = ? ' 142 160 . 'AND p.permission = ? '; 161 . 'AND p.user_id = ?'; 143 162 144 $access = $this->getTable() 145 ->getConnection() 146 ->queryOne($query, array($resource, $permission)); 163 $access = $conn->queryOne($query, array($resource, $permission, $this->id)); 164 147 165 if ( ! $access) { 148 166 $access = new Sensei_Acl_UserAccess(); … … 150 168 $access->permission = $permission; 151 169 } 170 152 171 $access->allow = $allow; 153 172 $access->save(); … … 157 176 158 177 /** 159 * Removes an access rule defined for this user related to given resource 160 * and given permission. 161 * 162 * @param string $resource 163 * @param string $permission 164 */ 165 public function removeAccess($resource, $permission) 166 { 167 178 * Removes an access rule defined for this user. 179 * 180 * @param string $resource name of the resource 181 * @param string $permission name of the permission 182 * 183 * @return boolean True on success, false otherwise. 184 */ 185 public function removeAccess($resource = null, $permission = null) 186 { 187 $acl = $this->service('acl'); 188 189 if ($permission === null) { 190 $permission = $acl->getAttribute(Sensei_Acl::ATTR_DEFAULT_PERMISSION); 191 } 192 if ($resource === null) { 193 $resource = $acl->getAttribute(Sensei_Acl::ATTR_DEFAULT_RESOURCE); 194 } 195 196 $query = new Doctrine_Query(); 197 198 $query->delete() 199 ->from('Sensei_Acl_UserAccess a ') 200 ->where('a.user_id = ? AND a.resource = ? AND a.permission = ?'); 201 202 $rows = $query->execute(array($this->id, $resource, $permission)); 203 204 return (boolean) $rows; 168 205 } 169 206 } /trunk/lib/Sensei/Acl.php
r17 r28 122 122 } 123 123 124 public function fetchUserAccess(Sensei_ Acl_User $user, $resource)124 public function fetchUserAccess(Sensei_User $user, $resource) 125 125 { 126 126 $query = new Doctrine_Query(); … … 133 133 return $query->execute(array($user->id, $resource, $resource)); 134 134 } 135 136 public function fetchUserAccesses(Sensei_User $user) 137 { 138 $query = new Doctrine_Query(); 139 $query->from('User u') 140 ->innerJoin('u.UserAccesses ua') 141 ->innerJoin('u.Group g') 142 ->innerJoin('g.GroupAccesses ga') 143 ->where('u.id = ?'); 144 145 return $query->execute(array($user->id)); 146 } 147 148 149 public function fetchGroupAccesses(Sensei_Group $group) 150 { 151 $query = new Doctrine_Query(); 152 $query->from('Group g') 153 ->innerJoin('g.GroupAccesses ga') 154 ->where('g.id = ?'); 155 156 return $query->execute(array($group->id)); 157 } 135 158 } /trunk/lib/Sensei/TextItem.php
r19 r29 32 32 * @since 1.0 33 33 */ 34 class Sensei_TextItem extends Doctrine_Record34 class Sensei_TextItem extends Sensei_Record 35 35 { 36 36 public function setTableDefinition()
