Gentics Portal.Node PHP API
 All Classes Namespaces Functions Variables Pages
AuthItemController.php
1 <?php
2 /**
3 * Rights authorization item controller class file.
4 *
5 * @author Christoffer Niska <cniska@live.com>
6 * @copyright Copyright &copy; 2010 Christoffer Niska
7 * @since 0.5
8 */
10 {
11  /**
12  * @property RAuthorizer
13  */
14  private $_authorizer;
15  /**
16  * @property CAuthItem the currently loaded data model instance.
17  */
18  private $_model;
19 
20  /**
21  * Initializes the controller.
22  */
23  public function init()
24  {
25  $this->_authorizer = $this->module->getAuthorizer();
26  $this->layout = $this->module->layout;
27  $this->defaultAction = 'permissions';
28 
29  // Register the scripts
30  $this->module->registerScripts();
31  }
32 
33  /**
34  * @return array action filters
35  */
36  public function filters()
37  {
38  return array(
39  'accessControl'
40  );
41  }
42 
43  /**
44  * Specifies the access control rules.
45  * This method is used by the 'accessControl' filter.
46  * @return array access control rules
47  */
48  public function accessRules()
49  {
50  return array(
51  array('allow', // Allow superusers to access Rights
52  'actions'=>array(
53  'permissions',
54  'operations',
55  'tasks',
56  'roles',
57  'generate',
58  'create',
59  'update',
60  'delete',
61  'removeChild',
62  'assign',
63  'revoke',
64  'sortable',
65  ),
66  'users'=>$this->_authorizer->getSuperusers(),
67  ),
68  array('deny', // Deny all users
69  'users'=>array('*'),
70  ),
71  );
72  }
73 
74  /**
75  * Displays the permission overview.
76  */
77  public function actionPermissions()
78  {
79  $dataProvider = new RPermissionDataProvider('permissions');
80 
81  // Get the roles from the data provider
82  $roles = $dataProvider->getRoles();
83  $roleColumnWidth = $roles!==array() ? 75/count($roles) : 0;
84 
85  // Initialize the columns
86  $columns = array(
87  array(
88  'name'=>'description',
89  'header'=>Rights::t('core', 'Item'),
90  'type'=>'raw',
91  'htmlOptions'=>array(
92  'class'=>'permission-column',
93  'style'=>'width:25%',
94  ),
95  ),
96  );
97 
98  // Add a column for each role
99  foreach( $roles as $roleName=>$role )
100  {
101  $columns[] = array(
102  'name'=>strtolower($roleName),
103  'header'=>$role->getNameText(),
104  'type'=>'raw',
105  'htmlOptions'=>array(
106  'class'=>'role-column',
107  'style'=>'width:'.$roleColumnWidth.'%',
108  ),
109  );
110  }
111 
112  $view = 'permissions';
113  $params = array(
114  'dataProvider'=>$dataProvider,
115  'columns'=>$columns,
116  );
117 
118  // Render the view
119  isset($_POST['ajax'])===true ? $this->renderPartial($view, $params) : $this->render($view, $params);
120  }
121 
122  /**
123  * Displays the operation management page.
124  */
125  public function actionOperations()
126  {
127  Yii::app()->user->rightsReturnUrl = array('authItem/operations');
128 
129  $dataProvider = new RAuthItemDataProvider('operations', array(
130  'type'=>CAuthItem::TYPE_OPERATION,
131  'sortable'=>array(
132  'id'=>'RightsOperationTableSort',
133  'element'=>'.operation-table',
134  'url'=>$this->createUrl('authItem/sortable'),
135  ),
136  ));
137 
138  // Render the view
139  $this->render('operations', array(
140  'dataProvider'=>$dataProvider,
141  'isBizRuleEnabled'=>$this->module->enableBizRule,
142  'isBizRuleDataEnabled'=>$this->module->enableBizRuleData,
143  ));
144  }
145 
146  /**
147  * Displays the operation management page.
148  */
149  public function actionTasks()
150  {
151  Yii::app()->user->rightsReturnUrl = array('authItem/tasks');
152 
153  $dataProvider = new RAuthItemDataProvider('tasks', array(
154  'type'=>CAuthItem::TYPE_TASK,
155  'sortable'=>array(
156  'id'=>'RightsTaskTableSort',
157  'element'=>'.task-table',
158  'url'=>$this->createUrl('authItem/sortable'),
159  ),
160  ));
161 
162  // Render the view
163  $this->render('tasks', array(
164  'dataProvider'=>$dataProvider,
165  'isBizRuleEnabled'=>$this->module->enableBizRule,
166  'isBizRuleDataEnabled'=>$this->module->enableBizRuleData,
167  ));
168  }
169 
170  /**
171  * Displays the role management page.
172  */
173  public function actionRoles()
174  {
175  Yii::app()->user->rightsReturnUrl = array('authItem/roles');
176 
177  $dataProvider = new RAuthItemDataProvider('roles', array(
178  'type'=>CAuthItem::TYPE_ROLE,
179  'sortable'=>array(
180  'id'=>'RightsRoleTableSort',
181  'element'=>'.role-table',
182  'url'=>$this->createUrl('authItem/sortable'),
183  ),
184  ));
185 
186  // Render the view
187  $this->render('roles', array(
188  'dataProvider'=>$dataProvider,
189  'isBizRuleEnabled'=>$this->module->enableBizRule,
190  'isBizRuleDataEnabled'=>$this->module->enableBizRuleData,
191  ));
192  }
193 
194  /**
195  * Displays the generator page.
196  */
197  public function actionGenerate()
198  {
199  // Get the generator and authorizer
200  $generator = $this->module->getGenerator();
201 
202  // Createh the form model
203  $model = new GenerateForm();
204 
205  // Form has been submitted
206  if( isset($_POST['GenerateForm'])===true )
207  {
208  // Form is valid
209  $model->attributes = $_POST['GenerateForm'];
210  if( $model->validate()===true )
211  {
212  $items = array(
213  'tasks'=>array(),
214  'operations'=>array(),
215  );
216 
217  // Get the chosen items
218  foreach( $model->items as $itemname=>$value )
219  {
220  if( (bool)$value===true )
221  {
222  if( strpos($itemname, '*')!==false )
223  $items['tasks'][] = $itemname;
224  else
225  $items['operations'][] = $itemname;
226  }
227  }
228 
229  // Add the items to the generator as tasks and operations and run the generator.
230  $generator->addItems($items['tasks'], CAuthItem::TYPE_TASK);
231  $generator->addItems($items['operations'], CAuthItem::TYPE_OPERATION);
232  if( ($generatedItems = $generator->run())!==false && $generatedItems!==array() )
233  {
234  Yii::app()->getUser()->setFlash($this->module->flashSuccessKey,
235  Rights::t('core', 'Authorization items created.')
236  );
237  $this->redirect(array('authItem/permissions'));
238  }
239  }
240  }
241 
242  // Get all items that are available to be generated
243  $items = $generator->getControllerActions();
244 
245  // We need the existing operations for comparason
246  $authItems = $this->_authorizer->getAuthItems(array(
247  CAuthItem::TYPE_TASK,
248  CAuthItem::TYPE_OPERATION,
249  ));
250  $existingItems = array();
251  foreach( $authItems as $itemName=>$item )
252  $existingItems[ $itemName ] = $itemName;
253 
254  Yii::app()->clientScript->registerScript('rightsGenerateItemTableSelectRows',
255  "jQuery('.generate-item-table').rightsSelectRows();"
256  );
257 
258  // Render the view
259  $this->render('generate', array(
260  'model'=>$model,
261  'items'=>$items,
262  'existingItems'=>$existingItems,
263  ));
264  }
265 
266  /**
267  * Creates an authorization item.
268  * @todo add type validation.
269  */
270  public function actionCreate()
271  {
272  $type = $this->getType();
273 
274  // Create the authorization item form
275  $formModel = new AuthItemForm('create');
276 
277  if( isset($_POST['AuthItemForm'])===true )
278  {
279  $formModel->attributes = $_POST['AuthItemForm'];
280  if( $formModel->validate()===true )
281  {
282  // Create the item
283  $item = $this->_authorizer->createAuthItem($formModel->name, $type, $formModel->description, $formModel->bizRule, $formModel->data);
284  $item = $this->_authorizer->attachAuthItemBehavior($item);
285 
286  // Set a flash message for creating the item
287  Yii::app()->user->setFlash($this->module->flashSuccessKey,
288  Rights::t('core', ':name created.', array(':name'=>$item->getNameText()))
289  );
290 
291  // Redirect to the correct destination
292  $this->redirect(Yii::app()->user->getRightsReturnUrl(array('authItem/permissions')));
293  }
294  }
295 
296  // Render the view
297  $this->render('create', array(
298  'formModel'=>$formModel,
299  ));
300  }
301 
302  /**
303  * Updates an authorization item.
304  */
305  public function actionUpdate()
306  {
307  // Get the authorization item
308  $model = $this->loadModel();
309  $itemName = $model->getName();
310 
311  // Create the authorization item form
312  $formModel = new AuthItemForm('update');
313 
314  if( isset($_POST['AuthItemForm'])===true )
315  {
316  $formModel->attributes = $_POST['AuthItemForm'];
317  if( $formModel->validate()===true )
318  {
319  // Update the item and load it
320  $this->_authorizer->updateAuthItem($itemName, $formModel->name, $formModel->description, $formModel->bizRule, $formModel->data);
321  $item = $this->_authorizer->authManager->getAuthItem($formModel->name);
322  $item = $this->_authorizer->attachAuthItemBehavior($item);
323 
324  // Set a flash message for updating the item
325  Yii::app()->user->setFlash($this->module->flashSuccessKey,
326  Rights::t('core', ':name updated.', array(':name'=>$item->getNameText()))
327  );
328 
329  // Redirect to the correct destination
330  $this->redirect(Yii::app()->user->getRightsReturnUrl(array('authItem/permissions')));
331  }
332  }
333 
334  $type = Rights::getValidChildTypes($model->type);
335  $exclude = array($this->module->superuserName);
336  $childSelectOptions = Rights::getParentAuthItemSelectOptions($model, $type, $exclude);
337 
338  if( $childSelectOptions!==array() )
339  {
340  $childFormModel = new AuthChildForm();
341 
342  // Child form is submitted and data is valid
343  if( isset($_POST['AuthChildForm'])===true )
344  {
345  $childFormModel->attributes = $_POST['AuthChildForm'];
346  if( $childFormModel->validate()===true )
347  {
348  // Add the child and load it
349  $this->_authorizer->authManager->addItemChild($itemName, $childFormModel->itemname);
350  $child = $this->_authorizer->authManager->getAuthItem($childFormModel->itemname);
351  $child = $this->_authorizer->attachAuthItemBehavior($child);
352 
353  // Set a flash message for adding the child
354  Yii::app()->user->setFlash($this->module->flashSuccessKey,
355  Rights::t('core', 'Child :name added.', array(':name'=>$child->getNameText()))
356  );
357 
358  // Reidrect to the same page
359  $this->redirect(array('authItem/update', 'name'=>urlencode($itemName)));
360  }
361  }
362  }
363  else
364  {
365  $childFormModel = null;
366  }
367 
368  // Set the values for the form fields
369  $formModel->name = $model->name;
370  $formModel->description = $model->description;
371  $formModel->type = $model->type;
372  $formModel->bizRule = $model->bizRule!=='NULL' ? $model->bizRule : '';
373  $formModel->data = $model->data!==null ? serialize($model->data) : '';
374 
375  $parentDataProvider = new RAuthItemParentDataProvider($model);
376  $childDataProvider = new RAuthItemChildDataProvider($model);
377 
378  // Render the view
379  $this->render('update', array(
380  'model'=>$model,
381  'formModel'=>$formModel,
382  'childFormModel'=>$childFormModel,
383  'childSelectOptions'=>$childSelectOptions,
384  'parentDataProvider'=>$parentDataProvider,
385  'childDataProvider'=>$childDataProvider,
386  ));
387  }
388 
389  /**
390  * Deletes an operation.
391  */
392  public function actionDelete()
393  {
394  // We only allow deletion via POST request
395  if( Yii::app()->request->isPostRequest===true )
396  {
397  $itemName = $this->getItemName();
398 
399  // Load the item and save the name for later use
400  $item = $this->_authorizer->authManager->getAuthItem($itemName);
401  $item = $this->_authorizer->attachAuthItemBehavior($item);
402 
403  // Delete the item
404  $this->_authorizer->authManager->removeAuthItem($itemName);
405 
406  // Set a flash message for deleting the item
407  Yii::app()->user->setFlash($this->module->flashSuccessKey,
408  Rights::t('core', ':name deleted.', array(':name'=>$item->getNameText()))
409  );
410 
411  // If AJAX request, we should not redirect the browser
412  if( isset($_POST['ajax'])===false )
413  $this->redirect(Yii::app()->user->getRightsReturnUrl(array('authItem/permissions')));
414  }
415  else
416  {
417  throw new CHttpException(400, Rights::t('core', 'Invalid request. Please do not repeat this request again.'));
418  }
419  }
420 
421  /**
422  * Removes a child from an authorization item.
423  */
424  public function actionRemoveChild()
425  {
426  // We only allow deletion via POST request
427  if( Yii::app()->request->isPostRequest===true )
428  {
429  $itemName = $this->getItemName();
430  $childName = $this->getChildName();
431 
432  // Remove the child and load it
433  $this->_authorizer->authManager->removeItemChild($itemName, $childName);
434  $child = $this->_authorizer->authManager->getAuthItem($childName);
435  $child = $this->_authorizer->attachAuthItemBehavior($child);
436 
437  // Set a flash message for removing the child
438  Yii::app()->user->setFlash($this->module->flashSuccessKey,
439  Rights::t('core', 'Child :name removed.', array(':name'=>$child->getNameText()))
440  );
441 
442  // If AJAX request, we should not redirect the browser
443  if( isset($_POST['ajax'])===false )
444  $this->redirect(array('authItem/update', 'name'=>urlencode($itemName)));
445  }
446  else
447  {
448  throw new CHttpException(400, Rights::t('core', 'Invalid request. Please do not repeat this request again.'));
449  }
450  }
451 
452  /**
453  * Adds a child to an authorization item.
454  */
455  public function actionAssign()
456  {
457  // We only allow deletion via POST request
458  if( Yii::app()->request->isPostRequest===true )
459  {
460  $model = $this->loadModel();
461  $childName = $this->getChildName();
462 
463  if( $childName!==null && $model->hasChild($childName)===false )
464  $model->addChild($childName);
465 
466  // if AJAX request, we should not redirect the browser
467  if( isset($_POST['ajax'])===false )
468  $this->redirect(array('authItem/permissions'));
469  }
470  else
471  {
472  throw new CHttpException(400, Rights::t('core', 'Invalid request. Please do not repeat this request again.'));
473  }
474  }
475 
476  /**
477  * Removes a child from an authorization item.
478  */
479  public function actionRevoke()
480  {
481  // We only allow deletion via POST request
482  if( Yii::app()->request->isPostRequest===true )
483  {
484  $model = $this->loadModel();
485  $childName = $this->getChildName();
486 
487  if( $childName!==null && $model->hasChild($childName)===true )
488  $model->removeChild($childName);
489 
490  // if AJAX request, we should not redirect the browser
491  if( isset($_POST['ajax'])===false )
492  $this->redirect(array('authItem/permissions'));
493  }
494  else
495  {
496  throw new CHttpException(400, Rights::t('core', 'Invalid request. Please do not repeat this request again.'));
497  }
498  }
499 
500  /**
501  * Processes the jui sortable.
502  */
503  public function actionSortable()
504  {
505  // We only allow sorting via POST request
506  if( Yii::app()->request->isPostRequest===true )
507  {
508  $this->_authorizer->authManager->updateItemWeight($_POST['result']);
509  }
510  else
511  {
512  throw new CHttpException(400, Rights::t('core', 'Invalid request. Please do not repeat this request again.'));
513  }
514  }
515 
516  /**
517  * @return string the item name or null if not set.
518  */
519  public function getItemName()
520  {
521  return isset($_GET['name'])===true ? urldecode($_GET['name']) : null;
522  }
523 
524  /**
525  * @return string the child name or null if not set.
526  */
527  public function getChildName()
528  {
529  return isset($_GET['child'])===true ? urldecode($_GET['child']) : null;
530  }
531 
532  /**
533  * Returns the authorization item type after validation.
534  * @return int the type.
535  */
536  public function getType()
537  {
538  $type = $_GET['type'];
539  $validTypes = array(CAuthItem::TYPE_OPERATION, CAuthItem::TYPE_TASK, CAuthItem::TYPE_ROLE);
540  if( in_array($type, $validTypes)===true )
541  return $type;
542  else
543  throw new CException(Rights::t('core', 'Invalid authorization item type.'));
544  }
545 
546  /**
547  * Returns the data model based on the primary key given in the GET variable.
548  * If the data model is not found, an HTTP exception will be raised.
549  */
550  public function loadModel()
551  {
552  if( $this->_model===null )
553  {
554  $itemName = $this->getItemName();
555 
556  if( $itemName!==null )
557  {
558  $this->_model = $this->_authorizer->authManager->getAuthItem($itemName);
559  $this->_model = $this->_authorizer->attachAuthItemBehavior($this->_model);
560  }
561 
562  if( $this->_model===null )
563  throw new CHttpException(404, Rights::t('core', 'The requested page does not exist.'));
564  }
565 
566  return $this->_model;
567  }
568 }