Added user access by permission, User_Permissions behaviour

OpenBuildings · Mar 25, 2014 · 792eb18 · 792eb18
1 parent 11da80e
commit 792eb18
Show file tree

Hide file tree

Showing 4 changed files with 369 additions and 251 deletions.
diff --git a/classes/Jam/Behavior/User/Permissions.php b/classes/Jam/Behavior/User/Permissions.php
@@ -0,0 +1,3 @@
+<?php defined('SYSPATH') OR die('No direct script access.');
+
+class Jam_Behavior_User_Permissions extends Kohana_Jam_Behavior_User_Permissions {}
diff --git a/classes/Kohana/Controller/Tart/Layout.php b/classes/Kohana/Controller/Tart/Layout.php
@@ -9,72 +9,78 @@
  */
 abstract class Kohana_Controller_Tart_Layout extends Controller_Template {
 
-	public $template = 'tart/layout/template';
-	public $access = 'private';
-
-	public function before()
-	{
-		parent::before();
-
-		$access = Auth_Jam::access($this->request->action(), $this->access);
-
-		if ($access === 'private' AND ( ! Auth::instance()->logged_in() OR ! Tart::user_allowed($this->request->uri(), Auth::instance()->get_user())))
-		{
-			if ( ! Auth::instance()->logged_in())
-			{
-				$this->notify('warning', 'You must be logged in to access this page');
-			}
-			else
-			{
-				$this->notify('warning', 'Your user does not have access to "'.$this->request->uri().'" page');
-			}
-
-			Session::instance()->set('requested_url', $this->request->uri());
-			$this->redirect(Tart::uri('session', 'new'));
-		}
-
-		$this->template->title = $this->title();
-		$this->template->sidebar = FALSE;
-	}
-
-	public function title()
-	{
-		$name = str_replace('Controller_Tart_', '', get_class($this));
-		$name = ucwords(Inflector::humanize($name));
-
-		if ($this->request->param('id'))
-		{
-			return ucwords(Inflector::singular($name)).' - '.Inflector::humanize($this->request->action());
-		}
-		else
-		{
-			return $name.' - '.Inflector::humanize($this->request->action());
-		}
-	}
-
-	public function action_batch()
-	{
-		$ids = $this->request->post('id') ?: $this->request->query('id');
-		$action = $this->request->post('action') ?: $this->request->query('action');
-
-		$this->{'batch_'.$action}($ids);
-	}
-
-	public function notify($label, $message)
-	{
-		$notifications = Session::instance()->get('tart.notifications', array());
-
-		$notifications[] = array('label' => $label, 'message' => $message);
-		Session::instance()->set('tart.notifications', $notifications);
-	}
-
-	public function post($name = NULL)
-	{
-		$post = Tart_Request::post($this->request->post(), $_FILES);
-
-		if ($name !== NULL)
-			return Arr::get($post, $name);
-
-		return $post;
-	}
-}
+    const ACCESS_METHOD_PERMISSION = 'permission';
+    const ACCESS_METHOD_URL = 'url';
+
+    public $template = 'tart/layout/template';
+    public $access = 'private';
+    public $access_method = self::AUTH_METHOD_URL;
+    public $access_permission;
+
+    public function before()
+    {
+        parent::before();
+
+        $access = Auth_Jam::access($this->request->action(), $this->access);
+        $access_method = 'user_access_by_'.$this->access_method;
+
+        if ($access === 'private' AND ( ! Auth::instance()->logged_in() OR ! Tart::$access_method(Auth::instance()->get_user(), $this->access_permission, $this->request->uri())))
+        {
+            if ( ! Auth::instance()->logged_in())
+            {
+                $this->notify('warning', 'You must be logged in to access this page');
+            }
+            else
+            {
+                $this->notify('warning', 'Your user does not have access to "'.$this->request->uri().'" page');
+            }
+
+            Session::instance()->set('requested_url', $this->request->uri());
+            $this->redirect(Tart::uri('session', 'new'));
+        }
+
+        $this->template->title = $this->title();
+        $this->template->sidebar = FALSE;
+    }
+
+    public function title()
+    {
+        $name = str_replace('Controller_Tart_', '', get_class($this));
+        $name = ucwords(Inflector::humanize($name));
+
+        if ($this->request->param('id'))
+        {
+            return ucwords(Inflector::singular($name)).' - '.Inflector::humanize($this->request->action());
+        }
+        else
+        {
+            return $name.' - '.Inflector::humanize($this->request->action());
+        }
+    }
+
+    public function action_batch()
+    {
+        $ids = $this->request->post('id') ?: $this->request->query('id');
+        $action = $this->request->post('action') ?: $this->request->query('action');
+
+        $this->{'batch_'.$action}($ids);
+    }
+
+    public function notify($label, $message)
+    {
+        $notifications = Session::instance()->get('tart.notifications', array());
+
+        $notifications[] = array('label' => $label, 'message' => $message);
+        Session::instance()->set('tart.notifications', $notifications);
+    }
+
+    public function post($name = NULL)
+    {
+        $post = Tart_Request::post($this->request->post(), $_FILES);
+
+        if ($name !== NULL)
+            return Arr::get($post, $name);
+
+        return $post;
+    }
+}
diff --git a/classes/Kohana/Jam/Behavior/User/Permissions.php b/classes/Kohana/Jam/Behavior/User/Permissions.php
@@ -0,0 +1,79 @@
+<?php defined('SYSPATH') OR die('No direct script access.');
+
+/**
+ * @package    Jam
+ * @category   Behavior
+ * @author     Yasen Yanev
+ * @copyright  (c) 2014 Despark Ltd.
+ * @license    http://www.opensource.org/licenses/isc-license.txt
+ */
+class Kohana_Jam_Behavior_User_Permissions extends Jam_Behavior {
+
+    /**
+     * Get all permisions for all user roles.
+     * @param  $user permissions for the specific user or for the currently loaded one
+     * @return array - key contains permission name, value contains permission description
+     */
+    public function model_call_permissions(Jam_Model $user, Jam_Event_Data $data)
+    {
+        $cache_key = $user->id();
+
+        if ( ! isset($this->_permissions[$cache_key]) OR $this->_permissions[$cache_key] === NULL)
+        {
+            $res = DB::select(
+                    array('p.name', 'permission'),
+                    array('p.description', 'description')
+                )
+                ->from(array('roles_users', 'ru'))
+                ->join(array('permissions_roles', 'pr'), 'INNER')->on('pr.role_id', '=', 'ru.role_id')
+                ->join(array('permissions', 'p'), 'INNER')->on('p.id', '=', 'pr.permission_id')
+                ->where('ru.user_id', '=', $user->id());
+
+            $this->_permissions[$cache_key] = $res->execute()->as_array('permission', 'description');
+        }
+
+        $data->return = $this->_permissions[$cache_key];
+        $data->stop = TRUE;
+    }
+
+
+    public function model_call_is_superadmin(Jam_Model $user, Jam_Event_Data $data)
+    {
+        $data->return = $user->roles->has('superadmin');
+        $data->stop = TRUE;
+    }
+
+    public function model_call_is_admin(Jam_Model $user, Jam_Event_Data $data)
+    {
+        $data->return = $user->roles->has('admin');
+        $data->stop = TRUE;
+    }
+
+
+    /**
+     * Checks if user has permission.
+     *
+     * @param   mixed    $permission Permission name string, perission Jam object, permission id
+     * @return  boolean
+     */
+    public function model_call_has_permission(Jam_Model $user, Jam_Event_Data $data, $permission)
+    {
+        if ($permission instanceof Model_Permission)
+        {
+            $permission = $permission->name();
+        }
+        elseif (is_numeric($permission))
+        {
+            $permission = Jam::factory('permission', $permission)->name();
+        }
+
+        if ($user->is_superadmin())
+        {
+            $data->return = TRUE;
+            $data->stop = TRUE;
+        }
+
+        $data->return = array_key_exists($permission, $user->permissions());
+        $data->stop = TRUE;
+    }
+}