Admintype.php

<?php
/**
 * Table Definition for admintype
 */

class InvalidMatrixException extends Exception
{

}

class DataObjects_Admintype extends DB_DataObject_Pluggable
{
  ###START_AUTOCODE
  /* the code below is auto generated do not remove the above tag */

  public $__table = 'admintype';           // table name
  public $id;                              // int(4)  primary_key not_null
  public $name;                            // varchar(40)  unique_key not_null
  public $privileges;                      // longtext

  /* Static get */
  function staticGet($k,$v=NULL) { return DB_DataObject::staticGet('DataObjects_Admintype',$k,$v); }

  function table() {
    return array(
      'id' =>  DB_DATAOBJECT_INT + DB_DATAOBJECT_NOTNULL,
      'name' =>  DB_DATAOBJECT_STR + DB_DATAOBJECT_NOTNULL,
      'privileges' =>  DB_DATAOBJECT_STR + DB_DATAOBJECT_TXT,
    );
  }

  function keys() {
    return array('id');
  }

  function sequenceKey() {// keyname, use native, native name
    return array('id', true, false);
  }

  function defaults() {// column default values
    return array(
      '' => null,
    );
  }


  function links() {
    // links generated from .links.ini file
    return array(
    );
  }
  function reverseLinks() {
    // reverseLinks generated from .links.ini file
    return array(
      'admin:admintype_id'=>'id',
    );
  }
  /* the code above is auto generated do not remove the tag below */
  ###END_AUTOCODE

  public $_crudat_actions = array('create','read','update','delete','tab','all_actions');
  public function can_add_with_parameters($field, $value)
  {
    return true;
  }

  public function getSingleMethods()
  {
    return array(
      'grant_all_custom'   => array('title' => 'Cocher tous les droits personnalisés'),
      'grant_all_readonly' => array('title' => 'Cocher tous les droits lecture seule'),
      );
  }

  public function grant_all_custom()
  {
    foreach(M_Office_Util::getModulesInfo() as $module => $info) {
      $this->grant($module, $this->_crudat_actions);
    }
  }
  public function grant_all_readonly()
  {
    foreach(M_Office_Util::getModulesInfo() as $module => $info) {
      $this->grant($module, array('read','tab'));
    }
  }
  function __toString() {
      return $this->name;
  }

  public function grant($module, $privileges, $save = true)
  {
    $this->_load_privileges();
    $this->privileges_array[$module] = $privileges;
    if($save) $this->save();
  }

  public function grant_all_privileges($save = true)
  {
    $this->privileges_array = array('__ALL__');
    if($save) $this->save();
  }

  public function revoke_all_privileges($save = true)
  {
    $this->_load_privileges();
    $idx = array_search('__ALL__', $this->privileges_array);
    if($idx !== false) unset($this->privileges_array[$idx]);
    if($save) $this->save();
  }

  public function grant_all_privileges_on($module, $save = true)
  {
    $this->revoke_all_privileges(false);
    $this->privileges_array[$module] = array('__ALL__');
    if($save) $this->save();
  }
  public function get_array($module, $key)
  {
    if(empty($this->privileges_array[$module][$key])) return array();
    return is_array($this->privileges_array[$module][$key]) ?
        $this->privileges_array[$module][$key] : array_map('trim',explode(',',$this->privileges_array[$module][$key]));
  }

  public function save()
  {
    $this->_load_privileges();
    $this->privileges = Spyc::YAMLDump($this->privileges_array);
    return parent::save();
  }

  public function fetch()
  {
    if($ret = parent::fetch()) {
      $this->privileges_array = null;
    }
    return $ret;
  }

  public function can($privilege, $resource)
  {
    $this->_load_privileges();
    if($resource instanceOf DB_DataObject) {
      $resource_name = $resource->tableName();
    } else {
      $resource_name = $resource;
    }

    switch(true) {
      case $this->has_all_privileges(): return true;
      case (!key_exists($resource_name, $this->privileges_array)): return false;
      case ($this->has_all_privileges_on($resource_name)):         return true;
      case $this->has_privilege_by_name_on($privilege, $resource_name): return true;
      default: return false;
    }
  }

  public function has_all_privileges()
  {
    $this->_load_privileges();
    return $this->privileges_array == array('__ALL__');
  }


  public function has_all_privileges_on($module)
  {
    $this->_load_privileges();
    return $this->privileges_array[$module] == array('__ALL__');
  }

  public function has_no_privileges_on($module)
  {
    $this->_load_privileges();
    return empty($this->privileges_array[$module]);
  }

  public function has_privilege_by_name_on($privilege, $module)
  {
    $pmatrix = array();
    $privilege = strtolower($privilege);
    switch(true) {
      case strpos('crud', $privilege) !== false:   $pmatrix = array('create','read','update','delete');
      case strpos('cruda', $privilege) !== false:  $pmatrix[] = 'all_actions';
      case strpos('crudat', $privilege) !== false: $pmatrix[] = 'tab';break;
      default: $pmatrix = array($privilege);
    }

    foreach($pmatrix as $action) {
      if(!in_array($action, $this->privileges_array[$module])
        && !key_exists($action, $this->privileges_array[$module])
        && !in_array($action, $this->get_array($module, 'actions_whitelist'))) return false;
    }
    return true;
  }
  protected function _load_privileges()
  {
    if(!is_array($this->privileges_array)) {
      $this->privileges_array = Spyc::YAMLLoadString($this->privileges);
      if(!is_array($this->privileges_array) || count($this->privileges_array) == 0) {
        $this->privileges_array = array();
        $this->privileges = Spyc::YAMLDump($this->privileges_array);
        parent::save();
      }
    }
  }
}