Check Permissions in AclComponent
O Component já está convertido para a atualização do PHP 5.5.*
Corrige bug de Verificação de Aro, onde usuário não teria acesso de visualização
AclNode::node() - Couldn't find Aro node identified by "Array ( [Aro0.model] => User [Aro0.foreign_key] => 1 ) "
É isso aí! ;)
| <?php | |
| /** | |
| * @todo CakePHP Permissions Array by Kevin Wentworth (Saco Design, Inc.) | |
| * @todo Handles retrieving all ACL Permissions and storing them in an array. | |
| * @todo Comments and bug reports welcome at kevin at sacode sign dot com | |
| * | |
| * @licensed Licensed under UYOR (Use at Your Own Risk) | |
| * @link http://www.mainelydesign.com/blog/view/getting-all-acl-permissions-in-one-lookup-cakephp-1-3#null | |
| */ | |
| class PermissionsArrayComponent extends Component { | |
| public $components = array('Acl', 'Auth', 'Session'); | |
| public $options = array('model' => 'Aco', 'field' => 'alias'); | |
| //used for recursive variable setting/checking | |
| public $perms = array(); //for ACL defined permissions | |
| public $permissionsArray = array(); //for all permissions | |
| public $inheritPermission = array(); //array indexed by level to hold the inherited permission | |
| // Called before Controller::beforeFilter() | |
| public function initialize(Controller $controller, $settings = array()) { | |
| // saving the controller reference for later use | |
| $this->controller = $controller; | |
| } | |
| // Called after Controller::beforeFilter() | |
| public function startup(Controller $controller) { | |
| } | |
| // Called after Controller::beforeRender() | |
| public function beforeRender(Controller $controller) { | |
| } | |
| // Called after Controller::render() | |
| public function shutdown(Controller $controller) { | |
| } | |
| // Called before Controller::redirect() | |
| public function beforeRedirect(Controller $controller, $url, $status = null, $exit = true) { | |
| // | |
| } | |
| public function create($group_id = 0, $options = array()) { | |
| $this->options = array_merge($this->options, $options); | |
| // GET ACL PERMISSIONS | |
| $acos = $this->Acl->Aco->find('threaded'); | |
| $group_aro = $this->Acl->Aro->find('threaded', array( | |
| 'conditions' => array('Aro.foreign_key' => $group_id, 'Aro.model' => 'Group') | |
| )); | |
| $group_perms = Set::extract('{n}.Aco', $group_aro); | |
| $gpAco = array(); | |
| foreach ($group_perms[0] as $value) { | |
| $gpAco[$value['id']] = $value; | |
| } | |
| $this->perms = $gpAco; | |
| $this->_addPermissions($acos, $this->options['model'], $this->options['field'], 0, ''); | |
| $this->Session->write('Auth.Permissions', $this->permissionsArray); | |
| //return $this->controller->redirect($this->Auth->redirect()); | |
| return true; | |
| } | |
| public function _addPermissions($acos, $modelName, $fieldName, $level, $alias) { | |
| foreach ($acos as $key => $val) { | |
| $thisAlias = $alias . $val[$modelName][$fieldName]; | |
| if (isset($this->perms[$val[$modelName]['id']])) { | |
| $curr_perm = $this->perms[$val[$modelName]['id']]; | |
| if ($curr_perm['Permission']['_create'] == 1) { | |
| $this->permissionsArray[] = $thisAlias; | |
| $this->inheritPermission[$level] = 1; | |
| } else { | |
| $this->inheritPermission[$level] = -1; | |
| } | |
| } | |
| else { | |
| if (!empty($this->inheritPermission)) { | |
| //echo $level.'::'.$thisAlias; | |
| //var_dump($this->inheritPermission); | |
| //check for inheritedPermissions, by checking closest array element | |
| $revPerms = array_reverse($this->inheritPermission); | |
| if ($revPerms[0] == 1) { | |
| $this->permissionsArray[] = $thisAlias; //the level above was set to 1, so this should be a 1 | |
| } | |
| } | |
| } | |
| if (isset($val['children'][0])) { | |
| $old_alias = $alias; | |
| $alias .= $val[$modelName][$fieldName] . '/'; | |
| $this->_addPermissions($val['children'], $modelName, $fieldName, $level + 1, $alias); | |
| unset($this->inheritPermission[$level + 1]); //don't want the last level's inheritance, in case it was set | |
| unset($this->inheritPermission[$level]); //don't want this inheritance anymore, in case it was set | |
| $alias = $old_alias; | |
| } | |
| } | |
| return; | |
| } | |
| // Check permission via url | |
| public function checkAction($model, $fk, $params, $boolReturn = TRUE) { | |
| if ($this->Session->read('Auth')) { | |
| //$controller = $params->params['controller']; | |
| $controller = $this->controller->name; | |
| $action = $params->params['action']; | |
| $action = $controller . '/' . $action; | |
| if (!$this->Acl->check(array('model' => $model, 'foreign_key' => $fk), $action)) { | |
| if ($boolReturn) | |
| throw new NotFoundException(Configure::read('accessDeniedMsg')); | |
| else | |
| return FALSE; | |
| } | |
| } | |
| } | |
| // Check if user is logged | |
| public function checkUser() { | |
| $userData = $this->Auth->user(); | |
| if (empty($userData)) { | |
| $message = Configure::read('accessDeniedMsg'); | |
| //throw new Exception($message); | |
| $this->Session->setFlash($message); | |
| $this->controller->redirect($this->Auth->loginAction); | |
| } | |
| } | |
| } |
| public function beforeFilter() { | |
| parent::beforeFilter(); | |
| $this->PermissionsArray->checkUser(); | |
| // .. procedimentos do método aqui.. | |
| $this->PermissionsArray->checkAction('User', USER_ID_SESSION, $this->params); | |
| } |