Commit ea4656a2 authored by Tino Goratsch's avatar Tino Goratsch

- reworked the AclInstaller a little bit

- fixed the installer
parent 46643bc5
......@@ -4,9 +4,8 @@ namespace ACP3\Core;
use ACP3\Modules\ACP3\Permissions;
/**
* Access control lists
*
* @author Tino Goratsch
* Class ACL
* @package ACP3\Core
*/
class ACL
{
......@@ -234,7 +233,6 @@ class ACL
*
* @param string $module
* @param string $key
* The key of the privilege
*
* @return boolean
*/
......@@ -251,7 +249,6 @@ class ACL
* Überpüft, ob eine Modulaktion existiert und der Benutzer darauf Zugriff hat
*
* @param string $path
* Zu überprüfendes Modul
*
* @return integer
*/
......
<?php
namespace ACP3\Core\ACL;
/**
* Class PermissionEnum
* @package ACP3\Core\ACL
*/
class PermissionEnum
{
const PERMIT_ACCESS = 1;
const INHERIT_ACCESS = 2;
}
\ No newline at end of file
<?php
namespace ACP3\Core\ACL;
/**
* Class PrivilegeEnum
* @package ACP3\Core\ACL
*/
class PrivilegeEnum
{
const ADMIN_SETTINGS = 7;
const ADMIN_DELETE = 6;
const ADMIN_EDIT = 5;
const ADMIN_CREATE = 4;
const ADMIN_VIEW = 3;
const FRONTEND_CREATE = 2;
const FRONTEND_VIEW = 1;
}
\ No newline at end of file
<?php
namespace ACP3\Core\Modules;
use ACP3\Core\ACL\PermissionEnum;
use ACP3\Core\ACL\PrivilegeEnum;
use ACP3\Core\Cache;
use ACP3\Core\Modules\Installer\SchemaInterface;
use Symfony\Component\DependencyInjection\Container;
use ACP3\Modules\ACP3\Permissions;
use Symfony\Component\DependencyInjection\Container;
/**
* Class AclInstaller
......@@ -12,6 +14,9 @@ use ACP3\Modules\ACP3\Permissions;
*/
class AclInstaller implements InstallerInterface
{
const INSTALL_RESOURCES_AND_RULES = 1;
const INSTALL_RESOURCES = 2;
/**
* @var \Symfony\Component\DependencyInjection\Container
*/
......@@ -58,8 +63,7 @@ class AclInstaller implements InstallerInterface
Permissions\Model\RuleRepository $ruleRepository,
Permissions\Model\ResourceRepository $resourceRepository,
Permissions\Model\PrivilegeRepository $privilegeRepository
)
{
) {
$this->container = $container;
$this->aclCache = $aclCache;
$this->schemaHelper = $schemaHelper;
......@@ -74,12 +78,10 @@ class AclInstaller implements InstallerInterface
*
* @param \ACP3\Core\Modules\Installer\SchemaInterface $schema
* @param int $mode
* 1 = Ressourcen und Regeln einlesen
* 2 = Nur die Ressourcen einlesen
*
* @return bool
*/
public function install(SchemaInterface $schema, $mode = 1)
public function install(SchemaInterface $schema, $mode = self::INSTALL_RESOURCES_AND_RULES)
{
$serviceIds = $this->container->getServiceIds();
......@@ -91,7 +93,7 @@ class AclInstaller implements InstallerInterface
}
// Regeln für die Rollen setzen
if ($mode === 1) {
if ($mode === self::INSTALL_RESOURCES_AND_RULES) {
$this->_insertAclRules($schema->getModuleName());
}
......@@ -117,9 +119,7 @@ class AclInstaller implements InstallerInterface
foreach ($actions as $action) {
// Only add the actual module actions (methods which begin with "action")
if (strpos($action, 'action') === 0) {
$actionUnderscored = strtolower(preg_replace('/\B([A-Z])/', '_$1', $action));
// Modulaktionen berücksichtigen, die mit Ziffern anfangen (Error pages)
$action = substr($actionUnderscored, strpos($actionUnderscored, '_') === 6 ? 7 : 6);
$action = $this->convertCamelCaseToUnderscore($action);
// Handle resources with differing access levels
if (isset($specialResources[$area][$controller][$action])) {
......@@ -175,26 +175,41 @@ class AclInstaller implements InstallerInterface
*/
protected function getDefaultAclPrivilegeId($area, $action)
{
if ($area === 'Admin') {
if (strpos($action, 'create') === 0 || strpos($action, 'order') === 0) {
return 4;
} elseif (strpos($action, 'edit') === 0) {
return 5;
} elseif (strpos($action, 'delete') === 0) {
return 6;
} elseif (strpos($action, 'settings') === 0) {
return 7;
}
$area = strtolower($area);
$actionPrivilegeMapping = $this->getActionPrivilegeMapping();
return 3;
if (isset($actionPrivilegeMapping[$area])) {
foreach ($actionPrivilegeMapping[$area] as $actionName => $privilegeId) {
if (strpos($action, $actionName) === 0) {
return $privilegeId;
}
}
}
// Frontend controller actions
if (strpos($action, 'create') === 0) {
return 2;
} else {
return 1;
if ($area === 'admin') {
return PrivilegeEnum::ADMIN_VIEW;
}
return PrivilegeEnum::FRONTEND_VIEW;
}
/**
* @return array
*/
protected function getActionPrivilegeMapping()
{
return [
'admin' => [
'create' => PrivilegeEnum::ADMIN_CREATE,
'order' => PrivilegeEnum::ADMIN_CREATE,
'edit' => PrivilegeEnum::ADMIN_EDIT,
'delete' => PrivilegeEnum::ADMIN_DELETE,
'settings' => PrivilegeEnum::ADMIN_SETTINGS
],
'frontend' => [
'create' => PrivilegeEnum::FRONTEND_CREATE
]
];
}
/**
......@@ -206,17 +221,19 @@ class AclInstaller implements InstallerInterface
protected function getDefaultAclRulePermission($role, $privilege)
{
$permission = 0;
if ($role['id'] == 1 && ($privilege['id'] == 1 || $privilege['id'] == 2)) {
$permission = 1;
if ($role['id'] == 1 &&
($privilege['id'] == PrivilegeEnum::FRONTEND_VIEW || $privilege['id'] == PrivilegeEnum::FRONTEND_CREATE)
) {
$permission = PermissionEnum::PERMIT_ACCESS;
}
if ($role['id'] > 1 && $role['id'] < 4) {
$permission = 2;
$permission = PermissionEnum::INHERIT_ACCESS;
}
if ($role['id'] == 3 && $privilege['id'] == 3) {
$permission = 1;
if ($role['id'] == 3 && $privilege['id'] == PrivilegeEnum::ADMIN_VIEW) {
$permission = PermissionEnum::PERMIT_ACCESS;
}
if ($role['id'] == 4) {
$permission = 1;
$permission = PermissionEnum::PERMIT_ACCESS;
}
return $permission;
......@@ -236,4 +253,16 @@ class AclInstaller implements InstallerInterface
return true;
}
/**
* @param string $action
*
* @return string
*/
protected function convertCamelCaseToUnderscore($action)
{
$actionUnderscored = strtolower(preg_replace('/\B([A-Z])/', '_$1', $action));
// Modulaktionen berücksichtigen, die mit Ziffern anfangen (Error pages)
return substr($actionUnderscored, strpos($actionUnderscored, '_') === 6 ? 7 : 6);
}
}
\ No newline at end of file
......@@ -2,6 +2,7 @@
namespace ACP3\Modules\ACP3\Permissions\Installer;
use ACP3\Core\ACL\PrivilegeEnum;
use ACP3\Core\Modules;
/**
......@@ -93,13 +94,13 @@ class Schema implements Modules\Installer\SchemaInterface
FOREIGN KEY (`user_id`) REFERENCES `{pre}users` (`id`) ON DELETE CASCADE
) {engine} {charset};",
// Default Privileges and user roles
"INSERT INTO `{pre}acl_privileges` (`id`, `key`, `description`) VALUES (1, 'view', '')",
"INSERT INTO `{pre}acl_privileges` (`id`, `key`, `description`) VALUES (2, 'create', '')",
"INSERT INTO `{pre}acl_privileges` (`id`, `key`, `description`) VALUES (3, 'admin_view', '')",
"INSERT INTO `{pre}acl_privileges` (`id`, `key`, `description`) VALUES (4, 'admin_create', '')",
"INSERT INTO `{pre}acl_privileges` (`id`, `key`, `description`) VALUES (5, 'admin_edit', '')",
"INSERT INTO `{pre}acl_privileges` (`id`, `key`, `description`) VALUES (6, 'admin_delete', '')",
"INSERT INTO `{pre}acl_privileges` (`id`, `key`, `description`) VALUES (7, 'admin_settings', '');",
"INSERT INTO `{pre}acl_privileges` (`id`, `key`, `description`) VALUES (" . PrivilegeEnum::FRONTEND_VIEW . ", 'view', '')",
"INSERT INTO `{pre}acl_privileges` (`id`, `key`, `description`) VALUES (" . PrivilegeEnum::FRONTEND_CREATE . ", 'create', '')",
"INSERT INTO `{pre}acl_privileges` (`id`, `key`, `description`) VALUES (" . PrivilegeEnum::ADMIN_VIEW . ", 'admin_view', '')",
"INSERT INTO `{pre}acl_privileges` (`id`, `key`, `description`) VALUES (" . PrivilegeEnum::ADMIN_CREATE . ", 'admin_create', '')",
"INSERT INTO `{pre}acl_privileges` (`id`, `key`, `description`) VALUES (" . PrivilegeEnum::ADMIN_EDIT . ", 'admin_edit', '')",
"INSERT INTO `{pre}acl_privileges` (`id`, `key`, `description`) VALUES (" . PrivilegeEnum::ADMIN_DELETE . ", 'admin_delete', '')",
"INSERT INTO `{pre}acl_privileges` (`id`, `key`, `description`) VALUES (" . PrivilegeEnum::ADMIN_SETTINGS . ", 'admin_settings', '');",
"INSERT INTO `{pre}acl_roles` (`id`, `name`, `root_id`, `parent_id`, `left_id`, `right_id`) VALUES (1, 'Gast', 1, 0, 1, 8)",
"INSERT INTO `{pre}acl_roles` (`id`, `name`, `root_id`, `parent_id`, `left_id`, `right_id`) VALUES (2, 'Mitglied', 1, 1, 2, 7)",
"INSERT INTO `{pre}acl_roles` (`id`, `name`, `root_id`, `parent_id`, `left_id`, `right_id`) VALUES (3, 'Autor', 1, 2, 3, 6)",
......
......@@ -161,10 +161,11 @@ class Install extends AbstractController
*/
private function _setContainer()
{
$environment = $this->container->getParameter('core.environment');
$this->container = new ContainerBuilder();
$this->container->set('core.environment.application_path', $this->appPath);
$this->container->setParameter('core.environment', $this->container->getParameter('core.environment'));
$this->container->setParameter('core.environment', $environment);
$loader = new YamlFileLoader($this->container, new FileLocator(__DIR__));
$loader->load($this->appPath->getClassesDir() . 'config/services.yml');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment