chalien/RoleAuthorize.php

## RoleAuthorize.php
<?php

App::uses('BaseAuthorize', 'Controller/Component/Auth');
App::uses('Umpermission', 'Usermin.Model');

class RoleAuthorize extends BaseAuthorize {


  private $authorization_types=array( "controller", "plugin" , "action");
  private $evaluated_permission=null;
  private $actionRequested= null;
  /**
   * Checks if a Permission matching plugin, controller and
   * action exists and is allowed to access for the user's
   * role.
   * 'superadmin' user is always authorized
   *
   * @param type $user
   * @param CakeRequest $request
   * @return type
   */
  public function authorize($user, CakeRequest $request) {

    if (isset($this->settings['authorizeAll']) && $this->settings['authorizeAll']) {
      return true;
    }

    if ($user['username'] == 'superadmin') {
      // superadmin user is cool
      return true;
    }

    $this->actionRequested = Router::parse($request->here(false));

    $this->_log("user: ${user['username']} is trying to access: p(".$this->actionRequested['plugin'].") c(".$this->actionRequested['controller'].") a(".$this->actionRequested['action'].") ");

    // get permissions for the role
    $conditions = array('conditions' => array('umrole_id' => $user['umrole_id']));
    $permissionsForUserRole = Cache::read(Umpermission::cacheKeyPrefix . $user['umrole_id']);

    if ($permissionsForUserRole === false) {
      $Umpermission = new Umpermission();
      $permissionsForUserRole = $Umpermission->find('all', $conditions);
      Cache::write(Umpermission::cacheKeyPrefix . $user['umrole_id'], $permissionsForUserRole);
      $this->_log("Caching rules for umrole_id ${user['umrole_id']}");
    } else {
      $this->_log("Getting cached rules for umrole_id ${user['umrole_id']}");
    }


    foreach ($permissionsForUserRole as $perm) {
      $this->evaluated_permission=$perm;
      $this->_log("checking permission " . $perm['Umpermission']['id'] . ' = p(' . $perm['Umpermission']['plugin'] . ') c(' . $perm['Umpermission']['controller'] . ') a(' . $perm['Umpermission']['action'] . ')');

      if( $this->hasAllPermissions() ){
        return true;
      }

      if (  $this->hasPermissionTo( "plugin" ) && $this->hasPermissionTo( "controller" ) && $this->hasPermissionTo( "action" ) ) {
        $this->_log( serialize( $perm['Umpermission'] ));
        return true;
        return $perm['Umpermission']['allowed'] == 1;
      }

    }

    $this->_log("no rules matched. user is not allowed ");

    return false;
  }


  function hasAllPermissions(){
    foreach( $this->authorization_types as $authorization_type){
      if( isset($this->evaluated_permission[ $authorization_type ]) && $this->evaluated_permission[ $authorization_type ] == "*" ){
        $hasAll=true;
      }else{
        $hasAll=false;
        break;
      }
    }
    return $hasAll;
  }

  function hasPermissionTo( $authorization_type ){
    $isAllow=false;
    if( $this->evaluated_permission['Umpermission'][ $authorization_type ] == "*" || (strtoupper($this->actionRequested[$authorization_type]) == strtoupper( $this->evaluated_permission["Umpermission"][ $authorization_type ] ) ) ){
       $isAllow=  true;
    }
    return $isAllow;
  }

  /**
   * Filter debug
   *
   * @param type $var
   */
  private function _log($var) {
    if (isset($this->settings['debug']) && $this->settings['debug']) {
      $this->controller()->log($var, LOG_DEBUG);
    }
  }

  }
	<?php

	App::uses('BaseAuthorize', 'Controller/Component/Auth');
	App::uses('Umpermission', 'Usermin.Model');

	class RoleAuthorize extends BaseAuthorize {


	private $authorization_types=array( "controller", "plugin" , "action");
	private $evaluated_permission=null;
	private $actionRequested= null;
	/**
	* Checks if a Permission matching plugin, controller and
	* action exists and is allowed to access for the user's
	* role.
	* 'superadmin' user is always authorized
	*
	* @param type $user
	* @param CakeRequest $request
	* @return type
	*/
	public function authorize($user, CakeRequest $request) {

	if (isset($this->settings['authorizeAll']) && $this->settings['authorizeAll']) {
	return true;
	}

	if ($user['username'] == 'superadmin') {
	// superadmin user is cool
	return true;
	}

	$this->actionRequested = Router::parse($request->here(false));

	$this->_log("user: ${user['username']} is trying to access: p(".$this->actionRequested['plugin'].") c(".$this->actionRequested['controller'].") a(".$this->actionRequested['action'].") ");

	// get permissions for the role
	$conditions = array('conditions' => array('umrole_id' => $user['umrole_id']));
	$permissionsForUserRole = Cache::read(Umpermission::cacheKeyPrefix . $user['umrole_id']);

	if ($permissionsForUserRole === false) {
	$Umpermission = new Umpermission();
	$permissionsForUserRole = $Umpermission->find('all', $conditions);
	Cache::write(Umpermission::cacheKeyPrefix . $user['umrole_id'], $permissionsForUserRole);
	$this->_log("Caching rules for umrole_id ${user['umrole_id']}");
	} else {
	$this->_log("Getting cached rules for umrole_id ${user['umrole_id']}");
	}




	foreach ($permissionsForUserRole as $perm) {
	$this->evaluated_permission=$perm;
	$this->_log("checking permission " . $perm['Umpermission']['id'] . ' = p(' . $perm['Umpermission']['plugin'] . ') c(' . $perm['Umpermission']['controller'] . ') a(' . $perm['Umpermission']['action'] . ')');

	if( $this->hasAllPermissions() ){
	return true;
	}

	if ( $this->hasPermissionTo( "plugin" ) && $this->hasPermissionTo( "controller" ) && $this->hasPermissionTo( "action" ) ) {
	$this->_log( serialize( $perm['Umpermission'] ));
	return true;
	return $perm['Umpermission']['allowed'] == 1;
	}

	}

	$this->_log("no rules matched. user is not allowed ");

	return false;
	}


	function hasAllPermissions(){
	foreach( $this->authorization_types as $authorization_type){
	if( isset($this->evaluated_permission[ $authorization_type ]) && $this->evaluated_permission[ $authorization_type ] == "*" ){
	$hasAll=true;
	}else{
	$hasAll=false;
	break;
	}
	}
	return $hasAll;
	}

	function hasPermissionTo( $authorization_type ){
	$isAllow=false;
	if( $this->evaluated_permission['Umpermission'][ $authorization_type ] == "*" \|\| (strtoupper($this->actionRequested[$authorization_type]) == strtoupper( $this->evaluated_permission["Umpermission"][ $authorization_type ] ) ) ){
	$isAllow= true;
	}
	return $isAllow;
	}

	/**
	* Filter debug
	*
	* @param type $var
	*/
	private function _log($var) {
	if (isset($this->settings['debug']) && $this->settings['debug']) {
	$this->controller()->log($var, LOG_DEBUG);
	}
	}

	}
No results found