Advertisement
fernandezekiel

Untitled

Apr 11th, 2013
311
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 11.52 KB | None | 0 0
  1. <?php
  2.  
  3. /**
  4.  * this model assumes that the record will be restricted to different users
  5.  * @property string $_ownername
  6.  * @property string $_branchname
  7.  * @author Ezekiel Fernandez Team10
  8.  * @todo  improve some calls
  9.  * this revolves around CRUD
  10.  * create read update delete
  11.  * @todo add more fine grain actions
  12.  */
  13. class RestrictedActiveRecord extends CActiveRecord {
  14.  
  15.     public $alias;
  16.     public $enableFiltering = true;
  17.     private $_ownername = null;
  18.     private $_branchname = null;
  19.     private $_ownerfullname = null;
  20.     private $_branch_id = null;
  21.     public $autoAuthItemMatch = true;
  22.     public $hideSoftDeleted = true;
  23.     public $accessTerms = array(
  24.         'generalAccessTerm' => 'any',
  25.         'ownAccessTerm' => 'own',
  26.         'readAccessTerm' => 'view',
  27.         'updateAccessTerm' => 'update',
  28.         'createAccessTerm' => 'create',
  29.         'deleteAccessTerm' => 'delete'
  30.     );
  31.     public $defaultOptions = array(
  32.     );
  33.     public $defaultRules = array(
  34.         array('ownername, ownerfullname, branch_id, branchname', 'safe')
  35.     );
  36.     public $relations = array('owner' => array(self::BELONGS_TO, 'User', 'owner_id'));
  37.  
  38.     /**
  39.      * @method getModelName is to retreive what model has extended to this class
  40.      * @return type
  41.      */
  42.     public static function getModelName($uppercase = false) {
  43.         return strtolower(get_called_class());
  44.     }
  45.  
  46.     /**
  47.      *
  48.      * @return User
  49.      */
  50.     public static function getUser() {
  51.         /**
  52.          * add securirty layer here
  53.          */
  54.         return User::model()->findByPk(Yii::app()->user->id);
  55.     }
  56.  
  57.     /**
  58.      *
  59.      * @param string $action
  60.      * @param string $scope
  61.      * @param string $model
  62.      * @return type
  63.      */
  64.     public static function createAuthItem($action, $scope, $model) {
  65.         return $action . '.' . $scope . '.' . $model;
  66.     }
  67.  
  68.     public static function mayGenerally($model_object, $action) {
  69.         $user = self::getUser();
  70.         $model_class = get_class($model_object);
  71.         $authItem = self::createAuthItem($action, $model_object->accessTerms['generalAccessTerm'], $model_class);
  72.         if ($model_object->autoAuthItemMatch == false) {
  73.             $accessRules = $model_object->accessRules();
  74.  
  75.             $authItem = null;
  76.             if (array_key_exists($action, $accessRules)) {
  77.                 if (array_key_exists($model_object->accessTerms['generalAccessTerm'], $accessRules[$action]))
  78.                     $autItem = $accessRules[$action][$model_object->accessTerms['generalAccessTerm']];
  79.             }
  80.         }
  81.  
  82.         if (Yii::app()->user->checkAccess($authItem))
  83.             return true;
  84.  
  85.         return false;
  86.     }
  87.  
  88.     public static function mayGenerallyInBranch($model_object, $action) {
  89.         $user = self::getUser();
  90.         $model_class = get_class($model_object);
  91.         $authItem = self::createAuthItem($action, $model_object->accessTerms['generalAccessTerm'], $model_class);
  92.         if ($model_object->autoAuthItemMatch == false) {
  93.             $accessRules = $model_object->accessRules();
  94.  
  95.             $authItem = null;
  96.             if (array_key_exists($action, $accessRules)) {
  97.                 if (array_key_exists($model_object->accessTerms['generalAccessTerm'], $accessRules[$action]))
  98.                     $autItem = $accessRules[$action][$model_object->accessTerms['generalAccessTerm']];
  99.             }
  100.         }
  101.  
  102.         if (Yii::app()->user->checkAccess($authItem))
  103.             return true;
  104.  
  105.         return false;
  106.     }
  107.  
  108.     public function __construct($scenario = 'insert') {
  109.         parent::__construct($scenario);
  110.         $this->generateAlias();
  111.     }
  112.  
  113.     public function afterConstruct() {
  114.  
  115.         parent::afterConstruct();
  116.     }
  117.  
  118.     /**
  119.      * this function is only for those with cdbcriteria
  120.      * @param type $conditions
  121.      * @param type $params
  122.      * @param type $options
  123.      * @return \CDbCriteria
  124.      */
  125.     public function generateAlias() {
  126.         $alias = get_called_class();
  127.         if (isset($this->alias) && $this->alias != null) {
  128.             $alias = $this->alias;
  129.         } else {
  130.             $this->alias = $alias;
  131.         }
  132.         return $alias;
  133.     }
  134.  
  135.     protected function generateAccessCheck($conditions = '', $params = array(), $options = array()) {
  136.         $user = self::getUser();
  137.         if (is_object($conditions) && get_class($conditions) == 'CDbCriteria') {
  138.             $criteria = $conditions;
  139.         } else {
  140.             $criteria = new CDbCriteria;
  141.             $criteria->mergeWith(array(
  142.                 'condition' => $conditions,
  143.                 'params' => $params
  144.             ));
  145.         }
  146.         $alias = $this->alias;
  147.         /**
  148.          * for soft delete
  149.          */
  150.         if (isset($this->SoftDeleteBehavior) && $this->hideSoftDeleted) {
  151.             if ($this->hasAttribute($this->SoftDeleteBehavior->deleteColumn))
  152.                 $criteria->mergeWith(array('alias' => $alias, 'condition' => $alias . '.deleted!=1'));
  153.         }
  154.         /**
  155.          * if filtering of models is disabled
  156.          */
  157.         if ($this->enableFiltering == false)
  158.             return $criteria;
  159.         /**
  160.          * if he is generally allowed, no filters applied
  161.          * the user will be able to see any records from any branches from any users
  162.          */
  163.         $branch_id = $user->profile->branch_id;
  164.         if ($branch_id != Branch::ROOT_BRANCH) {
  165.             $criteria->mergeWith(array(
  166.                 'with' => array('owner.profile'),
  167.                 'condition' => 'branch_id=' . $branch_id,
  168.             ));
  169.         }
  170.  
  171.         if (self::mayGenerally($this, $this->accessTerms['readAccessTerm']))
  172.             return $criteria;
  173.         //$options = array_merge(RestrictedActiveRecord::$defaultOptions, $options);
  174.         /**
  175.          * if the user is not from a root branch, show results
  176.          * within the branch which the user belongs
  177.          */
  178.         $action = 'view';
  179.         $model_class = self::getModelName();
  180.  
  181.         $authItem = self::createAuthItem($action, $this->accessTerms['generalAccessTerm'], $model_class);
  182.        
  183.         if ($this->autoAuthItemMatch == false) {
  184.             $accessRules = $this->accessRules();
  185.             $authtem = null;
  186.             if (array_key_exists($action, $accessRules)) {
  187.                 if (array_key_exists($this->accessTerms['generalAccessTerm'], $accessRules[$action]))
  188.                     $authItem = $accessRules[$action][$this->accessTerms['generalAccessTerm']];
  189.             }
  190.         }
  191.  
  192.         if (Yii::app()->user->checkAccess($authItem) && $authItem != null) {
  193.             return $criteria;
  194.         }
  195.         //to be implemented in
  196.         $authItem = self::createAuthItem($action, $this->accessTerms['ownAccessTerm'], $model_class);
  197.         if ($this->autoAuthItemMatch == false) {
  198.             $accessRules = $this->accessRules();
  199.             $authtem = null;
  200.             if (array_key_exists($action, $accessRules)) {
  201.                 if (array_key_exists($this->accessTerms['ownAccessTerm'], $accessRules[$action]))
  202.                     $authItem = $accessRules[$action][$this->accessTerms['ownAccessTerm']];
  203.             }
  204.         }
  205.        
  206.         if (Yii::app()->user->checkAccess($authItem) && $authItem != null) {
  207.             $criteria->mergeWith(array(
  208.                 'alias' => $alias,
  209.                 'condition' => $alias . '.owner_id=' . $user->id,
  210.             ));
  211.         }
  212.  
  213.         $this->setDbCriteria($criteria);
  214.         return $criteria;
  215.     }
  216.  
  217.     public function accessRules() {
  218.  
  219.         /**
  220.          * just an example
  221.          */
  222.         /*
  223.           return array(
  224.           'view' => array(
  225.           'own' => 'view.own.quotation',
  226.           'any' => 'view.any.quotation'
  227.           ),
  228.           'create'
  229.           ); */
  230.     }
  231.  
  232.     public function getOwnername() {
  233.         if ($this->_ownername === null && $this->owner !== null)
  234.             $this->_ownername = $this->owner->username;
  235.         return $this->_ownername;
  236.     }
  237.  
  238.     public function setOwnername($value) {
  239.         $this->_ownername = $value;
  240.     }
  241.  
  242.     public function setOwnerfullname($value) {
  243.         $this->_ownerfullname = $value;
  244.     }
  245.  
  246.     public function getOwnerfullname() {
  247.         if ($this->_ownerfullname === null && $this->owner !== null)
  248.             $this->_ownerfullname = $this->owner->profile->first_name . ' ' . $this->owner->profile->last_name;
  249.         return $this->_ownerfullname;
  250.     }
  251.  
  252.     public function getBranchname() {
  253.         if ($this->_branchname === null && $this->owner !== null)
  254.             $this->_branchname = $this->owner->branchname;
  255.         return $this->_branchname;
  256.     }
  257.  
  258.     public function setBranchname($value) {
  259.         $this->_branchname = $value;
  260.     }
  261.    
  262.     public function getBranch_id() {
  263.         if ($this->_branch_id === null && $this->owner !== null)
  264.             $this->_branch_id = $this->owner->profile->branch_id;
  265.         return $this->_branch_id;
  266.     }
  267.  
  268.     public function setBranch_id($value) {
  269.         $this->_branch_id = $value;
  270.     }
  271.  
  272.     /**
  273.      *
  274.      * @param int $owner_id
  275.      * @return \OwnableRecord
  276.      */
  277.     public function ownedBy($owner_id) {
  278.         $this->getDbCriteria()->mergeWith(array(
  279.             'condition' => 'owner_id=' . $owner_id,
  280.         ));
  281.         return $this;
  282.     }
  283.  
  284.     public function ownedByMe() {
  285.         return $this->ownedBy(self::getUser()->id);
  286.     }
  287.  
  288.     public function underBranch($branch_id) {
  289.         $this->getDbCriteria()->mergeWith(array(
  290.             'with' => array('owner.profile'),
  291.             'condition' => 'branch_id=' . $branch_id,
  292.         ));
  293.         return $this;
  294.     }
  295.  
  296.     /**
  297.      * @method defaultScope
  298.      */
  299.  
  300.     /**
  301.      * overridden methods goes here
  302.      */
  303.     public function findByPk($pk, $conditions = '', $params = array()) {
  304.         return parent::findByPk($pk, $this->generateAccessCheck($conditions, $params));
  305.     }
  306.  
  307.     public function findBySQL($sql, $params = array()) {
  308.         return parent::find($this->generateAccessCheck($sql, $params));
  309.     }
  310.  
  311.     public function findAll($conditions = '', $params = array()) {
  312.         return parent::findAll($this->generateAccessCheck($conditions, $params));
  313.     }
  314.  
  315.     public function findAllByAttributes($attributes, $conditions = '', $params = array()) {
  316.         return parent::findAllByAttributes($attributes, $this->generateAccessCheck($conditions, $params));
  317.     }
  318.  
  319.     public function findAllByPk($pk, $conditions = '', $params = array()) {
  320.         return parent::findAllByPk($pk, $this->generateAccessCheck($conditions, $params));
  321.     }
  322.  
  323.     public function findAllBySQL($sql, $params = array()) {
  324.         return parent::findAll($this->generateAccessCheck($sql, $params));
  325.     }
  326.  
  327.     /**
  328.      * addition by ezekiel
  329.      * @param type $condition
  330.      * @param type $params
  331.      */
  332.     public function count($condition = '', $params = array()) {
  333.         return parent::count($this->generateAccessCheck($condition, $params));
  334.     }
  335.  
  336.     public function countByAttributes($attributes, $condition = '', $params = array()) {
  337.         return parent::countByAttributes($attributes, $this->generateAccessCheck($condition, $params));
  338.     }
  339.  
  340.     public function countBySql($sql, $params = array()) {
  341.         return parent::countBySql($this->generateAccessCheck($sql, $params));
  342.     }
  343.  
  344.     public function deleteAll($condition = '', $params = array()) {
  345.         return parent::deleteAll($this->generateAccessCheck($condition, $params));
  346.     }
  347.  
  348.     /**
  349.      *
  350.      * @return \CActiveDataProvider
  351.      */
  352. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement