freenetis-github/application/controllers/acl.php @ 53cf4ce8
| 8baed187 | Michal Kliment | <?php defined('SYSPATH') or die('No direct script access.');
|
|
/*
|
|||
* This file is part of open source system FreenetIS
|
|||
* and it is released under GPLv3 licence.
|
|||
*
|
|||
* More info about licence can be found:
|
|||
* http://www.gnu.org/licenses/gpl-3.0.html
|
|||
*
|
|||
* More info about project can be found:
|
|||
* http://www.freenetis.org/
|
|||
*
|
|||
*/
|
|||
/**
|
|||
* Controller performs actions with access control rules
|
|||
*
|
|||
* @package Controller
|
|||
* @author Michal Kliment
|
|||
*/
|
|||
class Acl_Controller extends Controller
|
|||
| c1bdc1c4 | Michal Kliment | {
|
|
| 8baed187 | Michal Kliment | /**
|
|
* Index function, only redirect to list of all access control rules
|
|||
*
|
|||
* @author Michal Kliment
|
|||
*/
|
|||
public function index()
|
|||
{
|
|||
url::redirect('acl/show_all');
|
|||
}
|
|||
/**
|
|||
* Shows all access control rules
|
|||
*
|
|||
* @author Michal Kliment
|
|||
* @param integer $limit_results
|
|||
* @param string $order_by
|
|||
* @param string $order_by_direction
|
|||
* @param string $page_word
|
|||
* @param integer $page
|
|||
*/
|
|||
public function show_all (
|
|||
$limit_results = 100, $order_by = 'id',
|
|||
$order_by_direction = 'asc',
|
|||
$page_word = 'page', $page = 1)
|
|||
{
|
|||
// check access
|
|||
| c1bdc1c4 | Michal Kliment | if (!$this->acl_check_view('Acl_Controller', 'acl'))
|
|
| 8baed187 | Michal Kliment | Controller::Error(ACCESS);
|
|
// gets new selector
|
|||
| c1bdc1c4 | Michal Kliment | if (is_numeric($this->input->post('record_per_page')))
|
|
$limit_results = (int) $this->input->post('record_per_page');
|
|||
| 8baed187 | Michal Kliment | ||
// parameters control
|
|||
$allowed_order_type = array
|
|||
(
|
|||
'id', 'desription', 'aco_count', 'aro_groups_count','axo_count'
|
|||
);
|
|||
// order by check
|
|||
if (!in_array(strtolower($order_by), $allowed_order_type))
|
|||
$order_by = 'id';
|
|||
// order by direction check
|
|||
if (strtolower($order_by_direction) != 'desc')
|
|||
$order_by_direction = 'asc';
|
|||
| c1bdc1c4 | Michal Kliment | $filter_form = new Filter_form('a');
|
|
$filter_form->add('note');
|
|||
$filter_form->add('aco_value')
|
|||
->label('ACO')
|
|||
->type('select')
|
|||
->values(Aco_Model::get_actions());
|
|||
$filter_form->add('aro_group_id')
|
|||
->label('ARO group')
|
|||
->type('select')
|
|||
->values(Aro_group_Model::get_groups());
|
|||
$filter_form->add('axo_section_value')
|
|||
->label('AXO section')
|
|||
->type('select')
|
|||
->values(Axo_Model::get_section_values());
|
|||
$filter_form->add('axo_value')
|
|||
->label('AXO value')
|
|||
->type('select')
|
|||
->values(Axo_Model::get_values());
|
|||
| 8baed187 | Michal Kliment | $acl_model = new Acl_Model();
|
|
| c1bdc1c4 | Michal Kliment | $total_rules = $acl_model->count_all_rules($filter_form->as_sql());
|
|
| 8baed187 | Michal Kliment | ||
// limit check
|
|||
if (($sql_offset = ($page - 1) * $limit_results) > $total_rules)
|
|||
$sql_offset = 0;
|
|||
$rules = $acl_model->get_all_rules(
|
|||
| c1bdc1c4 | Michal Kliment | $sql_offset, (int)$limit_results, $order_by, $order_by_direction,
|
|
$filter_form->as_sql()
|
|||
| 8baed187 | Michal Kliment | );
|
|
$headline = __('List of all rules for access control');
|
|||
// path to form
|
|||
$path = Config::get('lang') . '/acl/show_all/' . $limit_results . '/'
|
|||
. $order_by . '/' . $order_by_direction.'/'.$page_word.'/'
|
|||
. $page;
|
|||
// it creates grid to view all members
|
|||
$grid = new Grid('acl', null, array
|
|||
(
|
|||
'current' => $limit_results,
|
|||
'selector_increace' => 50,
|
|||
'selector_min' => 100,
|
|||
'selector_max_multiplier' => 20,
|
|||
'base_url' => $path,
|
|||
'uri_segment' => 'page',
|
|||
'total_items' => $total_rules,
|
|||
'items_per_page' => $limit_results,
|
|||
'style' => 'classic',
|
|||
'order_by' => $order_by,
|
|||
'order_by_direction' => $order_by_direction,
|
|||
'limit_results' => $limit_results,
|
|||
| c1bdc1c4 | Michal Kliment | 'filter' => $filter_form
|
|
| 8baed187 | Michal Kliment | ));
|
|
| c1bdc1c4 | Michal Kliment | if ($this->acl_check_new('Acl_Controller', 'acl'))
|
|
{
|
|||
$grid->add_new_button('acl/add', __('Add new rule'));
|
|||
}
|
|||
| 8baed187 | Michal Kliment | ||
$grid->order_field('id')
|
|||
->label(__('ID'));
|
|||
| c1bdc1c4 | Michal Kliment | $grid->order_callback_field('note')
|
|
| 8baed187 | Michal Kliment | ->callback('callback::limited_text');
|
|
$grid->order_callback_field('aco_count')
|
|||
->label(__('ACO count').' '.help::hint('aco_count'))
|
|||
->callback('callback::aco_count_field')
|
|||
->class('center');
|
|||
$grid->order_callback_field('aro_groups_count')
|
|||
->label(__('ARO groups count').' '.help::hint('aro_groups_count'))
|
|||
->callback('callback::aro_groups_count_field')
|
|||
->class('center');
|
|||
$grid->order_callback_field('axo_count')
|
|||
->label(__('AXO count').' '.help::hint('axo_count'))
|
|||
->callback('callback::axo_count_field')
|
|||
->class('center');
|
|||
$actions = $grid->grouped_action_field();
|
|||
$actions->add_action('id')
|
|||
->icon_action('show')
|
|||
->url('acl/show');
|
|||
| c1bdc1c4 | Michal Kliment | if ($this->acl_check_edit('Acl_Controller', 'acl'))
|
|
{
|
|||
$actions->add_action('id')
|
|||
->icon_action('edit')
|
|||
->url('acl/edit');
|
|||
}
|
|||
| 8baed187 | Michal Kliment | ||
| c1bdc1c4 | Michal Kliment | if ($this->acl_check_delete('Acl_Controller', 'acl'))
|
|
{
|
|||
$actions->add_action('id')
|
|||
->icon_action('delete')
|
|||
->url('acl/delete')
|
|||
->class('delete_link');
|
|||
}
|
|||
| 8baed187 | Michal Kliment | ||
$grid->datasource($rules);
|
|||
| c1bdc1c4 | Michal Kliment | if ($this->acl_check_view('Aro_groups_Controller', 'aro_group'))
|
|
{
|
|||
$submenu = array();
|
|||
$submenu[] = html::anchor('acl/show_all', __('Access control rules'));
|
|||
$submenu[] = html::anchor('aro_groups/show_all', __('Access control groups of users'));
|
|||
}
|
|||
else
|
|||
{
|
|||
$submenu = NULL;
|
|||
}
|
|||
| 8baed187 | Michal Kliment | ||
$view = new View('main');
|
|||
$view->breadcrumbs = __('Access control rules');
|
|||
$view->title = $headline;
|
|||
$view->content = new View('show_all');
|
|||
| c1bdc1c4 | Michal Kliment | $this->sections = $submenu;
|
|
$view->content->current = 'acl/show_all';
|
|||
| 8baed187 | Michal Kliment | $view->content->headline = $headline;
|
|
$view->content->table = $grid;
|
|||
$view->render(TRUE);
|
|||
}
|
|||
/**
|
|||
* Shows access control rule
|
|||
*
|
|||
* @author Michal Kliment
|
|||
* @param integer $acl_id
|
|||
*/
|
|||
public function show ($acl_id = NULL)
|
|||
{
|
|||
// check access
|
|||
| c1bdc1c4 | Michal Kliment | if (!$this->acl_check_view('Acl_Controller', 'acl'))
|
|
| 8baed187 | Michal Kliment | Controller::Error(ACCESS);
|
|
// bad parameter
|
|||
if (!$acl_id || !is_numeric($acl_id))
|
|||
Controller::warning (PARAMETER);
|
|||
$acl = new Acl_Model($acl_id);
|
|||
// record doesn't exist
|
|||
if (!$acl->id)
|
|||
Controller::error(RECORD);
|
|||
/** ACO **/
|
|||
$acos = $acl->get_acos();
|
|||
// grid
|
|||
$aco_grid = new Grid(url_lang::base().'aco', null, array
|
|||
(
|
|||
'use_paginator' => false,
|
|||
'use_selector' => false,
|
|||
'total_items' => count($acos)
|
|||
));
|
|||
$aco_grid->callback_field('value')
|
|||
->callback('callback::aco_value_field');
|
|||
$aco_grid->datasource($acos);
|
|||
/** ARO groups **/
|
|||
$aro_groups = $acl->get_aro_groups();
|
|||
// grid
|
|||
$aro_groups_grid = new Grid(url_lang::base().'aro_groups', null, array
|
|||
(
|
|||
'use_paginator' => false,
|
|||
'use_selector' => false,
|
|||
'total_items' => count($aro_groups)
|
|||
));
|
|||
$aro_groups_grid->field('id')
|
|||
->label(__('ID'));
|
|||
$aro_groups_grid->field('name');
|
|||
$aro_groups_grid->datasource($aro_groups);
|
|||
/** AXO **/
|
|||
$axos = $acl->get_axos();
|
|||
// grid
|
|||
$axo_grid = new Grid(url_lang::base().'axo', null, array
|
|||
(
|
|||
'use_paginator' => false,
|
|||
'use_selector' => false,
|
|||
'total_items' => count($axos)
|
|||
));
|
|||
$axo_grid->field('id')
|
|||
->label(__('ID'));
|
|||
$axo_grid->field('section_value')
|
|||
->label('Section');
|
|||
$axo_grid->field('value');
|
|||
$axo_grid->field('name');
|
|||
| c1bdc1c4 | Michal Kliment | if ($this->acl_check_new('Acl_Controller', 'acl') ||
|
|
$this->acl_check_edit('Acl_Controller', 'acl'))
|
|||
{
|
|||
$axo_grid->callback_field('name')
|
|||
->callback('callback::axodoc')
|
|||
->label('Actions');
|
|||
}
|
|||
| 8baed187 | Michal Kliment | $axo_grid->datasource($axos);
|
|
$headline = __('Show access control rule');
|
|||
$breadcrumbs = breadcrumbs::add()
|
|||
->link('acl/show_all', 'Access control rules',
|
|||
| c1bdc1c4 | Michal Kliment | $this->acl_check_view('Acl_Controller', 'acl'))
|
|
| 8baed187 | Michal Kliment | ->text('ID '.$acl->id);
|
|
$view = new View('main');
|
|||
$view->breadcrumbs = $breadcrumbs->html();
|
|||
$view->title = $headline;
|
|||
$view->content = new View('access_rights/acl_show');
|
|||
$view->content->acl = $acl;
|
|||
$view->content->aco_grid = $aco_grid;
|
|||
$view->content->aro_groups_grid = $aro_groups_grid;
|
|||
$view->content->axo_grid = $axo_grid;
|
|||
$view->render(TRUE);
|
|||
}
|
|||
/**
|
|||
* Adds new access control rule
|
|||
*
|
|||
* @author Michal Kliment
|
|||
*/
|
|||
public function add ()
|
|||
{
|
|||
// check access
|
|||
| c1bdc1c4 | Michal Kliment | if (!$this->acl_check_new('Acl_Controller', 'acl'))
|
|
| 8baed187 | Michal Kliment | Controller::Error(ACCESS);
|
|
$form = new Forge(url::base(TRUE).url::current(TRUE));
|
|||
$form->textarea('description')
|
|||
->rules('required')
|
|||
->style('width:600px');
|
|||
$form->dropdown('aco[]')
|
|||
| c1bdc1c4 | Michal Kliment | ->label('ACO')
|
|
->help(help::hint('aco'))
|
|||
| 8baed187 | Michal Kliment | ->rules('required')
|
|
->options(Aco_Model::get_actions())
|
|||
->multiple('multiple')
|
|||
| c1bdc1c4 | Michal Kliment | ->size(10);
|
|
| 8baed187 | Michal Kliment | ||
$aro_group_model = new Aro_group_Model();
|
|||
| c1bdc1c4 | Michal Kliment | $arr_aro_groups = $aro_group_model->select_list('id', 'name', 'name');
|
|
| 8baed187 | Michal Kliment | ||
$form->dropdown('aro_group[]')
|
|||
| c1bdc1c4 | Michal Kliment | ->label('ARO groups')
|
|
->help(help::hint('aro_groups'))
|
|||
| 8baed187 | Michal Kliment | ->rules('required')
|
|
->options($arr_aro_groups)
|
|||
->multiple('multiple')
|
|||
->size(20);
|
|||
$axo_model = new Axo_Model();
|
|||
| c1bdc1c4 | Michal Kliment | $arr_axos = $axo_model->select_list('id', 'CONCAT(section_value, \' - \', name)');
|
|
| 8baed187 | Michal Kliment | ||
$form->dropdown('axo[]')
|
|||
| c1bdc1c4 | Michal Kliment | ->label('AXO')
|
|
->help(help::hint('axo'))
|
|||
| 8baed187 | Michal Kliment | ->rules('required')
|
|
->options($arr_axos)
|
|||
->multiple('multiple')
|
|||
->size(20);
|
|||
$form->submit('submit')
|
|||
->value(__('Add'));
|
|||
// form is validate
|
|||
if ($form->validate())
|
|||
{
|
|||
$form_data = $form->as_array();
|
|||
$aco = (isset($_POST["aco"])) ? $_POST["aco"] : array();
|
|||
$aro_groups = (isset($_POST["aro_group"])) ? $_POST["aro_group"] : array();
|
|||
$axo = (isset($_POST["axo"])) ? $_POST["axo"] : array();
|
|||
$axo_model = new Axo_Model();
|
|||
$axo = $axo_model->get_values_by_ids($axo);
|
|||
$acl = new Acl_Model();
|
|||
$acl->note = $form_data['description'];
|
|||
$acl->save();
|
|||
$acl->insert_aco($aco);
|
|||
$acl->insert_aro_groups($aro_groups);
|
|||
$acl->insert_axo($axo);
|
|||
status::success('Access control rule has been successfully added.');
|
|||
url::redirect('acl/show/'.$acl->id);
|
|||
}
|
|||
$headline = __('Add access control rule');
|
|||
$breadcrumbs = breadcrumbs::add()
|
|||
->link('acl/show_all', 'Access control rules',
|
|||
| c1bdc1c4 | Michal Kliment | $this->acl_check_view('Acl_Controller', 'acl'))
|
|
| 8baed187 | Michal Kliment | ->text('Add new rule');
|
|
$view = new View('main');
|
|||
$view->breadcrumbs = $breadcrumbs->html();
|
|||
$view->title = $headline;
|
|||
$view->content = new View('form');
|
|||
$view->content->form = $form;
|
|||
$view->content->headline = $headline;
|
|||
$view->render(TRUE);
|
|||
}
|
|||
/**
|
|||
* Edits access control rule
|
|||
*
|
|||
* @author Michal Kliment
|
|||
* @param integer $acl_id
|
|||
*/
|
|||
public function edit ($acl_id = NULL)
|
|||
{
|
|||
// check access
|
|||
| c1bdc1c4 | Michal Kliment | if (!$this->acl_check_edit('Acl_Controller', 'acl'))
|
|
| 8baed187 | Michal Kliment | Controller::Error(ACCESS);
|
|
// bad parameter
|
|||
if (!$acl_id || !is_numeric($acl_id))
|
|||
Controller::warning (PARAMETER);
|
|||
$acl = new Acl_Model($acl_id);
|
|||
// record doesn't exist
|
|||
if (!$acl->id)
|
|||
Controller::error(RECORD);
|
|||
$form = new Forge(url::base(TRUE).url::current(TRUE));
|
|||
$form->textarea('description')
|
|||
->value($acl->note)
|
|||
->rules('required')
|
|||
->style('width:600px');
|
|||
$sel_acos = array();
|
|||
foreach ($acl->get_acos() as $aco)
|
|||
$sel_acos[] = $aco->value;
|
|||
$form->dropdown('aco[]')
|
|||
| c1bdc1c4 | Michal Kliment | ->label('ACO')
|
|
->help(help::hint('aco'))
|
|||
| 8baed187 | Michal Kliment | ->rules('required')
|
|
->options(Aco_Model::get_actions())
|
|||
->selected($sel_acos)
|
|||
->multiple('multiple')
|
|||
| c1bdc1c4 | Michal Kliment | ->size(10);
|
|
| 8baed187 | Michal Kliment | ||
$aro_group_model = new Aro_group_Model();
|
|||
| c1bdc1c4 | Michal Kliment | $arr_aro_groups = $aro_group_model->select_list('id', 'name', 'name');
|
|
| 8baed187 | Michal Kliment | ||
$sel_aro_groups = array();
|
|||
foreach ($acl->get_aro_groups() as $aro_group)
|
|||
$sel_aro_groups[] = $aro_group->id;
|
|||
$form->dropdown('aro_group[]')
|
|||
| c1bdc1c4 | Michal Kliment | ->label('ARO groups')
|
|
->help(help::hint('aro_groups'))
|
|||
| 8baed187 | Michal Kliment | ->rules('required')
|
|
->options($arr_aro_groups)
|
|||
->selected($sel_aro_groups)
|
|||
->multiple('multiple')
|
|||
->size(20);
|
|||
$axo_model = new Axo_Model();
|
|||
| c1bdc1c4 | Michal Kliment | $arr_axos = $axo_model->select_list('id', 'CONCAT(section_value, \' - \', name)');
|
|
| 8baed187 | Michal Kliment | ||
$sel_axos = array();
|
|||
foreach ($acl->get_axos() as $axo)
|
|||
$sel_axos[] = $axo->id;
|
|||
$form->dropdown('axo[]')
|
|||
| c1bdc1c4 | Michal Kliment | ->label('AXO')
|
|
->help(help::hint('axo'))
|
|||
| 8baed187 | Michal Kliment | ->rules('required')
|
|
->options($arr_axos)
|
|||
->selected($sel_axos)
|
|||
->multiple('multiple')
|
|||
->size(20);
|
|||
$form->submit('submit')
|
|||
->value(__('Update'));
|
|||
// form is validate
|
|||
if ($form->validate())
|
|||
{
|
|||
$form_data = $form->as_array();
|
|||
$aco = (isset($_POST["aco"])) ? $_POST["aco"] : array();
|
|||
$aro_groups = (isset($_POST["aro_group"])) ? $_POST["aro_group"] : array();
|
|||
$axo = (isset($_POST["axo"])) ? $_POST["axo"] : array();
|
|||
$axo_model = new Axo_Model();
|
|||
$axo = $axo_model->get_values_by_ids($axo);
|
|||
$acl->note = $form_data['description'];
|
|||
$acl->save();
|
|||
$acl->clean_rule();
|
|||
$acl->insert_aco($aco);
|
|||
$acl->insert_aro_groups($aro_groups);
|
|||
$acl->insert_axo($axo);
|
|||
status::success('Access control rule has been successfully updated.');
|
|||
url::redirect('acl/show/'.$acl->id);
|
|||
}
|
|||
$headline = __('Edit access control rule');
|
|||
$breadcrumbs = breadcrumbs::add()
|
|||
->link('acl/show_all', 'Access control rules',
|
|||
| c1bdc1c4 | Michal Kliment | $this->acl_check_view('Acl_Controller', 'acl'))
|
|
| 8baed187 | Michal Kliment | ->link('acl/show/'.$acl->id, 'ID '.$acl->id,
|
|
| c1bdc1c4 | Michal Kliment | $this->acl_check_view('Acl_Controller', 'acl'))
|
|
| 8baed187 | Michal Kliment | ->text('Edit');
|
|
$view = new View('main');
|
|||
$view->breadcrumbs = $breadcrumbs->html();
|
|||
$view->title = $headline;
|
|||
$view->content = new View('form');
|
|||
$view->content->form = $form;
|
|||
$view->content->headline = $headline;
|
|||
$view->render(TRUE);
|
|||
}
|
|||
/**
|
|||
* Deletes access control rule
|
|||
*
|
|||
* @author Michal Kliment
|
|||
* @param integer $acl_id
|
|||
*/
|
|||
public function delete ($acl_id = NULL)
|
|||
{
|
|||
// check access
|
|||
| c1bdc1c4 | Michal Kliment | if (!$this->acl_check_delete('Acl_Controller', 'acl'))
|
|
| 8baed187 | Michal Kliment | Controller::Error(ACCESS);
|
|
// bad parameter
|
|||
if (!$acl_id || !is_numeric($acl_id))
|
|||
Controller::warning(PARAMETER);
|
|||
$acl = new Acl_Model($acl_id);
|
|||
// record doesn't exist
|
|||
if (!$acl->id)
|
|||
Controller::error(RECORD);
|
|||
// clean ACL
|
|||
$acl->clean_rule();
|
|||
// successfully deleted
|
|||
if ($acl->delete())
|
|||
status::success('Access control rule has been successfully deleted.');
|
|||
else
|
|||
status::error('Error - cannot delete access rule.');
|
|||
url::redirect('acl/show_all');
|
|||
}
|
|||
}
|