Reworked aros_acos creation

- moved and fixed the aros_acos creation on the new role creation - new method in appController that sets all the aros_acos from scratch (for example for a new instance, or a changed acos / aros table) - some minor changes, redirects to the terms page on invalid events removed, etc.
2013-02-05 17:22:37 +01:00 · 2013-02-05 17:22:37 +01:00 · e976242878
parent 6ef3ea7050
commit e976242878
5 changed files with 109 additions and 40 deletions
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@ -372,6 +372,91 @@ class AppController extends Controller {
 		$this->generateHop($yourOrg);
 	}

+	public function generateArosAcos() {
+		if (!self::_isAdmin()) throw new NotFoundException();
+		$this->loadModel('Role');
+		$roles = $this->Role->find('all',array('recursive' => 0));
+		foreach ($roles as $role) {
+			$this->generateACL($role);
+		}
+		exit;
+	}
+
+	public function generateACL($inc) {
+		if (!self::_isAdmin()) throw new NotFoundException();
+		if($inc['Role']['permission'] == null) $inc['Role']['permission'] = 0;
+		switch ($inc['Role']['permission']) {
+			case '0':
+				$permAdd = false;
+				$permModify = false;
+				$PermModifyOrg = false;
+				$permPublish = false;
+				break;
+			case '1':
+				$permAdd = true;
+				$permModify = true;
+				$PermModifyOrg = false;
+				$permPublish = false;
+				break;
+			case '2':
+				$permAdd = true;
+				$permModify = true;
+				$PermModifyOrg = true;
+				$permPublish = false;
+				break;
+			case '3':
+				$permAdd = true;
+				$permModify = true;
+				$PermModifyOrg = true;
+				$permPublish = true;
+				break;
+			default:
+				break;
+		}
+		if ($permAdd) {
+			$this->Acl->allow($inc, 'controllers/Events/add');
+			$this->Acl->allow($inc, 'controllers/Attributes/add');
+		} else {
+			$this->Acl->deny($inc, 'controllers/Events/add');
+			$this->Acl->deny($inc, 'controllers/Attributes/add');
+		}
+		if ($permModify) {
+			$this->Acl->allow($inc, 'controllers/Events/edit');
+			$this->Acl->allow($inc, 'controllers/Attributes/edit');
+		} else {
+			$this->Acl->deny($inc, 'controllers/Events/edit');
+			$this->Acl->deny($inc, 'controllers/Attributes/edit');
+		}
+		if ($permPublish) {
+			$this->Acl->allow($inc, 'controllers/Events/publish');
+		} else {
+			$this->Acl->deny($inc, 'controllers/Events/publish');
+		}
+		if (isset($inc['Role']['perm_sync'])) {
+			if ($inc['Role']['perm_sync']) {
+				$this->Acl->allow($inc, 'controllers/Servers');
+			}
+		} else {
+				$this->Acl->deny($inc, 'controllers/Servers');
+		}
+
+		if (isset($inc['Role']['perm_audit'])) {
+			if ($inc['Role']['perm_audit']) {
+				$this->Acl->allow($inc, 'controllers/Logs');
+			}
+		} else {
+			$this->Acl->deny($inc, 'controllers/Logs');
+		}
+
+		if (isset($inc['Role']['perm_admin'])) {
+			if ($inc['Role']['perm_admin']) {
+				//$this->Acl->allow($inc, 'controllers/Logs');
+			}
+		} else {
+			$this->Acl->deny($inc, 'controllers/Roles');
+		}
+	}
+
 	public function generateCorrelation() {
 		if (!self::_isAdmin()) throw new NotFoundException();

--- a/app/Controller/AttributesController.php
+++ b/app/Controller/AttributesController.php
@ -528,7 +528,7 @@ class AttributesController extends AppController {
 				// check for non-private and re-read
 				if (($this->Attribute->data['Event']['org'] != $this->Auth->user('org')) || (($this->Attribute->data['Event']['org'] == $this->Auth->user('org')) && ($this->Attribute->data['Event']['user_id'] != $this->Auth->user('id')) && (!$this->checkAcl('edit') || !$this->checkRole() || !$this->checkAcl('publish')))) {
 					$this->Session->setFlash(__('Invalid attribute.'));
-					$this->redirect(array('controller' => 'users', 'action' => 'terms'));
+					$this->redirect(array('controller' => 'events', 'action' => 'index'));
 				}
 			}
 		}
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@ -173,7 +173,7 @@ class EventsController extends AppController {
 				// check private
 				if (($this->Event->data['Event']['private'] && !$this->Event->data['Event']['cluster']) && ($this->Event->data['Event']['org'] != $this->Auth->user('org'))) {
 					$this->Session->setFlash(__('Invalid event.'));
-					$this->redirect(array('controller' => 'users', 'action' => 'terms'));
+					$this->redirect(array('controller' => 'events', 'action' => 'index'));
 				}
 			}
 			$this->set('analysisLevels', $this->Event->analysisLevels);
--- a/app/Controller/RolesController.php
+++ b/app/Controller/RolesController.php
@ -9,13 +9,13 @@ App::uses('AppController', 'Controller');
 */
 class RolesController extends AppController {

-	public $options = array('0' => 'Read Only', '1' => 'Manage My Own Events', '2' => 'Manage Organization Events', '3' => 'Manage &amp; Publish Organization Events');
+	public $options = array('0' => 'Read Only', '1' => 'Manage My Own Events', '2' => 'Manage Organization Events', '3' => 'Manage &amp Publish Organization Events');

 	public $components = array(
 		'Acl',
 		'Auth' => array(
 			'authorize' => array(
-				'Actions' => array('actionPath' => 'controllers/Roles')
+				'Actions' => array('actionPath' => 'controllers')
 			)
 		),
 		'Security',
@ -45,6 +45,8 @@ class RolesController extends AppController {
 */
 	public function view($id = null) {
 		$this->Role->id = $id;
+		//$this->Acl->allow($this->Role, 'controllers/Events/add');
+		debug('here');
 		if (!$this->Role->exists()) {
 			throw new NotFoundException(__('Invalid role'));
 		}
@ -58,8 +60,23 @@ class RolesController extends AppController {
 */
 	public function admin_add() {
 		if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));
-		$this->AdminCrud->adminAdd();
+		if ($this->request->is('post')) {
+			$this->Role->create();
+			if ($this->Role->save($this->request->data)) {
+				$this->Session->setFlash(__(sprintf('The Role has been saved.')));
+				$this->set('options', $this->options);
+				$passAlong = $this->Role->read(null, $this->Role->getInsertID());
+				debug($passAlong);
+				$this->generateACL($passAlong);
+				$this->redirect(array('action' => 'index'));
+			} else {
+				if (!($this->Session->check('Message.flash'))) {
+					$this->Role->Session->setFlash(__(sprintf('The Role could not be saved. Please, try again.')));
+				}
+			}
+		}
 		$this->set('options', $this->options);
+		//$this->AdminCrud->adminAdd();
 	}

 /**
--- a/app/Model/Role.php
+++ b/app/Model/Role.php
@ -7,6 +7,8 @@ App::uses('AppModel', 'Model');
 */
 class Role extends AppModel {

+	public $components = array('Acl');
+
 /**
 * Validation rules
 *
@ -100,39 +102,4 @@ class Role extends AppModel {
 		}
 		return true;
 	}
-
-	public function afterSava($created) {
-		$this->saveAcl($this, $this->data['Role']['perm_add'], $this->data['Role']['perm_modify'], $this->data['Role']['perm_publish']);	// save to ACL as well
-	}
-
-/**
- * saveAcl method
- *
- * @param string $id
- * @return void
- */
-	public function saveAcl($role, $permAdd = false, $permModify = false, $permPublish = false) {
-		$acl = new Acl();
-		// this all could need some 'if-changed then do'
-
-		if ($permAdd) {
-			$acl->allow($role, 'controllers/Events/add');
-			$acl->allow($role, 'controllers/Attributes/add');
-		} else {
-			$acl->deny($role, 'controllers/Events/add');
-			$aAcl->deny($role, 'controllers/Attributes/add');
-		}
-		if ($permModify) {
-			$acl->allow($role, 'controllers/Events/edit');
-			$acl->allow($role, 'controllers/Attributes/edit');
-		} else {
-			$acl->deny($role, 'controllers/Events/edit');
-			$acl->deny($role, 'controllers/Attributes/edit');
-		}
-		if ($permPublish) {
-			$acl->allow($role, 'controllers/Events/publish');
-		} else {
-			$acl->deny($role, 'controllers/Events/publish');
-		}
-	}
 }