Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * this model assumes that the record will be restricted to different users
- * @property string $_ownername
- * @property string $_branchname
- * @author Ezekiel Fernandez Team10
- * @todo improve some calls
- * this revolves around CRUD
- * create read update delete
- * @todo add more fine grain actions
- */
- class RestrictedActiveRecord extends CActiveRecord {
- public $alias;
- public $enableFiltering = true;
- private $_ownername = null;
- private $_branchname = null;
- private $_ownerfullname = null;
- private $_branch_id = null;
- public $autoAuthItemMatch = true;
- public $hideSoftDeleted = true;
- public $accessTerms = array(
- 'generalAccessTerm' => 'any',
- 'ownAccessTerm' => 'own',
- 'readAccessTerm' => 'view',
- 'updateAccessTerm' => 'update',
- 'createAccessTerm' => 'create',
- 'deleteAccessTerm' => 'delete'
- );
- public $defaultOptions = array(
- );
- public $defaultRules = array(
- array('ownername, ownerfullname, branch_id, branchname', 'safe')
- );
- public $relations = array('owner' => array(self::BELONGS_TO, 'User', 'owner_id'));
- /**
- * @method getModelName is to retreive what model has extended to this class
- * @return type
- */
- public static function getModelName($uppercase = false) {
- return strtolower(get_called_class());
- }
- /**
- *
- * @return User
- */
- public static function getUser() {
- /**
- * add securirty layer here
- */
- return User::model()->findByPk(Yii::app()->user->id);
- }
- /**
- *
- * @param string $action
- * @param string $scope
- * @param string $model
- * @return type
- */
- public static function createAuthItem($action, $scope, $model) {
- return $action . '.' . $scope . '.' . $model;
- }
- public static function mayGenerally($model_object, $action) {
- $user = self::getUser();
- $model_class = get_class($model_object);
- $authItem = self::createAuthItem($action, $model_object->accessTerms['generalAccessTerm'], $model_class);
- if ($model_object->autoAuthItemMatch == false) {
- $accessRules = $model_object->accessRules();
- $authItem = null;
- if (array_key_exists($action, $accessRules)) {
- if (array_key_exists($model_object->accessTerms['generalAccessTerm'], $accessRules[$action]))
- $autItem = $accessRules[$action][$model_object->accessTerms['generalAccessTerm']];
- }
- }
- if (Yii::app()->user->checkAccess($authItem))
- return true;
- return false;
- }
- public static function mayGenerallyInBranch($model_object, $action) {
- $user = self::getUser();
- $model_class = get_class($model_object);
- $authItem = self::createAuthItem($action, $model_object->accessTerms['generalAccessTerm'], $model_class);
- if ($model_object->autoAuthItemMatch == false) {
- $accessRules = $model_object->accessRules();
- $authItem = null;
- if (array_key_exists($action, $accessRules)) {
- if (array_key_exists($model_object->accessTerms['generalAccessTerm'], $accessRules[$action]))
- $autItem = $accessRules[$action][$model_object->accessTerms['generalAccessTerm']];
- }
- }
- if (Yii::app()->user->checkAccess($authItem))
- return true;
- return false;
- }
- public function __construct($scenario = 'insert') {
- parent::__construct($scenario);
- $this->generateAlias();
- }
- public function afterConstruct() {
- parent::afterConstruct();
- }
- /**
- * this function is only for those with cdbcriteria
- * @param type $conditions
- * @param type $params
- * @param type $options
- * @return \CDbCriteria
- */
- public function generateAlias() {
- $alias = get_called_class();
- if (isset($this->alias) && $this->alias != null) {
- $alias = $this->alias;
- } else {
- $this->alias = $alias;
- }
- return $alias;
- }
- protected function generateAccessCheck($conditions = '', $params = array(), $options = array()) {
- $user = self::getUser();
- if (is_object($conditions) && get_class($conditions) == 'CDbCriteria') {
- $criteria = $conditions;
- } else {
- $criteria = new CDbCriteria;
- $criteria->mergeWith(array(
- 'condition' => $conditions,
- 'params' => $params
- ));
- }
- $alias = $this->alias;
- /**
- * for soft delete
- */
- if (isset($this->SoftDeleteBehavior) && $this->hideSoftDeleted) {
- if ($this->hasAttribute($this->SoftDeleteBehavior->deleteColumn))
- $criteria->mergeWith(array('alias' => $alias, 'condition' => $alias . '.deleted!=1'));
- }
- /**
- * if filtering of models is disabled
- */
- if ($this->enableFiltering == false)
- return $criteria;
- /**
- * if he is generally allowed, no filters applied
- * the user will be able to see any records from any branches from any users
- */
- $branch_id = $user->profile->branch_id;
- if ($branch_id != Branch::ROOT_BRANCH) {
- $criteria->mergeWith(array(
- 'with' => array('owner.profile'),
- 'condition' => 'branch_id=' . $branch_id,
- ));
- }
- if (self::mayGenerally($this, $this->accessTerms['readAccessTerm']))
- return $criteria;
- //$options = array_merge(RestrictedActiveRecord::$defaultOptions, $options);
- /**
- * if the user is not from a root branch, show results
- * within the branch which the user belongs
- */
- $action = 'view';
- $model_class = self::getModelName();
- $authItem = self::createAuthItem($action, $this->accessTerms['generalAccessTerm'], $model_class);
- if ($this->autoAuthItemMatch == false) {
- $accessRules = $this->accessRules();
- $authtem = null;
- if (array_key_exists($action, $accessRules)) {
- if (array_key_exists($this->accessTerms['generalAccessTerm'], $accessRules[$action]))
- $authItem = $accessRules[$action][$this->accessTerms['generalAccessTerm']];
- }
- }
- if (Yii::app()->user->checkAccess($authItem) && $authItem != null) {
- return $criteria;
- }
- //to be implemented in
- $authItem = self::createAuthItem($action, $this->accessTerms['ownAccessTerm'], $model_class);
- if ($this->autoAuthItemMatch == false) {
- $accessRules = $this->accessRules();
- $authtem = null;
- if (array_key_exists($action, $accessRules)) {
- if (array_key_exists($this->accessTerms['ownAccessTerm'], $accessRules[$action]))
- $authItem = $accessRules[$action][$this->accessTerms['ownAccessTerm']];
- }
- }
- if (Yii::app()->user->checkAccess($authItem) && $authItem != null) {
- $criteria->mergeWith(array(
- 'alias' => $alias,
- 'condition' => $alias . '.owner_id=' . $user->id,
- ));
- }
- $this->setDbCriteria($criteria);
- return $criteria;
- }
- public function accessRules() {
- /**
- * just an example
- */
- /*
- return array(
- 'view' => array(
- 'own' => 'view.own.quotation',
- 'any' => 'view.any.quotation'
- ),
- 'create'
- ); */
- }
- public function getOwnername() {
- if ($this->_ownername === null && $this->owner !== null)
- $this->_ownername = $this->owner->username;
- return $this->_ownername;
- }
- public function setOwnername($value) {
- $this->_ownername = $value;
- }
- public function setOwnerfullname($value) {
- $this->_ownerfullname = $value;
- }
- public function getOwnerfullname() {
- if ($this->_ownerfullname === null && $this->owner !== null)
- $this->_ownerfullname = $this->owner->profile->first_name . ' ' . $this->owner->profile->last_name;
- return $this->_ownerfullname;
- }
- public function getBranchname() {
- if ($this->_branchname === null && $this->owner !== null)
- $this->_branchname = $this->owner->branchname;
- return $this->_branchname;
- }
- public function setBranchname($value) {
- $this->_branchname = $value;
- }
- public function getBranch_id() {
- if ($this->_branch_id === null && $this->owner !== null)
- $this->_branch_id = $this->owner->profile->branch_id;
- return $this->_branch_id;
- }
- public function setBranch_id($value) {
- $this->_branch_id = $value;
- }
- /**
- *
- * @param int $owner_id
- * @return \OwnableRecord
- */
- public function ownedBy($owner_id) {
- $this->getDbCriteria()->mergeWith(array(
- 'condition' => 'owner_id=' . $owner_id,
- ));
- return $this;
- }
- public function ownedByMe() {
- return $this->ownedBy(self::getUser()->id);
- }
- public function underBranch($branch_id) {
- $this->getDbCriteria()->mergeWith(array(
- 'with' => array('owner.profile'),
- 'condition' => 'branch_id=' . $branch_id,
- ));
- return $this;
- }
- /**
- * @method defaultScope
- */
- /**
- * overridden methods goes here
- */
- public function findByPk($pk, $conditions = '', $params = array()) {
- return parent::findByPk($pk, $this->generateAccessCheck($conditions, $params));
- }
- public function findBySQL($sql, $params = array()) {
- return parent::find($this->generateAccessCheck($sql, $params));
- }
- public function findAll($conditions = '', $params = array()) {
- return parent::findAll($this->generateAccessCheck($conditions, $params));
- }
- public function findAllByAttributes($attributes, $conditions = '', $params = array()) {
- return parent::findAllByAttributes($attributes, $this->generateAccessCheck($conditions, $params));
- }
- public function findAllByPk($pk, $conditions = '', $params = array()) {
- return parent::findAllByPk($pk, $this->generateAccessCheck($conditions, $params));
- }
- public function findAllBySQL($sql, $params = array()) {
- return parent::findAll($this->generateAccessCheck($sql, $params));
- }
- /**
- * addition by ezekiel
- * @param type $condition
- * @param type $params
- */
- public function count($condition = '', $params = array()) {
- return parent::count($this->generateAccessCheck($condition, $params));
- }
- public function countByAttributes($attributes, $condition = '', $params = array()) {
- return parent::countByAttributes($attributes, $this->generateAccessCheck($condition, $params));
- }
- public function countBySql($sql, $params = array()) {
- return parent::countBySql($this->generateAccessCheck($sql, $params));
- }
- public function deleteAll($condition = '', $params = array()) {
- return parent::deleteAll($this->generateAccessCheck($condition, $params));
- }
- /**
- *
- * @return \CActiveDataProvider
- */
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
