permissions
This commit is contained in:
Etienne Roudeix
92
core/lib/Thelia/Command/GenerateResources.php
Normal file
92
core/lib/Thelia/Command/GenerateResources.php
Normal file
@@ -0,0 +1,92 @@
|
||||
<?php
|
||||
/*************************************************************************************/
|
||||
/* */
|
||||
/* Thelia */
|
||||
/* */
|
||||
/* Copyright (c) OpenStudio */
|
||||
/* email : info@thelia.net */
|
||||
/* web : http://www.thelia.net */
|
||||
/* */
|
||||
/* This program is free software; you can redistribute it and/or modify */
|
||||
/* it under the terms of the GNU General Public License as published by */
|
||||
/* the Free Software Foundation; either version 3 of the License */
|
||||
/* */
|
||||
/* This program is distributed in the hope that it will be useful, */
|
||||
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
|
||||
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
|
||||
/* GNU General Public License for more details. */
|
||||
/* */
|
||||
/* You should have received a copy of the GNU General Public License */
|
||||
/* along with this program. If not, see <http://www.gnu.org/licenses/>. */
|
||||
/* */
|
||||
/*************************************************************************************/
|
||||
|
||||
namespace Thelia\Command;
|
||||
|
||||
use Symfony\Component\Console\Input\InputInterface;
|
||||
use Symfony\Component\Console\Input\InputOption;
|
||||
use Symfony\Component\Console\Output\OutputInterface;
|
||||
|
||||
use Thelia\Command\ContainerAwareCommand;
|
||||
use Thelia\Model\Admin;
|
||||
use Thelia\Model\Map\ResourceTableMap;
|
||||
|
||||
class GenerateResources extends ContainerAwareCommand
|
||||
{
|
||||
/**
|
||||
* Configure the command
|
||||
*/
|
||||
protected function configure()
|
||||
{
|
||||
$this
|
||||
->setName("thelia:generate-resources")
|
||||
->setDescription("Outputs admin resources")
|
||||
->setHelp("The <info>thelia:generate-resources</info> outputs admin resources.")
|
||||
->addOption(
|
||||
'output',
|
||||
null,
|
||||
InputOption::VALUE_OPTIONAL,
|
||||
'Output format amid (string, sql)',
|
||||
null
|
||||
)
|
||||
;
|
||||
|
||||
}
|
||||
|
||||
protected function execute(InputInterface $input, OutputInterface $output)
|
||||
{
|
||||
$class = new \ReflectionClass('Thelia\Core\Event\AdminResources');
|
||||
|
||||
$constants = $class->getConstants();
|
||||
|
||||
if(count($constants) == 0) {
|
||||
$output->writeln('No resources found');
|
||||
exit;
|
||||
}
|
||||
|
||||
switch($input->getOption("output")) {
|
||||
case 'sql':
|
||||
$output->writeln(
|
||||
'INSERT INTO ' . ResourceTableMap::TABLE_NAME . ' (`id`, `code`, `created_at`, `updated_at`) VALUES '
|
||||
);
|
||||
foreach($constants as $constant => $value) {
|
||||
if($constant == 'SUPERADMINISTRATOR') {
|
||||
continue;
|
||||
}
|
||||
$output->writeln(
|
||||
"(NULL, '$value', NOW(), NOW())" . ($constant === key( array_slice( $constants, -1, 1, TRUE ) ) ? '' : ',')
|
||||
);
|
||||
}
|
||||
break;
|
||||
default :
|
||||
foreach($constants as $constant => $value) {
|
||||
if($constant == 'SUPERADMINISTRATOR') {
|
||||
continue;
|
||||
}
|
||||
$output->writeln('[' . $constant . "] => " . $value);
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@@ -158,6 +158,7 @@
|
||||
<command class="Thelia\Command\ModuleActivateCommand"/>
|
||||
<command class="Thelia\Command\CreateAdminUser"/>
|
||||
<command class="Thelia\Command\ReloadDatabaseCommand"/>
|
||||
<command class="Thelia\Command\GenerateResources"/>
|
||||
</commands>
|
||||
|
||||
<services>
|
||||
|
||||
@@ -50,6 +50,8 @@ final class AdminResources
|
||||
}
|
||||
}
|
||||
|
||||
const SUPERADMINISTRATOR = "SUPERADMINISTRATOR";
|
||||
|
||||
const ADDRESS_VIEW = "admin.address.view";
|
||||
const ADDRESS_CREATE = "admin.address.create";
|
||||
const ADDRESS_UPDATE = "admin.address.update";
|
||||
|
||||
@@ -23,8 +23,12 @@
|
||||
|
||||
namespace Thelia\Core\Security;
|
||||
|
||||
use Propel\Runtime\ActiveQuery\Criteria;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\User\UserInterface;
|
||||
use Thelia\Core\HttpFoundation\Request;
|
||||
use Thelia\Model\ProfileQuery;
|
||||
use Thelia\Model\ProfileResourceQuery;
|
||||
|
||||
/**
|
||||
* A simple security manager, in charge of checking user
|
||||
@@ -124,6 +128,10 @@ class SecurityContext
|
||||
*/
|
||||
final public function isGranted(array $roles, array $permissions)
|
||||
{
|
||||
if (empty($permissions)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Find a user which matches the required roles.
|
||||
$user = $this->getCustomerUser();
|
||||
|
||||
@@ -135,38 +143,31 @@ class SecurityContext
|
||||
}
|
||||
}
|
||||
|
||||
if ($user != null) {
|
||||
|
||||
if (empty($permissions)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Get permissions from profile
|
||||
// $userPermissions = $user->getPermissions(); FIXME
|
||||
|
||||
// TODO: Finalize permissions system !;
|
||||
|
||||
$userPermissions = array('*'); // FIXME !
|
||||
|
||||
$permissionsFound = true;
|
||||
|
||||
// User have all permissions ?
|
||||
if (in_array('*', $userPermissions))
|
||||
return true;
|
||||
|
||||
// Check that user's permissions matches required permissions
|
||||
foreach ($permissions as $permission) {
|
||||
if (! in_array($permission, $userPermissions)) {
|
||||
$permissionsFound = false;
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return $permissionsFound;
|
||||
if (null === $user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return false;
|
||||
if( !method_exists($user, 'getProfileId') ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$userPermissions = $user->getPermissions();
|
||||
|
||||
if($userPermissions === AdminResources::SUPERADMINISTRATOR) {
|
||||
return true;
|
||||
}
|
||||
|
||||
foreach($permissions as $permission) {
|
||||
if($permission === '') {
|
||||
continue;
|
||||
}
|
||||
|
||||
if(! in_array($permission, $userPermissions)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
namespace Thelia\Model;
|
||||
|
||||
use Propel\Runtime\ActiveQuery\Criteria;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\User\UserInterface;
|
||||
use Thelia\Core\Security\Role\Role;
|
||||
|
||||
@@ -21,6 +23,28 @@ use Propel\Runtime\Connection\ConnectionInterface;
|
||||
*/
|
||||
class Admin extends BaseAdmin implements UserInterface
|
||||
{
|
||||
public function getPermissions()
|
||||
{
|
||||
$profileId = $this->getProfileId();
|
||||
|
||||
if( null === $profileId ) {
|
||||
return AdminResources::SUPERADMINISTRATOR;
|
||||
}
|
||||
|
||||
$userPermissionsQuery = ProfileResourceQuery::create()
|
||||
->joinResource("resource", Criteria::LEFT_JOIN)
|
||||
->withColumn('resource.code', 'code')
|
||||
->filterByProfileId($profileId)
|
||||
->find();
|
||||
|
||||
$userPermissions = array();
|
||||
foreach($userPermissionsQuery as $userPermission) {
|
||||
$userPermissions[] = $userPermission->getVirtualColumn('code');
|
||||
}
|
||||
|
||||
return $userPermissions;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
|
||||
@@ -150,7 +150,7 @@ class ResourceTableMap extends TableMap
|
||||
$this->setUseIdGenerator(true);
|
||||
// columns
|
||||
$this->addPrimaryKey('ID', 'Id', 'INTEGER', true, null, null);
|
||||
$this->addColumn('CODE', 'Code', 'VARCHAR', true, 30, null);
|
||||
$this->addColumn('CODE', 'Code', 'VARCHAR', true, 255, null);
|
||||
$this->addColumn('CREATED_AT', 'CreatedAt', 'TIMESTAMP', false, null, null);
|
||||
$this->addColumn('UPDATED_AT', 'UpdatedAt', 'TIMESTAMP', false, null, null);
|
||||
} // initialize()
|
||||
|
||||
Reference in New Issue
Block a user