Skip to content

Instantly share code, notes, and snippets.

@Jako
Created November 20, 2016 12:56
Show Gist options
  • Save Jako/176e0a9fa3e48c424bbeed2c3ca9b2e2 to your computer and use it in GitHub Desktop.
Save Jako/176e0a9fa3e48c424bbeed2c3ca9b2e2 to your computer and use it in GitHub Desktop.
Access permissions resolver for MODX packages
<?php
/**
* Resolve access permissions
*
* @package sample
* @subpackage build
*
* @var mixed $object
* @var array $options
*/
/**
* @param modX $modx
* @param array $policy
* @param array $template
* @param string $permission
* @return bool
*/
function createAccessPermission(&$modx, $policy, $template, $permission)
{
/** @var modAccessPolicyTemplate $accessPolicyTemplate */
if (!$accessPolicyTemplate = $modx->getObject('modAccessPolicyTemplate', array('name' => $template['name']))
) {
$accessPolicyTemplate = $modx->newObject('modAccessPolicyTemplate');
$accessPolicyTemplate->fromArray(array(
'name' => $template['name'],
'description' => $template['description'],
'lexicon' => $template['lexicon'],
'template_group' => $template['template_group']
));
$accessPolicyTemplate->save();
$modx->log(xPDO::LOG_LEVEL_INFO, 'Access Policy Template "' . $template['name'] . '" created.');
}
/** @var modAccessPolicy $accessPolicy */
if (!$accessPolicy = $modx->getObject('modAccessPolicy', array(
'name' => $policy['name']
))
) {
$accessPolicy = $modx->newObject('modAccessPolicy');
$accessPolicy->fromArray(array(
'name' => $policy['name'],
'description' => $policy['description'],
'data' => array($permission => true),
'lexicon' => $policy['lexicon']
));
$accessPolicy->addOne($accessPolicyTemplate, 'Template');
$accessPolicy->save();
$modx->log(xPDO::LOG_LEVEL_INFO, 'Access Policy "' . $policy['name'] . '" created.');
} else {
$data = $accessPolicy->get('data');
$data = ($data) ? array_merge($data, array($permission => true)) : array($permission => true);
$accessPolicy->set('data', $data);
$accessPolicy->save();
$modx->log(xPDO::LOG_LEVEL_INFO, 'Access Policy "' . $policy['name'] . '" updated.');
}
if (!$modx->getObject('modAccessPermission', array('name' => $permission))) {
/** @var modAccessPermission $accessPermission */
$accessPermission = $modx->newObject('modAccessPermission');
$accessPermission->fromArray(array(
'name' => $permission,
'description' => 'perm.' . $permission . '_desc',
'value' => '1'
));
$accessPermission->addOne($accessPolicyTemplate, 'Template');
$accessPermission->save();
$modx->log(xPDO::LOG_LEVEL_INFO, 'Access Permission "' . $permission . '" created.');
}
return true;
}
/**
* @param modX $modx
* @param array $policy
* @param array $template
* @param string $permission
* @return bool
*/
function removeAccessPermission(&$modx, $policy, $template, $permission)
{
/** @var modAccessPermission $accessPermission */
if ($accessPolicy = $modx->getObject('modAccessPolicy', array('name' => $policy['name']))) {
$accessPolicy->remove();
$modx->log(xPDO::LOG_LEVEL_INFO, 'Access Policy "' . $policy['name'] . '" removed.');
}
/** @var modAccessPolicyTemplate $accessPolicyTemplate */
if ($accessPolicyTemplate = $modx->getObject('modAccessPolicyTemplate', array('name' => $template['name']))) {
$accessPolicyTemplate->remove();
$modx->log(xPDO::LOG_LEVEL_INFO, 'Access Policy Template "' . $template['name'] . '" removed.');
}
/** @var modAccessPermission $accessPermission */
if ($accessPermission = $modx->getObject('modAccessPermission', array('name' => $permission))) {
$accessPermission->remove();
$modx->log(xPDO::LOG_LEVEL_INFO, 'Access Permission "' . $permission . '" removed.');
}
return true;
}
$namespace = 'sample';
$accessPolicies = array(
array(
'policy' => array(
'name' => 'REST User',
'description' => 'REST API Usage Policy with all attributes.',
'lexicon' => $namespace . ':permissions'
),
'template' => array(
'name' => 'RestUserTemplate',
'description' => 'Policy Template for access to the REST API.',
'lexicon' => $namespace . ':permissions'
'template_group' => '1'
),
'permissions' => array(
'rest_get',
'rest_post',
'rest_put',
'rest_delete'
)
)
);
$success = true;
if ($object->xpdo) {
switch ($options[xPDOTransport::PACKAGE_ACTION]) {
case xPDOTransport::ACTION_INSTALL:
case xPDOTransport::ACTION_UPGRADE:
/** @var modX $modx */
$modx = &$object->xpdo;
foreach ($accessPolicies as $accessPolicy) {
foreach ($accessPolicy['permissions'] as $accessPermission) {
$result = createAccessPermission($modx, $accessPolicy['policy'], $accessPolicy['template'], $accessPermission);
$success = $success && $result;
}
}
break;
case xPDOTransport::ACTION_UNINSTALL:
foreach ($accessPolicies as $accessPolicy) {
foreach ($accessPolicy['permissions'] as $accessPermission) {
$result = removeAccessPermission($modx, $accessPolicy['policy'], $accessPolicy['template'], $accessPermission);
$success = $success && $result;
}
}
break;
}
}
return $success;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment