[icinga-checkins] icinga.org: icinga-web/jmosshammer/default2: * moved rbac_definitions to db

git at icinga.org git at icinga.org
Mon Apr 26 12:16:03 CEST 2010


Module: icinga-web
Branch: jmosshammer/default2
Commit: 2711645817b06927dfc877ca4aa402e9fd825b93
URL:    https://git.icinga.org/?p=icinga-web.git;a=commit;h=2711645817b06927dfc877ca4aa402e9fd825b93

Author: jmosshammer <jannis.mosshammer at netways.de>
Date:   Fri Apr 23 17:45:39 2010 +0200

* moved rbac_definitions to db

---

 lib/appkit/auth/AppKitSecurityUser.class.php       |   41 +++++++++-
 lib/appkit/database/models/NsmRole.php             |   86 +++++++++++++++++++-
 lib/appkit/database/models/NsmTarget.php           |    2 +-
 .../database/models/generated/BaseNsmRole.php      |   24 ++++--
 4 files changed, 142 insertions(+), 11 deletions(-)

diff --git a/lib/appkit/auth/AppKitSecurityUser.class.php b/lib/appkit/auth/AppKitSecurityUser.class.php
index 69daddc..0872c31 100644
--- a/lib/appkit/auth/AppKitSecurityUser.class.php
+++ b/lib/appkit/auth/AppKitSecurityUser.class.php
@@ -2,6 +2,8 @@
 
 class AppKitSecurityUser extends AgaviRbacSecurityUser {
 	
+	const SOURCE = "DB"; // change this to xml to read from rbac_definitions.xml
+	
 	const USEROBJ_ATTRIBUTE = 'userobj';
 	
 	/**
@@ -93,13 +95,42 @@ class AppKitSecurityUser extends AgaviRbacSecurityUser {
 	 * @author Marius Hein
 	 */
 	private function applyDoctrineUserRoles(NsmUser &$user) {
-		foreach ($user->NsmRole as $role) {
-			$this->grantRole($role->role_name);
+		if(self::SOURCE == "XML") {
+			foreach ($user->NsmRole as $role) {
+				$this->grantRole($role->role_name);
+			}
+		} else {
+			$this->getCredentialsFromDB($user); 			
 		}
 		
 		return true;
 	}
 	
+	private function getCredentialsFromDB(NsmUser &$user) {
+		foreach($user->NsmRole as $role) {
+			$this->roles[] = $role;
+			$next = $role;
+			$this->addCredentialsFromRole($role);
+			while($next->hasParent()) {
+				$next = $next->getParent();
+				$this->addCredentialsFromRole($next);
+				$this->roles[] = $next;
+			}
+		}
+		foreach($user->getTargets("credential") as $credential) {
+		}
+	
+	}
+	
+	private function addCredentialsFromRole(NsmRole &$role) {
+		$log = array("Test\n");
+		foreach($role->getTargets("credential") as $credential) {
+			$this->addCredential($credential->get("target_name"));
+			$log[] = $credential->get("target_name");
+		}	
+		file_put_contents("/var/www/log.txt",$log,FILE_APPEND);
+	}
+	
 	public function initialize(AgaviContext $context, array $parameters = array()) {
 		parent::initialize($context, $parameters);
 	}
@@ -153,6 +184,12 @@ class AppKitSecurityUser extends AgaviRbacSecurityUser {
 	public function delPref($key) {
 		return $this->getNsmUser()->delPref($ley);
 	}
+	
+	protected function loadDefinitions() {
+		if(self::SOURCE == 'XML')
+			parent::loadDefinitions();
+		
+	}
 }
 
 class AppKitSecurityUserException extends AppKitException {}
diff --git a/lib/appkit/database/models/NsmRole.php b/lib/appkit/database/models/NsmRole.php
index af7c239..78b5a77 100755
--- a/lib/appkit/database/models/NsmRole.php
+++ b/lib/appkit/database/models/NsmRole.php
@@ -5,7 +5,9 @@
  */
 class NsmRole extends BaseNsmRole
 {
-
+	private $principals_list = null;
+	private $principals = null;
+	
 	public function setUp () {
 
 		parent::setUp();
@@ -23,4 +25,86 @@ class NsmRole extends BaseNsmRole
 
 	}
 
+	public function hasParent() {
+
+		if($this->get('role_parent'))
+			return true;
+		return false;
+	}
+	
+	public function getParent() {
+		if($this->hasParent())
+			return $this->NsmRole;
+		return null;
+	}
+	
+/**
+	 * Returns a list of all belonging principals
+	 * @return array
+	 */
+	public function getPrincipalsList() {
+	
+		if ($this->principals_list === null) {
+			
+			$this->principals_list = array_keys( $this->getPrincipals()->toArray() );
+				
+		}
+
+		return $this->principals_list;
+	}
+	
+	
+	/**
+	 * Return all principals belonging to this
+	 * role
+	 * @return Doctrine_Collection
+	 */
+	public function getPrincipals() {
+
+		if ($this->principals === null) {
+		
+			$this->principals = Doctrine_Query::create()
+			->select('p.*')
+			->from('NsmPrincipal p INDEXBY p.principal_id')
+			->andWhere('p.principal_type = ? AND p.principal_role_id = ?',array('role',$this->get("role_id")))
+			
+			->execute();
+
+		}
+		
+		return $this->principals;
+		
+	}
+	
+	/**
+	 * Returns a DQL providing the user targets
+	 * @param string $type
+	 * @return Doctrine_Query
+	 */
+	protected function getTargetsQuery($type=null) {
+	
+		$q = Doctrine_Query::create()
+		->select('t.*')
+		->distinct(true)
+		->from('NsmTarget t INDEXBY t.target_id')
+		->innerJoin('t.NsmPrincipalTarget pt')
+		->andWhereIn('pt.pt_principal_id', $this->getPrincipalsList());
+		
+		if ($type !== null) {
+			$q->andWhere('t.target_type=?', array($type));
+		}
+
+		return $q;
+		
+	}
+	
+	/**
+	 * Return all targets belonging to thsi user
+	 * @param string $type
+	 * @return Doctrine_Collection
+	 */
+	public function getTargets($type=null) {
+		return $this->getTargetsQuery($type)->execute();
+	}
+	
 }
\ No newline at end of file
diff --git a/lib/appkit/database/models/NsmTarget.php b/lib/appkit/database/models/NsmTarget.php
index a8e4baa..412cdb0 100644
--- a/lib/appkit/database/models/NsmTarget.php
+++ b/lib/appkit/database/models/NsmTarget.php
@@ -32,7 +32,7 @@ class NsmTarget extends BaseNsmTarget
 			return $this->target_object;
 			
 		}
-		
+
 		throw new AppKitDoctrineException('Class %s for target not found!', $this->target_class);
 	}
 	
diff --git a/lib/appkit/database/models/generated/BaseNsmRole.php b/lib/appkit/database/models/generated/BaseNsmRole.php
index d73ef9d..604c3c8 100755
--- a/lib/appkit/database/models/generated/BaseNsmRole.php
+++ b/lib/appkit/database/models/generated/BaseNsmRole.php
@@ -68,17 +68,27 @@ abstract class BaseNsmRole extends Doctrine_Record
              'notnull' => true,
              'autoincrement' => false,
              ));
+		$this->hasColumn('role_parent', 'integer', 4, array(
+        	 'type' => 'integer',
+             'length' => 4,
+             'unsigned' => 0,
+
+             ));
     }
 
     public function setUp()
     {
         parent::setUp();
-    $this->hasOne('NsmPrincipal', array(
-             'local' => 'role_id',
-             'foreign' => 'principal_role_id'));
-
-        $this->hasMany('NsmUserRole', array(
-             'local' => 'role_id',
-             'foreign' => 'usro_role_id'));
+	    $this->hasOne('NsmPrincipal', array(
+	             'local' => 'role_id',
+	             'foreign' => 'principal_role_id'));
+	
+	    $this->hasMany('NsmUserRole', array(
+	             'local' => 'role_id',
+	             'foreign' => 'usro_role_id'));
+	    
+	    $this->hasOne('NsmRole', array(
+	             'local' => 'role_parent',
+	             'foreign' => 'role_id'));
     }
 }
\ No newline at end of file





More information about the icinga-checkins mailing list