Created
June 12, 2015 23:57
-
-
Save sadekbaroudi/3191513e2bbce2170326 to your computer and use it in GitHub Desktop.
SugarCRM 7 - ACL Role create / update deployment script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
define('sugarEntry', true); | |
require_once('include/entryPoint.php'); | |
require_once('modules/ACLRoles/ACLRole.php'); | |
require_once('modules/ACLActions/actiondefs.php'); | |
// metadata for creates or updates, see all possibilities for 'def' in modules/ACLActions/actiondefs.php | |
$acl = array( | |
// Create new role | |
array( | |
'retrieveBy' => false, | |
'def' => array( | |
'name' => 'Accounts no calls', | |
'description' => 'Accounts no calls', | |
'acl' => array( | |
'Accounts' => array( | |
'admin' => ACL_ALLOW_NORMAL, | |
'access' => ACL_ALLOW_ENABLED, | |
'view' => ACL_ALLOW_DEFAULT, | |
'list' => ACL_ALLOW_DEFAULT, | |
'edit' => ACL_ALLOW_OWNER, | |
'delete' => ACL_ALLOW_NONE, | |
'import' => ACL_ALLOW_NONE, | |
'export' => ACL_ALLOW_NONE, | |
'massupdate' => ACL_ALLOW_DEFAULT, | |
), | |
'Calls' => array( | |
'access' => ACL_ALLOW_NONE, // Disables the module entirely | |
), | |
), | |
), | |
), | |
// Update existing role, retrieve by id | |
array( | |
'retrieveBy' => array('type' => 'id', 'value' => '65dc0141-51c0-de0d-25fa-5549640a212b'), | |
'def' => array( | |
'name' => 'Test 1', | |
'description' => 'Test 1', | |
'acl' => array( | |
'Accounts' => array( | |
'admin' => ACL_ALLOW_NORMAL, | |
'access' => ACL_ALLOW_ENABLED, | |
'view' => ACL_ALLOW_DEFAULT, | |
'list' => ACL_ALLOW_DEFAULT, | |
'edit' => ACL_ALLOW_OWNER, | |
'delete' => ACL_ALLOW_NONE, | |
'import' => ACL_ALLOW_NONE, | |
'export' => ACL_ALLOW_NONE, | |
'massupdate' => ACL_ALLOW_DEFAULT, | |
), | |
'Calls' => array( | |
'access' => ACL_ALLOW_NONE, // Disables the module entirely | |
), | |
), | |
), | |
), | |
// Update role, retrieve by name | |
array( | |
'retrieveBy' => array('type' => 'name', 'value' => 'Customer Support Administrator'), | |
'def' => array( | |
'name' => 'Test 2', | |
'description' => 'Test 2', | |
'acl' => array( | |
'Accounts' => array( | |
'admin' => ACL_ALLOW_NORMAL, | |
'access' => ACL_ALLOW_ENABLED, | |
'view' => ACL_ALLOW_DEFAULT, | |
'list' => ACL_ALLOW_DEFAULT, | |
'edit' => ACL_ALLOW_OWNER, | |
'delete' => ACL_ALLOW_NONE, | |
'import' => ACL_ALLOW_NONE, | |
'export' => ACL_ALLOW_NONE, | |
'massupdate' => ACL_ALLOW_DEFAULT, | |
), | |
'Calls' => array( | |
'access' => ACL_ALLOW_NONE, // Disables the module entirely | |
), | |
), | |
), | |
), | |
); | |
foreach ($acl as $aclDef) { | |
$role = getOrCreateRoleFromDefinition($aclDef); | |
// Failed for some reason, echo and continue | |
if (is_string($role)) { | |
echo $role . PHP_EOL; | |
continue; | |
} | |
$result = runUpdateOrCreate($role, $aclDef['def']); | |
if (is_string($result)) { | |
echo $result . PHP_EOL; | |
continue; | |
} | |
} | |
function getOrCreateRoleFromDefinition($aclDef) { | |
$role = new ACLRole(); | |
if ($aclDef['retrieveBy'] !== false) { | |
$id = NULL; | |
if ($aclDef['retrieveBy']['type'] == 'name') { | |
$query = "SELECT id FROM acl_roles WHERE name = '{$aclDef['retrieveBy']['value']}' AND deleted = 0"; | |
$res = $GLOBALS['db']->query($query); | |
if (!$res) { | |
return "Query failed: Could not find role '{$aclDef['retrieveBy']['value']}' by name, skipping..."; | |
} | |
$row = $GLOBALS['db']->fetchByAssoc($res); | |
if (!$row || empty($row['id'])) { | |
return "No results: Could not find role '{$aclDef['retrieveBy']['value']}' by name, skipping..."; | |
} | |
$id = $row['id']; | |
} | |
else if ($aclDef['retrieveBy']['type'] == 'id') { | |
$id = $aclDef['retrieveBy']['value']; | |
} | |
else { | |
return "Invalid metadata '{$aclDef['retrieveBy']['type']}', skipping..."; | |
} | |
$role->retrieve($id); | |
if (empty($role->id)) { | |
return "Could not retrieve ACLRole object for id '{$id}', skipping..."; | |
} | |
} | |
return $role; | |
} | |
function runUpdateOrCreate($role, $aclDef) { | |
// Identify type based on role | |
$create = false; | |
if (empty($role->id)) { | |
$create = true; | |
} | |
// CREATE IT FIRST! | |
if ($create) { | |
$role->name = $aclDef['name']; | |
$role->description = $aclDef['description']; | |
$role->save(); | |
} | |
$ACLField = new ACLField(); | |
foreach($aclDef['acl'] as $category=>$actions){ | |
foreach($actions as $name=>$access_override){ | |
if($name=='fields'){ | |
foreach($access_override as $field_id=>$access){ | |
$ACLField->setAccessControl($category, $role->id, $field_id, $access); | |
} | |
}else{ | |
$queryACL="SELECT id FROM acl_actions where category='$category' and name='$name'"; | |
$result = $GLOBALS['db']->query($queryACL); | |
$actionId=$GLOBALS['db']->fetchByAssoc($result); | |
if (isset($actionId['id']) && !empty($actionId['id'])){ | |
$role->setAction($role->id, $actionId['id'], $access_override); | |
} | |
} | |
} | |
} | |
} |
Hi Vincent, I no longer work at Sugar. That said, I doubt it works as is. It's probably close, since ACLs haven't changed often, historically. I'd suggest testing it out.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Excuse ignorant question, I'm not a developer but before I suggest to our company can you confirm if this still works on v10 please?