Created
November 20, 2016 12:56
-
-
Save Jako/176e0a9fa3e48c424bbeed2c3ca9b2e2 to your computer and use it in GitHub Desktop.
Access permissions resolver for MODX packages
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Resolve access permissions | |
| * | |
| * @package sample | |
| * @subpackage build | |
| * | |
| * @var mixed $object | |
| * @var array $options | |
| */ | |
| /** | |
| * @param modX $modx | |
| * @param array $policy | |
| * @param array $template | |
| * @param string $permission | |
| * @return bool | |
| */ | |
| function createAccessPermission(&$modx, $policy, $template, $permission) | |
| { | |
| /** @var modAccessPolicyTemplate $accessPolicyTemplate */ | |
| if (!$accessPolicyTemplate = $modx->getObject('modAccessPolicyTemplate', array('name' => $template['name'])) | |
| ) { | |
| $accessPolicyTemplate = $modx->newObject('modAccessPolicyTemplate'); | |
| $accessPolicyTemplate->fromArray(array( | |
| 'name' => $template['name'], | |
| 'description' => $template['description'], | |
| 'lexicon' => $template['lexicon'], | |
| 'template_group' => $template['template_group'] | |
| )); | |
| $accessPolicyTemplate->save(); | |
| $modx->log(xPDO::LOG_LEVEL_INFO, 'Access Policy Template "' . $template['name'] . '" created.'); | |
| } | |
| /** @var modAccessPolicy $accessPolicy */ | |
| if (!$accessPolicy = $modx->getObject('modAccessPolicy', array( | |
| 'name' => $policy['name'] | |
| )) | |
| ) { | |
| $accessPolicy = $modx->newObject('modAccessPolicy'); | |
| $accessPolicy->fromArray(array( | |
| 'name' => $policy['name'], | |
| 'description' => $policy['description'], | |
| 'data' => array($permission => true), | |
| 'lexicon' => $policy['lexicon'] | |
| )); | |
| $accessPolicy->addOne($accessPolicyTemplate, 'Template'); | |
| $accessPolicy->save(); | |
| $modx->log(xPDO::LOG_LEVEL_INFO, 'Access Policy "' . $policy['name'] . '" created.'); | |
| } else { | |
| $data = $accessPolicy->get('data'); | |
| $data = ($data) ? array_merge($data, array($permission => true)) : array($permission => true); | |
| $accessPolicy->set('data', $data); | |
| $accessPolicy->save(); | |
| $modx->log(xPDO::LOG_LEVEL_INFO, 'Access Policy "' . $policy['name'] . '" updated.'); | |
| } | |
| if (!$modx->getObject('modAccessPermission', array('name' => $permission))) { | |
| /** @var modAccessPermission $accessPermission */ | |
| $accessPermission = $modx->newObject('modAccessPermission'); | |
| $accessPermission->fromArray(array( | |
| 'name' => $permission, | |
| 'description' => 'perm.' . $permission . '_desc', | |
| 'value' => '1' | |
| )); | |
| $accessPermission->addOne($accessPolicyTemplate, 'Template'); | |
| $accessPermission->save(); | |
| $modx->log(xPDO::LOG_LEVEL_INFO, 'Access Permission "' . $permission . '" created.'); | |
| } | |
| return true; | |
| } | |
| /** | |
| * @param modX $modx | |
| * @param array $policy | |
| * @param array $template | |
| * @param string $permission | |
| * @return bool | |
| */ | |
| function removeAccessPermission(&$modx, $policy, $template, $permission) | |
| { | |
| /** @var modAccessPermission $accessPermission */ | |
| if ($accessPolicy = $modx->getObject('modAccessPolicy', array('name' => $policy['name']))) { | |
| $accessPolicy->remove(); | |
| $modx->log(xPDO::LOG_LEVEL_INFO, 'Access Policy "' . $policy['name'] . '" removed.'); | |
| } | |
| /** @var modAccessPolicyTemplate $accessPolicyTemplate */ | |
| if ($accessPolicyTemplate = $modx->getObject('modAccessPolicyTemplate', array('name' => $template['name']))) { | |
| $accessPolicyTemplate->remove(); | |
| $modx->log(xPDO::LOG_LEVEL_INFO, 'Access Policy Template "' . $template['name'] . '" removed.'); | |
| } | |
| /** @var modAccessPermission $accessPermission */ | |
| if ($accessPermission = $modx->getObject('modAccessPermission', array('name' => $permission))) { | |
| $accessPermission->remove(); | |
| $modx->log(xPDO::LOG_LEVEL_INFO, 'Access Permission "' . $permission . '" removed.'); | |
| } | |
| return true; | |
| } | |
| $namespace = 'sample'; | |
| $accessPolicies = array( | |
| array( | |
| 'policy' => array( | |
| 'name' => 'REST User', | |
| 'description' => 'REST API Usage Policy with all attributes.', | |
| 'lexicon' => $namespace . ':permissions' | |
| ), | |
| 'template' => array( | |
| 'name' => 'RestUserTemplate', | |
| 'description' => 'Policy Template for access to the REST API.', | |
| 'lexicon' => $namespace . ':permissions' | |
| 'template_group' => '1' | |
| ), | |
| 'permissions' => array( | |
| 'rest_get', | |
| 'rest_post', | |
| 'rest_put', | |
| 'rest_delete' | |
| ) | |
| ) | |
| ); | |
| $success = true; | |
| if ($object->xpdo) { | |
| switch ($options[xPDOTransport::PACKAGE_ACTION]) { | |
| case xPDOTransport::ACTION_INSTALL: | |
| case xPDOTransport::ACTION_UPGRADE: | |
| /** @var modX $modx */ | |
| $modx = &$object->xpdo; | |
| foreach ($accessPolicies as $accessPolicy) { | |
| foreach ($accessPolicy['permissions'] as $accessPermission) { | |
| $result = createAccessPermission($modx, $accessPolicy['policy'], $accessPolicy['template'], $accessPermission); | |
| $success = $success && $result; | |
| } | |
| } | |
| break; | |
| case xPDOTransport::ACTION_UNINSTALL: | |
| foreach ($accessPolicies as $accessPolicy) { | |
| foreach ($accessPolicy['permissions'] as $accessPermission) { | |
| $result = removeAccessPermission($modx, $accessPolicy['policy'], $accessPolicy['template'], $accessPermission); | |
| $success = $success && $result; | |
| } | |
| } | |
| break; | |
| } | |
| } | |
| return $success; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment