TheCoreDev/sterivein
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

permissions

Browse Source
This commit is contained in:
Etienne Roudeix
2013-10-21 19:11:42 +02:00
parent abe45c5798
commit d13434bb08
9 changed files with 251 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
core/lib/Thelia/Command/GenerateResources.php Normal file
View File

@@ -0,0 +1,92 @@
<?php
/*************************************************************************************/
/* */
/* Thelia */
/* */
/* Copyright (c) OpenStudio */
/* email : info@thelia.net */
/* web : http://www.thelia.net */
/* */
/* This program is free software; you can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 3 of the License */
/* */
/* This program is distributed in the hope that it will be useful, */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
/* GNU General Public License for more details. */
/* */
/* You should have received a copy of the GNU General Public License */
/* along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* */
/*************************************************************************************/
namespace Thelia\Command;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\OutputInterface;
use Thelia\Command\ContainerAwareCommand;
use Thelia\Model\Admin;
use Thelia\Model\Map\ResourceTableMap;
class GenerateResources extends ContainerAwareCommand
{
/**
* Configure the command
*/
protected function configure()
{
$this
->setName("thelia:generate-resources")
->setDescription("Outputs admin resources")
->setHelp("The <info>thelia:generate-resources</info> outputs admin resources.")
->addOption(
'output',
null,
InputOption::VALUE_OPTIONAL,
'Output format amid (string, sql)',
null
)
;
}
protected function execute(InputInterface $input, OutputInterface $output)
{
$class = new \ReflectionClass('Thelia\Core\Event\AdminResources');
$constants = $class->getConstants();
if(count($constants) == 0) {
$output->writeln('No resources found');
exit;
}
switch($input->getOption("output")) {
case 'sql':
$output->writeln(
'INSERT INTO ' . ResourceTableMap::TABLE_NAME . ' (`id`, `code`, `created_at`, `updated_at`) VALUES '
);
foreach($constants as $constant => $value) {
if($constant == 'SUPERADMINISTRATOR') {
continue;
}
$output->writeln(
"(NULL, '$value', NOW(), NOW())" . ($constant === key( array_slice( $constants, -1, 1, TRUE ) ) ? '' : ',')
);
}
break;
default :
foreach($constants as $constant => $value) {
if($constant == 'SUPERADMINISTRATOR') {
continue;
}
$output->writeln('[' . $constant . "] => " . $value);
}
break;
}
}
}

1
core/lib/Thelia/Config/Resources/config.xml
View File

@@ -158,6 +158,7 @@
<command class="Thelia\Command\ModuleActivateCommand"/> <command class="Thelia\Command\ModuleActivateCommand"/>
<command class="Thelia\Command\CreateAdminUser"/> <command class="Thelia\Command\CreateAdminUser"/>
<command class="Thelia\Command\ReloadDatabaseCommand"/> <command class="Thelia\Command\ReloadDatabaseCommand"/>
<command class="Thelia\Command\GenerateResources"/>
</commands> </commands>
<services> <services>

2
core/lib/Thelia/Core/Security/Resource/AdminResources.php
View File

@@ -50,6 +50,8 @@ final class AdminResources
} }
} }
const SUPERADMINISTRATOR = "SUPERADMINISTRATOR";
const ADDRESS_VIEW = "admin.address.view"; const ADDRESS_VIEW = "admin.address.view";
const ADDRESS_CREATE = "admin.address.create"; const ADDRESS_CREATE = "admin.address.create";
const ADDRESS_UPDATE = "admin.address.update"; const ADDRESS_UPDATE = "admin.address.update";

61
core/lib/Thelia/Core/Security/SecurityContext.php
View File

@@ -23,8 +23,12 @@
namespace Thelia\Core\Security; namespace Thelia\Core\Security;
use Propel\Runtime\ActiveQuery\Criteria;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\User\UserInterface; use Thelia\Core\Security\User\UserInterface;
use Thelia\Core\HttpFoundation\Request; use Thelia\Core\HttpFoundation\Request;
use Thelia\Model\ProfileQuery;
use Thelia\Model\ProfileResourceQuery;
/** /**
* A simple security manager, in charge of checking user * A simple security manager, in charge of checking user
@@ -124,6 +128,10 @@ class SecurityContext
*/ */
final public function isGranted(array $roles, array $permissions) final public function isGranted(array $roles, array $permissions)
{ {
if (empty($permissions)) {
return true;
}
// Find a user which matches the required roles. // Find a user which matches the required roles.
$user = $this->getCustomerUser(); $user = $this->getCustomerUser();
@@ -135,38 +143,31 @@ class SecurityContext
} }
} }
if ($user != null) { if (null === $user) {
return false;
if (empty($permissions)) {
return true;
}
// Get permissions from profile
// $userPermissions = $user->getPermissions(); FIXME
// TODO: Finalize permissions system !;
$userPermissions = array('*'); // FIXME !
$permissionsFound = true;
// User have all permissions ?
if (in_array('*', $userPermissions))
return true;
// Check that user's permissions matches required permissions
foreach ($permissions as $permission) {
if (! in_array($permission, $userPermissions)) {
$permissionsFound = false;
break;
}
}
return $permissionsFound;
} }
return false; if( !method_exists($user, 'getProfileId') ) {
return false;
}
$userPermissions = $user->getPermissions();
if($userPermissions === AdminResources::SUPERADMINISTRATOR) {
return true;
}
foreach($permissions as $permission) {
if($permission === '') {
continue;
}
if(! in_array($permission, $userPermissions)) {
return false;
}
}
return true;
} }
/** /**

24
core/lib/Thelia/Model/Admin.php
View File

@@ -2,6 +2,8 @@
namespace Thelia\Model; namespace Thelia\Model;
use Propel\Runtime\ActiveQuery\Criteria;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\User\UserInterface; use Thelia\Core\Security\User\UserInterface;
use Thelia\Core\Security\Role\Role; use Thelia\Core\Security\Role\Role;
@@ -21,6 +23,28 @@ use Propel\Runtime\Connection\ConnectionInterface;
*/ */
class Admin extends BaseAdmin implements UserInterface class Admin extends BaseAdmin implements UserInterface
{ {
public function getPermissions()
{
$profileId = $this->getProfileId();
if( null === $profileId ) {
return AdminResources::SUPERADMINISTRATOR;
}
$userPermissionsQuery = ProfileResourceQuery::create()
->joinResource("resource", Criteria::LEFT_JOIN)
->withColumn('resource.code', 'code')
->filterByProfileId($profileId)
->find();
$userPermissions = array();
foreach($userPermissionsQuery as $userPermission) {
$userPermissions[] = $userPermission->getVirtualColumn('code');
}
return $userPermissions;
}
/** /**
* {@inheritDoc} * {@inheritDoc}
*/ */

2
core/lib/Thelia/Model/Map/ResourceTableMap.php
View File

@@ -150,7 +150,7 @@ class ResourceTableMap extends TableMap
$this->setUseIdGenerator(true); $this->setUseIdGenerator(true);
// columns // columns
$this->addPrimaryKey('ID', 'Id', 'INTEGER', true, null, null); $this->addPrimaryKey('ID', 'Id', 'INTEGER', true, null, null);
$this->addColumn('CODE', 'Code', 'VARCHAR', true, 30, null); $this->addColumn('CODE', 'Code', 'VARCHAR', true, 255, null);
$this->addColumn('CREATED_AT', 'CreatedAt', 'TIMESTAMP', false, null, null); $this->addColumn('CREATED_AT', 'CreatedAt', 'TIMESTAMP', false, null, null);
$this->addColumn('UPDATED_AT', 'UpdatedAt', 'TIMESTAMP', false, null, null); $this->addColumn('UPDATED_AT', 'UpdatedAt', 'TIMESTAMP', false, null, null);
} // initialize() } // initialize()

98
install/insert.sql
View File

@@ -1191,3 +1191,101 @@ INSERT INTO `order_status_i18n` (`id`, `locale`, `title`, `description`, `chapo`
(4, 'fr_FR', 'Envoyée', '', '', ''), (4, 'fr_FR', 'Envoyée', '', '', ''),
(5, 'en_US', 'Canceled', '', '', ''), (5, 'en_US', 'Canceled', '', '', ''),
(5, 'fr_FR', 'Annulée', '', '', ''); (5, 'fr_FR', 'Annulée', '', '', '');
/**
generated with command : php Thelia thelia:generate-resources --output sql
*/
INSERT INTO resource (`id`, `code`, `created_at`, `updated_at`) VALUES
(NULL, 'admin.address.view', NOW(), NOW()),
(NULL, 'admin.address.create', NOW(), NOW()),
(NULL, 'admin.address.update', NOW(), NOW()),
(NULL, 'admin.address.delete', NOW(), NOW()),
(NULL, 'admin.configuration.admin.view', NOW(), NOW()),
(NULL, 'admin.configuration.admin.create', NOW(), NOW()),
(NULL, 'admin.configuration.admin.update', NOW(), NOW()),
(NULL, 'admin.configuration.admin.delete', NOW(), NOW()),
(NULL, 'admin.configuration.area.view', NOW(), NOW()),
(NULL, 'admin.configuration.area.create', NOW(), NOW()),
(NULL, 'admin.configuration.area.update', NOW(), NOW()),
(NULL, 'admin.configuration.area.delete', NOW(), NOW()),
(NULL, 'admin.configuration.attribute.view', NOW(), NOW()),
(NULL, 'admin.configuration.attribute.create', NOW(), NOW()),
(NULL, 'admin.configuration.attribute.update', NOW(), NOW()),
(NULL, 'admin.configuration.attribute.delete', NOW(), NOW()),
(NULL, 'admin.category.view', NOW(), NOW()),
(NULL, 'admin.category.create', NOW(), NOW()),
(NULL, 'admin.category.update', NOW(), NOW()),
(NULL, 'admin.category.delete', NOW(), NOW()),
(NULL, 'admin.configuration.view', NOW(), NOW()),
(NULL, 'admin.configuration.create', NOW(), NOW()),
(NULL, 'admin.configuration.update', NOW(), NOW()),
(NULL, 'admin.configuration.delete', NOW(), NOW()),
(NULL, 'admin.content.view', NOW(), NOW()),
(NULL, 'admin.content.create', NOW(), NOW()),
(NULL, 'admin.content.update', NOW(), NOW()),
(NULL, 'admin.content.delete', NOW(), NOW()),
(NULL, 'admin.configuration.country.view', NOW(), NOW()),
(NULL, 'admin.configuration.country.create', NOW(), NOW()),
(NULL, 'admin.configuration.country.update', NOW(), NOW()),
(NULL, 'admin.configuration.country.delete', NOW(), NOW()),
(NULL, 'admin.coupon.view', NOW(), NOW()),
(NULL, 'admin.coupon.create', NOW(), NOW()),
(NULL, 'admin.coupon.update', NOW(), NOW()),
(NULL, 'admin.coupon.delete', NOW(), NOW()),
(NULL, 'admin.configuration.currency.view', NOW(), NOW()),
(NULL, 'admin.configuration.currency.create', NOW(), NOW()),
(NULL, 'admin.configuration.currency.update', NOW(), NOW()),
(NULL, 'admin.configuration.currency.delete', NOW(), NOW()),
(NULL, 'admin.customer.view', NOW(), NOW()),
(NULL, 'admin.customer.create', NOW(), NOW()),
(NULL, 'admin.customer.update', NOW(), NOW()),
(NULL, 'admin.customer.delete', NOW(), NOW()),
(NULL, 'admin.configuration.feature.view', NOW(), NOW()),
(NULL, 'admin.configuration.feature.create', NOW(), NOW()),
(NULL, 'admin.configuration.feature.update', NOW(), NOW()),
(NULL, 'admin.configuration.feature.delete', NOW(), NOW()),
(NULL, 'admin.folder.view', NOW(), NOW()),
(NULL, 'admin.folder.create', NOW(), NOW()),
(NULL, 'admin.folder.update', NOW(), NOW()),
(NULL, 'admin.folder.delete', NOW(), NOW()),
(NULL, 'admin.configuration.language.view', NOW(), NOW()),
(NULL, 'admin.configuration.language.create', NOW(), NOW()),
(NULL, 'admin.configuration.language.update', NOW(), NOW()),
(NULL, 'admin.configuration.language.delete', NOW(), NOW()),
(NULL, 'admin.configuration.mailing-system.view', NOW(), NOW()),
(NULL, 'admin.configuration.mailing-system.create', NOW(), NOW()),
(NULL, 'admin.configuration.mailing-system.update', NOW(), NOW()),
(NULL, 'admin.configuration.mailing-system.delete', NOW(), NOW()),
(NULL, 'admin.configuration.message.view', NOW(), NOW()),
(NULL, 'admin.configuration.message.create', NOW(), NOW()),
(NULL, 'admin.configuration.message.update', NOW(), NOW()),
(NULL, 'admin.configuration.message.delete', NOW(), NOW()),
(NULL, 'admin.configuration.module.view', NOW(), NOW()),
(NULL, 'admin.configuration.module.create', NOW(), NOW()),
(NULL, 'admin.configuration.module.update', NOW(), NOW()),
(NULL, 'admin.configuration.module.delete', NOW(), NOW()),
(NULL, 'admin.order.view', NOW(), NOW()),
(NULL, 'admin.order.create', NOW(), NOW()),
(NULL, 'admin.order.update', NOW(), NOW()),
(NULL, 'admin.order.delete', NOW(), NOW()),
(NULL, 'admin.product.view', NOW(), NOW()),
(NULL, 'admin.product.create', NOW(), NOW()),
(NULL, 'admin.product.update', NOW(), NOW()),
(NULL, 'admin.product.delete', NOW(), NOW()),
(NULL, 'admin.configuration.profile.view', NOW(), NOW()),
(NULL, 'admin.configuration.profile.create', NOW(), NOW()),
(NULL, 'admin.configuration.profile.update', NOW(), NOW()),
(NULL, 'admin.configuration.profile.delete', NOW(), NOW()),
(NULL, 'admin.configuration.shipping-zone.view', NOW(), NOW()),
(NULL, 'admin.configuration.shipping-zone.create', NOW(), NOW()),
(NULL, 'admin.configuration.shipping-zone.update', NOW(), NOW()),
(NULL, 'admin.configuration.shipping-zone.delete', NOW(), NOW()),
(NULL, 'admin.configuration.tax.view', NOW(), NOW()),
(NULL, 'admin.configuration.tax.create', NOW(), NOW()),
(NULL, 'admin.configuration.tax.update', NOW(), NOW()),
(NULL, 'admin.configuration.tax.delete', NOW(), NOW()),
(NULL, 'admin.configuration.template.view', NOW(), NOW()),
(NULL, 'admin.configuration.template.create', NOW(), NOW()),
(NULL, 'admin.configuration.template.update', NOW(), NOW()),
(NULL, 'admin.configuration.template.delete', NOW(), NOW());

2
install/thelia.sql
View File

@@ -955,7 +955,7 @@ DROP TABLE IF EXISTS `resource`;
CREATE TABLE `resource` CREATE TABLE `resource`
( (
`id` INTEGER NOT NULL AUTO_INCREMENT, `id` INTEGER NOT NULL AUTO_INCREMENT,
`code` VARCHAR(30) NOT NULL, `code` VARCHAR(255) NOT NULL,
`created_at` DATETIME, `created_at` DATETIME,
`updated_at` DATETIME, `updated_at` DATETIME,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),

2
local/config/schema.xml
View File

@@ -740,7 +740,7 @@
</table> </table>
<table name="resource" namespace="Thelia\Model"> <table name="resource" namespace="Thelia\Model">
<column autoIncrement="true" name="id" primaryKey="true" required="true" type="INTEGER" /> <column autoIncrement="true" name="id" primaryKey="true" required="true" type="INTEGER" />
<column name="code" required="true" size="30" type="VARCHAR" /> <column name="code" required="true" size="255" type="VARCHAR" />
<column name="title" size="255" type="VARCHAR" /> <column name="title" size="255" type="VARCHAR" />
<column name="description" type="CLOB" /> <column name="description" type="CLOB" />
<column name="chapo" type="LONGVARCHAR" /> <column name="chapo" type="LONGVARCHAR" />