HCE Project DC service web UI  0.2
Hierarchical Cluster Engine DC service web UI
 All Classes Namespaces Files Functions Variables Pages
AuthItemController.php
Go to the documentation of this file.
1 <?php
10 class AuthItemController extends RController
11 {
15  private $_authorizer;
19  private $_model;
20 
24  public function init()
25  {
26  $this->_authorizer = $this->module->getAuthorizer();
27  $this->layout = $this->module->layout;
28  $this->defaultAction = 'permissions';
29 
30  // Register the scripts
31  $this->module->registerScripts();
32  }
33 
37  public function filters()
38  {
39  return array(
40  'accessControl',
41  );
42  }
43 
50  public function accessRules()
51  {
52  return array(
53  array('allow', // Allow superusers to access Rights
54  'actions' => array(
55  'permissions',
56  'operations',
57  'tasks',
58  'roles',
59  'generate',
60  'create',
61  'update',
62  'delete',
63  'removeChild',
64  'assign',
65  'revoke',
66  'sortable',
67  ),
68  'users' => $this->_authorizer->getSuperusers(),
69  ),
70  array('deny', // Deny all users
71  'users' => array('*'),
72  ),
73  );
74  }
75 
79  public function actionPermissions()
80  {
81  $dataProvider = new RPermissionDataProvider('permissions');
82 
83  // Get the roles from the data provider
84  $roles = $dataProvider->getRoles();
85  $roleColumnWidth = $roles !== array() ? 75/count($roles) : 0;
86 
87  // Initialize the columns
88  $columns = array(
89  array(
90  'name' => 'description',
91  'header' => Rights::t('core', 'Item'),
92  'type' => 'raw',
93  'htmlOptions' => array(
94  'class' => 'permission-column',
95  'style' => 'width:25%',
96  ),
97  ),
98  );
99 
100  // Add a column for each role
101  foreach ($roles as $roleName => $role) {
102  $columns[] = array(
103  'name' => strtolower($roleName),
104  'header' => $role->getNameText(),
105  'type' => 'raw',
106  'htmlOptions' => array(
107  'class' => 'role-column',
108  'style' => 'width:'.$roleColumnWidth.'%',
109  ),
110  );
111  }
112 
113  $view = 'permissions';
114  $params = array(
115  'dataProvider' => $dataProvider,
116  'columns' => $columns,
117  );
118 
119  // Render the view
120  isset($_POST['ajax']) === true ? $this->renderPartial($view, $params) : $this->render($view, $params);
121  }
122 
126  public function actionOperations()
127  {
128  Yii::app()->user->rightsReturnUrl = array('authItem/operations');
129 
130  $dataProvider = new RAuthItemDataProvider('operations', array(
131  'type' => CAuthItem::TYPE_OPERATION,
132  'sortable' => array(
133  'id' => 'RightsOperationTableSort',
134  'element' => '.operation-table',
135  'url' => $this->createUrl('authItem/sortable'),
136  ),
137  ));
138 
139  // Render the view
140  $this->render('operations', array(
141  'dataProvider' => $dataProvider,
142  'isBizRuleEnabled' => $this->module->enableBizRule,
143  'isBizRuleDataEnabled' => $this->module->enableBizRuleData,
144  ));
145  }
146 
150  public function actionTasks()
151  {
152  Yii::app()->user->rightsReturnUrl = array('authItem/tasks');
153 
154  $dataProvider = new RAuthItemDataProvider('tasks', array(
155  'type' => CAuthItem::TYPE_TASK,
156  'sortable' => array(
157  'id' => 'RightsTaskTableSort',
158  'element' => '.task-table',
159  'url' => $this->createUrl('authItem/sortable'),
160  ),
161  ));
162 
163  // Render the view
164  $this->render('tasks', array(
165  'dataProvider' => $dataProvider,
166  'isBizRuleEnabled' => $this->module->enableBizRule,
167  'isBizRuleDataEnabled' => $this->module->enableBizRuleData,
168  ));
169  }
170 
174  public function actionRoles()
175  {
176  Yii::app()->user->rightsReturnUrl = array('authItem/roles');
177 
178  $dataProvider = new RAuthItemDataProvider('roles', array(
179  'type' => CAuthItem::TYPE_ROLE,
180  'sortable' => array(
181  'id' => 'RightsRoleTableSort',
182  'element' => '.role-table',
183  'url' => $this->createUrl('authItem/sortable'),
184  ),
185  ));
186 
187  // Render the view
188  $this->render('roles', array(
189  'dataProvider' => $dataProvider,
190  'isBizRuleEnabled' => $this->module->enableBizRule,
191  'isBizRuleDataEnabled' => $this->module->enableBizRuleData,
192  ));
193  }
194 
198  public function actionGenerate()
199  {
200  // Get the generator and authorizer
201  $generator = $this->module->getGenerator();
202 
203  // Createh the form model
204  $model = new GenerateForm();
205 
206  // Form has been submitted
207  if (isset($_POST['GenerateForm']) === true) {
208  // Form is valid
209  $model->attributes = $_POST['GenerateForm'];
210  if ($model->validate() === true) {
211  $items = array(
212  'tasks' => array(),
213  'operations' => array(),
214  );
215 
216  // Get the chosen items
217  foreach ($model->items as $itemname => $value) {
218  if ((bool) $value === true) {
219  if (strpos($itemname, '*') !== false) {
220  $items['tasks'][] = $itemname;
221  } else {
222  $items['operations'][] = $itemname;
223  }
224  }
225  }
226 
227  // Add the items to the generator as tasks and operations and run the generator.
228  $generator->addItems($items['tasks'], CAuthItem::TYPE_TASK);
229  $generator->addItems($items['operations'], CAuthItem::TYPE_OPERATION);
230  if (($generatedItems = $generator->run()) !== false && $generatedItems !== array()) {
231  Yii::app()->getUser()->setFlash($this->module->flashSuccessKey,
232  Rights::t('core', 'Authorization items created.')
233  );
234  $this->redirect(array('authItem/permissions'));
235  }
236  }
237  }
238 
239  // Get all items that are available to be generated
240  $items = $generator->getControllerActions();
241 
242  // We need the existing operations for comparason
243  $authItems = $this->_authorizer->getAuthItems(array(
244  CAuthItem::TYPE_TASK,
245  CAuthItem::TYPE_OPERATION,
246  ));
247  $existingItems = array();
248  foreach ($authItems as $itemName => $item) {
249  $existingItems[ $itemName ] = $itemName;
250  }
251 
252  Yii::app()->clientScript->registerScript('rightsGenerateItemTableSelectRows',
253  "jQuery('.generate-item-table').rightsSelectRows();"
254  );
255 
256  // Render the view
257  $this->render('generate', array(
258  'model' => $model,
259  'items' => $items,
260  'existingItems' => $existingItems,
261  ));
262  }
263 
269  public function actionCreate()
270  {
271  $type = $this->getType();
272 
273  // Create the authorization item form
274  $formModel = new AuthItemForm('create');
275 
276  if (isset($_POST['AuthItemForm']) === true) {
277  $formModel->attributes = $_POST['AuthItemForm'];
278  if ($formModel->validate() === true) {
279  // Create the item
280  $item = $this->_authorizer->createAuthItem($formModel->name, $type, $formModel->description, $formModel->bizRule, $formModel->data);
281  $item = $this->_authorizer->attachAuthItemBehavior($item);
282 
283  // Set a flash message for creating the item
284  Yii::app()->user->setFlash($this->module->flashSuccessKey,
285  Rights::t('core', ':name created.', array(':name' => $item->getNameText()))
286  );
287 
288  // Redirect to the correct destination
289  $this->redirect(Yii::app()->user->getRightsReturnUrl(array('authItem/permissions')));
290  }
291  }
292 
293  // Render the view
294  $this->render('create', array(
295  'formModel' => $formModel,
296  ));
297  }
298 
302  public function actionUpdate()
303  {
304  // Get the authorization item
305  $model = $this->loadModel();
306  $itemName = $model->getName();
307 
308  // Create the authorization item form
309  $formModel = new AuthItemForm('update');
310 
311  if (isset($_POST['AuthItemForm']) === true) {
312  $formModel->attributes = $_POST['AuthItemForm'];
313  if ($formModel->validate() === true) {
314  // Update the item and load it
315  $this->_authorizer->updateAuthItem($itemName, $formModel->name, $formModel->description, $formModel->bizRule, $formModel->data);
316  $item = $this->_authorizer->authManager->getAuthItem($formModel->name);
317  $item = $this->_authorizer->attachAuthItemBehavior($item);
318 
319  // Set a flash message for updating the item
320  Yii::app()->user->setFlash($this->module->flashSuccessKey,
321  Rights::t('core', ':name updated.', array(':name' => $item->getNameText()))
322  );
323 
324  // Redirect to the correct destination
325  $this->redirect(Yii::app()->user->getRightsReturnUrl(array('authItem/permissions')));
326  }
327  }
328 
329  $type = Rights::getValidChildTypes($model->type);
330  $exclude = array($this->module->superuserName);
331  $childSelectOptions = Rights::getParentAuthItemSelectOptions($model, $type, $exclude);
332 
333  if ($childSelectOptions !== array()) {
334  $childFormModel = new AuthChildForm();
335 
336  // Child form is submitted and data is valid
337  if (isset($_POST['AuthChildForm']) === true) {
338  $childFormModel->attributes = $_POST['AuthChildForm'];
339  if ($childFormModel->validate() === true) {
340  // Add the child and load it
341  $this->_authorizer->authManager->addItemChild($itemName, $childFormModel->itemname);
342  $child = $this->_authorizer->authManager->getAuthItem($childFormModel->itemname);
343  $child = $this->_authorizer->attachAuthItemBehavior($child);
344 
345  // Set a flash message for adding the child
346  Yii::app()->user->setFlash($this->module->flashSuccessKey,
347  Rights::t('core', 'Child :name added.', array(':name' => $child->getNameText()))
348  );
349 
350  // Reidrect to the same page
351  $this->redirect(array('authItem/update', 'name' => urlencode($itemName)));
352  }
353  }
354  } else {
355  $childFormModel = null;
356  }
357 
358  // Set the values for the form fields
359  $formModel->name = $model->name;
360  $formModel->description = $model->description;
361  $formModel->type = $model->type;
362  $formModel->bizRule = $model->bizRule !== 'NULL' ? $model->bizRule : '';
363  $formModel->data = $model->data !== null ? serialize($model->data) : '';
364 
365  $parentDataProvider = new RAuthItemParentDataProvider($model);
366  $childDataProvider = new RAuthItemChildDataProvider($model);
367 
368  // Render the view
369  $this->render('update', array(
370  'model' => $model,
371  'formModel' => $formModel,
372  'childFormModel' => $childFormModel,
373  'childSelectOptions' => $childSelectOptions,
374  'parentDataProvider' => $parentDataProvider,
375  'childDataProvider' => $childDataProvider,
376  ));
377  }
378 
382  public function actionDelete()
383  {
384  // We only allow deletion via POST request
385  if (Yii::app()->request->isPostRequest === true) {
386  $itemName = $this->getItemName();
387 
388  // Load the item and save the name for later use
389  $item = $this->_authorizer->authManager->getAuthItem($itemName);
390  $item = $this->_authorizer->attachAuthItemBehavior($item);
391 
392  // Delete the item
393  $this->_authorizer->authManager->removeAuthItem($itemName);
394 
395  // Set a flash message for deleting the item
396  Yii::app()->user->setFlash($this->module->flashSuccessKey,
397  Rights::t('core', ':name deleted.', array(':name' => $item->getNameText()))
398  );
399 
400  // If AJAX request, we should not redirect the browser
401  if (isset($_POST['ajax']) === false) {
402  $this->redirect(Yii::app()->user->getRightsReturnUrl(array('authItem/permissions')));
403  }
404  } else {
405  throw new CHttpException(400, Rights::t('core', 'Invalid request. Please do not repeat this request again.'));
406  }
407  }
408 
412  public function actionRemoveChild()
413  {
414  // We only allow deletion via POST request
415  if (Yii::app()->request->isPostRequest === true) {
416  $itemName = $this->getItemName();
417  $childName = $this->getChildName();
418 
419  // Remove the child and load it
420  $this->_authorizer->authManager->removeItemChild($itemName, $childName);
421  $child = $this->_authorizer->authManager->getAuthItem($childName);
422  $child = $this->_authorizer->attachAuthItemBehavior($child);
423 
424  // Set a flash message for removing the child
425  Yii::app()->user->setFlash($this->module->flashSuccessKey,
426  Rights::t('core', 'Child :name removed.', array(':name' => $child->getNameText()))
427  );
428 
429  // If AJAX request, we should not redirect the browser
430  if (isset($_POST['ajax']) === false) {
431  $this->redirect(array('authItem/update', 'name' => urlencode($itemName)));
432  }
433  } else {
434  throw new CHttpException(400, Rights::t('core', 'Invalid request. Please do not repeat this request again.'));
435  }
436  }
437 
441  public function actionAssign()
442  {
443  // We only allow deletion via POST request
444  if (Yii::app()->request->isPostRequest === true) {
445  $model = $this->loadModel();
446  $childName = $this->getChildName();
447 
448  if ($childName !== null && $model->hasChild($childName) === false) {
449  $model->addChild($childName);
450  }
451 
452  // if AJAX request, we should not redirect the browser
453  if (isset($_POST['ajax']) === false) {
454  $this->redirect(array('authItem/permissions'));
455  }
456  } else {
457  throw new CHttpException(400, Rights::t('core', 'Invalid request. Please do not repeat this request again.'));
458  }
459  }
460 
464  public function actionRevoke()
465  {
466  // We only allow deletion via POST request
467  if (Yii::app()->request->isPostRequest === true) {
468  $model = $this->loadModel();
469  $childName = $this->getChildName();
470 
471  if ($childName !== null && $model->hasChild($childName) === true) {
472  $model->removeChild($childName);
473  }
474 
475  // if AJAX request, we should not redirect the browser
476  if (isset($_POST['ajax']) === false) {
477  $this->redirect(array('authItem/permissions'));
478  }
479  } else {
480  throw new CHttpException(400, Rights::t('core', 'Invalid request. Please do not repeat this request again.'));
481  }
482  }
483 
487  public function actionSortable()
488  {
489  // We only allow sorting via POST request
490  if (Yii::app()->request->isPostRequest === true) {
491  $this->_authorizer->authManager->updateItemWeight($_POST['result']);
492  } else {
493  throw new CHttpException(400, Rights::t('core', 'Invalid request. Please do not repeat this request again.'));
494  }
495  }
496 
500  public function getItemName()
501  {
502  return isset($_GET['name']) === true ? urldecode($_GET['name']) : null;
503  }
504 
508  public function getChildName()
509  {
510  return isset($_GET['child']) === true ? urldecode($_GET['child']) : null;
511  }
512 
518  public function getType()
519  {
520  $type = $_GET['type'];
521  $validTypes = array(CAuthItem::TYPE_OPERATION, CAuthItem::TYPE_TASK, CAuthItem::TYPE_ROLE);
522  if (in_array($type, $validTypes) === true) {
523  return $type;
524  } else {
525  throw new CException(Rights::t('core', 'Invalid authorization item type.'));
526  }
527  }
528 
533  public function loadModel()
534  {
535  if ($this->_model === null) {
536  $itemName = $this->getItemName();
537 
538  if ($itemName !== null) {
539  $this->_model = $this->_authorizer->authManager->getAuthItem($itemName);
540  $this->_model = $this->_authorizer->attachAuthItemBehavior($this->_model);
541  }
542 
543  if ($this->_model === null) {
544  throw new CHttpException(404, Rights::t('core', 'The requested page does not exist.'));
545  }
546  }
547 
548  return $this->_model;
549  }
550 }