source: iPeer/app/vendors/shells/create_acl.php @ 879ac8f

3.1.xdevhotfixpagodaboxticket463
Last change on this file since 879ac8f was 879ac8f, checked in by Compass <pan.luo@…>, 6 years ago

Change permission to allow admin to add admin

  • Property mode set to 100644
File size: 22.8 KB
Line 
1<?php
2App::import('Component', 'Auth');
3App::import('Component', 'Acl');
4App::import('Component', 'Aco');
5require_once (CORE_PATH.'cake/libs/controller/controller.php');
6
7/**
8 * CreateAclShell
9 *
10 * @uses Shell
11 * @package   CTLT.iPeer
12 * @author    Pan Luo <pan.luo@ubc.ca>
13 * @copyright 2012 All rights reserved.
14 * @license   MIT {@link http://www.opensource.org/licenses/MIT}
15 */
16class CreateAclShell extends Shell
17{
18    public $uses = array('User', 'Role');
19    public $Auth, $Acl;
20
21    /**
22     * main
23     *
24     *
25     * @access public
26     * @return void
27     */
28    function main()
29    {
30        $this->Auth = new AuthComponent(null);
31        $this->Acl = new AclComponent(null);
32
33        $this->Role->query('TRUNCATE acos;');
34        $this->Role->query('TRUNCATE aros;');
35        $this->Role->query('TRUNCATE aros_acos;');
36        $this->Role->query('TRUNCATE roles;');
37
38        $this->out('Creating Aros...');
39        $this->createAros();
40
41        $this->out('Creating Acos...');
42        $this->createAcos();
43
44        $this->out('Creating Permissions...');
45        $this->createPermissions();
46        $this->hr();
47
48        $this->out('Done');
49    }
50
51
52    /**
53     * createAcos
54     *
55     *
56     * @access public
57     * @return void
58     */
59    function createAcos()
60    {
61        // could make it 'pages/admin' but unfortunately, there is a
62        // pages controller brought in somewhere when generating the ACOs
63        // for the controller.
64        $this->Acl->Aco->create(
65            array('parent_id' => null, 'alias' => 'adminpage'));
66        $this->Acl->Aco->save();
67
68        $this->__buildAcoControllers();
69        $this->__buildAcoFunctions();
70    }
71
72
73    /**
74     * __buildAcoFunctions
75     *
76     *
77     * @access protected
78     * @return void
79     */
80    function __buildAcoFunctions()
81    {
82        $roles = $this->Role->find('all');
83
84        $this->Acl->Aco->create(array('parent_id' => null, 'alias' => 'functions'));
85        $root = $this->Acl->Aco->save();
86        $root['Aco']['id'] = $this->Acl->Aco->id;
87
88        // functions/user
89        $this->Acl->Aco->create(array('parent_id' => $root['Aco']['id'], 'model' => null, 'alias' => 'user'));
90        $aco_user = $this->Acl->Aco->save();
91        $aco_user['Aco']['id'] = $this->Acl->Aco->id;
92
93        foreach ($roles as $r) {
94            $this->Acl->Aco->create(array('parent_id' => $aco_user['Aco']['id'], 'model' => null, 'alias' => $r['Role']['name']));
95            $this->Acl->Aco->save();
96        }
97
98        $this->Acl->Aco->create(array('parent_id' => $aco_user['Aco']['id'], 'model' => null, 'alias' => 'import'));
99        $this->Acl->Aco->save();
100
101        $this->Acl->Aco->create(array('parent_id' => $aco_user['Aco']['id'], 'model' => null, 'alias' => 'password_reset'));
102        $pwd_reset = $this->Acl->Aco->save();
103        $pwd_reset['Aco']['id'] = $this->Acl->Aco->id;
104
105        foreach ($roles as $r) {
106            $this->Acl->Aco->create(array('parent_id' => $pwd_reset['Aco']['id'], 'model' => null, 'alias' => $r['Role']['name']));
107            $this->Acl->Aco->save();
108        }
109
110        $this->Acl->Aco->create(array('parent_id' => $aco_user['Aco']['id'], 'model' => null, 'alias' => 'index'));
111        $user_index = $this->Acl->Aco->save();
112
113        // functions/role
114        $this->Acl->Aco->create(array('parent_id' => $root['Aco']['id'], 'model' => null, 'alias' => 'role'));
115        $role = $this->Acl->Aco->save();
116        $role['Aco']['id'] = $this->Acl->Aco->id;
117
118        foreach ($roles as $r) {
119            $this->Acl->Aco->create(array('parent_id' => $role['Aco']['id'], 'model' => null, 'alias' => $r['Role']['name']));
120            $this->Acl->Aco->save();
121        }
122
123        // functions/evaluation
124        $this->Acl->Aco->create(array('parent_id' => $root['Aco']['id'], 'model' => null, 'alias' => 'evaluation'));
125        $eval = $this->Acl->Aco->save();
126        $eval['Aco']['id'] = $this->Acl->Aco->id;
127
128        // functions/email
129        $this->Acl->Aco->create(array('parent_id' => $root['Aco']['id'], 'model' => null, 'alias' => 'email'));
130        $email = $this->Acl->Aco->save();
131        $email['Aco']['id'] = $this->Acl->Aco->id;
132
133        $this->Acl->Aco->create(array('parent_id' => $email['Aco']['id'], 'model' => null, 'alias' => 'allUsers'));
134        $this->Acl->Aco->save();
135
136        $this->Acl->Aco->create(array('parent_id' => $email['Aco']['id'], 'model' => null, 'alias' => 'allGroups'));
137        $this->Acl->Aco->save();
138
139        $this->Acl->Aco->create(array('parent_id' => $email['Aco']['id'], 'model' => null, 'alias' => 'allCourses'));
140        $this->Acl->Aco->save();
141
142        // functions/emailtemplate
143        $this->Acl->Aco->create(array('parent_id' => $root['Aco']['id'], 'model' => null, 'alias' => 'emailtemplate'));
144        $emailtemplate = $this->Acl->Aco->save();
145        $emailtemplate['Aco']['id'] = $this->Acl->Aco->id;
146
147        // functions/viewstudentresults
148        $this->Acl->Aco->create(array('parent_id' => $root['Aco']['id'], 'model' => null, 'alias' => 'viewstudentresults'));
149        $viewstudentresults = $this->Acl->Aco->save();
150        $viewstudentresults['Aco']['id'] = $this->Acl->Aco->id;
151
152        // functions/viewemailaddresses
153        // some users can't explicitly see users' email addresses
154        $this->Acl->Aco->create(array('parent_id' => $root['Aco']['id'], 'model' => null, 'alias' => 'viewemailaddresses'));
155        $viewemailaddresses = $this->Acl->Aco->save();
156        $viewemailaddresses['Aco']['id'] = $this->Acl->Aco->id;
157
158        // functions/superadmin
159        // for functionalities only super admin can use
160        $this->Acl->Aco->create(array('parent_id' => $root['Aco']['id'], 'model' => null, 'alias' => 'superadmin'));
161        $superadmin = $this->Acl->Aco->save();
162
163        // functions/coursemanager
164        // for roles that can view the course manager home page
165        $this->Acl->Aco->create(array('parent_id' => $root['Aco']['id'], 'model' => null, 'alias' => 'coursemanager'));
166        $coursemanager = $this->Acl->Aco->save();
167
168        // functions/viewusername
169        // some users can't explicitly see username
170        $this->Acl->Aco->create(array('parent_id' => $root['Aco']['id'], 'model' => null, 'alias' => 'viewusername'));
171        $this->Acl->Aco->save();
172    }
173
174
175    /**
176     * __buildAcoControllers
177     *
178     *
179     * @access protected
180     * @return void
181     */
182    function __buildAcoControllers()
183    {
184        $log = array();
185
186        $aco =& $this->Acl->Aco;
187        $root = $aco->node('controllers');
188        if (!$root) {
189            $aco->create(array('parent_id' => null, 'model' => null, 'alias' => 'controllers'));
190            $root = $aco->save();
191            $root['Aco']['id'] = $aco->id;
192            $log[] = __('Created Aco node for controllers', true);
193        } else {
194            $root = $root[0];
195        }
196
197        App::import('Core', 'File');
198        $Controllers = Configure::listObjects('controller');
199        $appIndex = array_search('App', $Controllers);
200        if ($appIndex !== false ) {
201            unset($Controllers[$appIndex]);
202        }
203        $baseMethods = get_class_methods('Controller');
204        $baseMethods[] = 'buildAcl';
205
206        $Plugins = $this->_getPluginControllerNames();
207        $Controllers = array_merge($Controllers, $Plugins);
208
209        // look at each controller in app/controllers
210        foreach ($Controllers as $ctrlName) {
211            $methods = $this->_getClassMethods($this->_getPluginControllerPath($ctrlName));
212
213            // Do all Plugins First
214            if ($this->_isPlugin($ctrlName)) {
215                $pluginNode = $aco->node('controllers/'.$this->_getPluginName($ctrlName));
216                if (!$pluginNode) {
217                    $aco->create(array('parent_id' => $root['Aco']['id'], 'model' => null, 'alias' => $this->_getPluginName($ctrlName)));
218                    $pluginNode = $aco->save();
219                    $pluginNode['Aco']['id'] = $aco->id;
220                    $log[] = __('Created Aco node for ', true) . $this->_getPluginName($ctrlName) . __(' Plugin', true);
221                }
222            }
223            // find / make controller node
224            $controllerNode = $aco->node('controllers/'.$ctrlName);
225            if (!$controllerNode) {
226                if ($this->_isPlugin($ctrlName)) {
227                    $pluginNode = $aco->node('controllers/' . $this->_getPluginName($ctrlName));
228                    $aco->create(array('parent_id' => $pluginNode['0']['Aco']['id'], 'model' => null, 'alias' => $this->_getPluginControllerName($ctrlName)));
229                    $controllerNode = $aco->save();
230                    $controllerNode['Aco']['id'] = $aco->id;
231                    $log[] = __('Created Aco node for ', true) . $this->_getPluginControllerName($ctrlName) . ' ' . $this->_getPluginName($ctrlName) . __(' Plugin Controller', true);
232                } else {
233                    $aco->create(array('parent_id' => $root['Aco']['id'], 'model' => null, 'alias' => $ctrlName));
234                    $controllerNode = $aco->save();
235                    $controllerNode['Aco']['id'] = $aco->id;
236                    $log[] = __('Created Aco node for ', true) . $ctrlName;
237                }
238            } else {
239                $controllerNode = $controllerNode[0];
240            }
241
242            //clean the methods. to remove those in Controller and private actions.
243            foreach ($methods as $k => $method) {
244                if (strpos($method, '_', 0) === 0) {
245                    unset($methods[$k]);
246                    continue;
247                }
248                if (in_array($method, $baseMethods)) {
249                    unset($methods[$k]);
250                    continue;
251                }
252                $methodNode = $aco->node('controllers/'.$ctrlName.'/'.$method);
253                if (!$methodNode) {
254                    $aco->create(array('parent_id' => $controllerNode['Aco']['id'], 'model' => null, 'alias' => $method));
255                    $methodNode = $aco->save();
256                    $log[] = __('Created Aco node for ', true). $method;
257                }
258            }
259        }
260        if (count($log)>0) {
261            print_r($log);
262        }
263    }
264
265
266    /**
267     * _getClassMethods
268     *
269     * @param bool $ctrlName
270     *
271     * @access protected
272     * @return void
273     */
274    function _getClassMethods($ctrlName = null)
275    {
276        App::import('Controller', $ctrlName);
277        if (strlen(strstr($ctrlName, '.')) > 0) {
278            // plugin's controller
279            $num = strpos($ctrlName, '.');
280            $ctrlName = substr($ctrlName, $num+1);
281        }
282        $ctrlclass = $ctrlName . 'Controller';
283        $methods = get_class_methods($ctrlclass);
284
285        // Add scaffold defaults if scaffolds are being used
286        $properties = get_class_vars($ctrlclass);
287        if (array_key_exists('scaffold', $properties)) {
288            if ($properties['scaffold'] == 'admin') {
289                $methods = array_merge($methods, array('admin_add', 'admin_edit', 'admin_index', 'admin_view', 'admin_delete'));
290            } else {
291                $methods = array_merge($methods, array('add', 'edit', 'index', 'view', 'delete'));
292            }
293        }
294        return $methods;
295    }
296
297
298    /**
299     * _isPlugin
300     *
301     * @param bool $ctrlName
302     *
303     * @access protected
304     * @return void
305     */
306    function _isPlugin($ctrlName = null)
307    {
308        $arr = String::tokenize($ctrlName, '/');
309        if (count($arr) > 1) {
310            return true;
311        } else {
312            return false;
313        }
314    }
315
316
317    /**
318     * _getPluginControllerPath
319     *
320     * @param bool $ctrlName
321     *
322     * @access protected
323     * @return void
324     */
325    function _getPluginControllerPath($ctrlName = null)
326    {
327        $arr = String::tokenize($ctrlName, '/');
328        if (count($arr) == 2) {
329            return $arr[0] . '.' . $arr[1];
330        } else {
331            return $arr[0];
332        }
333    }
334
335
336    /**
337     * _getPluginName
338     *
339     * @param bool $ctrlName
340     *
341     * @access protected
342     * @return void
343     */
344    function _getPluginName($ctrlName = null)
345    {
346        $arr = String::tokenize($ctrlName, '/');
347        if (count($arr) == 2) {
348            return $arr[0];
349        } else {
350            return false;
351        }
352    }
353
354
355    /**
356     * _getPluginControllerName
357     *
358     * @param bool $ctrlName
359     *
360     * @access protected
361     * @return void
362     */
363    function _getPluginControllerName($ctrlName = null)
364    {
365        $arr = String::tokenize($ctrlName, '/');
366        if (count($arr) == 2) {
367            return $arr[1];
368        } else {
369            return false;
370        }
371    }
372
373
374    /**
375     * Get the names of the plugin controllers ...
376     *
377     * This function will get an array of the plugin controller names, and
378     * also makes sure the controllers are available for us to get the
379     * method names by doing an App::import for each plugin controller.
380     *
381     * @return array of plugin names.
382     */
383    function _getPluginControllerNames()
384    {
385        App::import('Core', 'File', 'Folder');
386        $paths = Configure::getInstance();
387        $folder = new Folder();
388        $folder->cd(APP . 'plugins');
389
390        // Get the list of plugins
391        $Plugins = $folder->read();
392        $Plugins = $Plugins[0];
393        $arr = array();
394
395        // Loop through the plugins
396        foreach ($Plugins as $pluginName) {
397            // Change directory to the plugin
398            $didCD = $folder->cd(APP . 'plugins'. DS . $pluginName . DS . 'controllers');
399            if (!$didCD) {
400                continue;
401            }
402
403            // Get a list of the files that have a file name that ends
404            // with controller.php
405            $files = $folder->findRecursive('.*_controller\.php');
406
407            // Loop through the controllers we found in the plugins directory
408            foreach ($files as $fileName) {
409                // Get the base file name
410                $file = basename($fileName);
411
412                // Get the controller name
413                $file = Inflector::camelize(substr($file, 0, strlen($file)-strlen('_controller.php')));
414                if (!preg_match('/^'. Inflector::humanize($pluginName). 'App/', $file)) {
415                    if (!App::import('Controller', $pluginName.'.'.$file)) {
416                        trigger_error(__('Error importing ', true).$file.__(' for plugin ', true).$pluginName);
417                    } else {
418                        /// Now prepend the Plugin name ...
419                        // This is required to allow us to fetch the method names.
420                        $arr[] = Inflector::humanize($pluginName) . "/" . $file;
421                    }
422                }
423            }
424        }
425        return $arr;
426    }
427
428    /**
429     * createAros
430     *
431     *
432     * @access public
433     * @return void
434     */
435    function createAros()
436    {
437        $this->Role->set('name', 'superadmin');
438        $this->Role->save();
439
440        $this->Role->set('id', '');
441        $this->Role->set('name', 'admin');
442        $this->Role->save();
443
444        $this->Role->set('id', '');
445        $this->Role->set('name', 'instructor');
446        $this->Role->save();
447
448        $this->Role->set('id', '');
449        $this->Role->set('name', 'tutor');
450        $this->Role->save();
451
452        $this->Role->set('id', '');
453        $this->Role->set('name', 'student');
454        $this->Role->save();
455    }
456
457
458    /**
459     * createPermissions
460     *
461     *
462     * @access public
463     * @return void
464     */
465    function createPermissions()
466    {
467        $role = $this->Role;
468
469        $role->id = 1;  // superadmin
470        $this->Acl->allow($role, 'controllers');
471        $this->Acl->allow($role, 'functions');
472        $this->Acl->allow($role, 'adminpage');
473
474        $role->id = 2;  // admin
475        $this->Acl->deny($role, 'controllers');
476        $this->Acl->allow($role, 'controllers/Home');
477        $this->Acl->allow($role, 'controllers/Courses');
478        $this->Acl->allow($role, 'controllers/Departments');
479        $this->Acl->allow($role, 'controllers/Emailer');
480        $this->Acl->allow($role, 'controllers/Emailtemplates');
481        $this->Acl->allow($role, 'controllers/Evaltools');
482        $this->Acl->allow($role, 'controllers/Evaluations');
483        $this->Acl->allow($role, 'controllers/Events');
484        $this->Acl->allow($role, 'controllers/Groups');
485        $this->Acl->allow($role, 'controllers/Mixevals');
486        $this->Acl->allow($role, 'controllers/Rubrics');
487        $this->Acl->allow($role, 'controllers/Simpleevaluations');
488        $this->Acl->allow($role, 'controllers/Surveys');
489        $this->Acl->allow($role, 'controllers/Surveygroups');
490        $this->Acl->allow($role, 'controllers/Users');
491        $this->Acl->allow($role, 'controllers/Evaluations');
492        $this->Acl->allow($role, 'controllers/guard/guard/logout');
493        $this->Acl->allow($role, 'controllers/Oauthclients/add');
494        $this->Acl->allow($role, 'controllers/Oauthclients/delete');
495        $this->Acl->allow($role, 'controllers/Oauthtokens/add');
496        $this->Acl->allow($role, 'controllers/Oauthtokens/delete');
497        $this->Acl->deny($role, 'functions');
498        $this->Acl->allow($role, 'functions/emailtemplate');
499        $this->Acl->allow($role, 'functions/evaluation');
500        $this->Acl->allow($role, 'functions/email/allUsers');
501        $this->Acl->allow($role, 'functions/user');
502        $this->Acl->allow($role, 'functions/user/admin');
503        $this->Acl->deny($role, 'functions/user/admin', 'delete');
504        $this->Acl->deny($role, 'functions/user/superadmin');
505        $this->Acl->allow($role, 'adminpage');
506        $this->Acl->allow($role, 'functions/viewemailaddresses');
507        $this->Acl->allow($role, 'functions/viewusername');
508        $this->Acl->allow($role, 'functions/coursemanager');
509        $this->Acl->deny($role, 'functions/superadmin');
510
511        $role->id = 3; // instructor
512        $this->Acl->deny($role, 'controllers');
513        $this->Acl->allow($role, 'controllers/Home');
514        $this->Acl->allow($role, 'controllers/Courses');
515        $this->Acl->allow($role, 'controllers/Emailer');
516        $this->Acl->allow($role, 'controllers/Emailtemplates');
517        $this->Acl->allow($role, 'controllers/Evaltools');
518        $this->Acl->allow($role, 'controllers/Evaluations');
519        $this->Acl->allow($role, 'controllers/Events');
520        $this->Acl->allow($role, 'controllers/Groups');
521        $this->Acl->allow($role, 'controllers/Mixevals');
522        $this->Acl->allow($role, 'controllers/Rubrics');
523        $this->Acl->allow($role, 'controllers/Simpleevaluations');
524        $this->Acl->allow($role, 'controllers/Surveys');
525        $this->Acl->allow($role, 'controllers/Surveygroups');
526        $this->Acl->allow($role, 'controllers/Users');
527        $this->Acl->allow($role, 'controllers/guard/guard/logout');
528        $this->Acl->allow($role, 'controllers/Oauthclients/add');
529        $this->Acl->allow($role, 'controllers/Oauthclients/delete');
530        $this->Acl->allow($role, 'controllers/Oauthtokens/add');
531        $this->Acl->allow($role, 'controllers/Oauthtokens/delete');
532        $this->Acl->deny($role, 'functions');
533        $this->Acl->allow($role, 'functions/evaluation');
534        $this->Acl->deny($role, 'functions/evaluation', 'update');
535        $this->Acl->deny($role, 'functions/evaluation', 'delete');
536        $this->Acl->allow($role, 'functions/user');
537        $this->Acl->deny($role, 'functions/user/admin');
538        $this->Acl->deny($role, 'functions/user/superadmin');
539        $this->Acl->allow($role, 'functions/user/instructor');
540        $this->Acl->deny($role, 'functions/user/instructor', 'create');
541        $this->Acl->deny($role, 'functions/user/instructor', 'update');
542        $this->Acl->deny($role, 'functions/user/instructor', 'delete');
543        $this->Acl->deny($role, 'functions/user/index');
544        $this->Acl->deny($role, 'functions/viewemailaddresses');
545        $this->Acl->deny($role, 'functions/superadmin');
546        $this->Acl->allow($role, 'functions/coursemanager');
547
548        $role->id = 4; // tutor
549        $this->Acl->deny($role, 'controllers');
550        $this->Acl->allow($role, 'controllers/Home');
551        $this->Acl->deny($role, 'controllers/Courses');
552        $this->Acl->deny($role, 'controllers/Emailer');
553        $this->Acl->deny($role, 'controllers/Emailtemplates');
554        $this->Acl->deny($role, 'controllers/Evaltools');
555        $this->Acl->deny($role, 'controllers/Events');
556        $this->Acl->deny($role, 'controllers/Groups');
557        $this->Acl->deny($role, 'controllers/Mixevals');
558        $this->Acl->deny($role, 'controllers/Rubrics');
559        $this->Acl->deny($role, 'controllers/Simpleevaluations');
560        $this->Acl->deny($role, 'controllers/Surveys');
561        $this->Acl->deny($role, 'controllers/Surveygroups');
562        $this->Acl->deny($role, 'controllers/Users');
563        $this->Acl->allow($role, 'controllers/guard/guard/logout');
564        $this->Acl->allow($role, 'controllers/Evaluations/makeEvaluation');
565        $this->Acl->allow($role, 'controllers/Evaluations/studentViewEvaluationResult');
566        $this->Acl->allow($role, 'controllers/Evaluations/completeEvaluationRubric');
567        $this->Acl->allow($role, 'controllers/Evaluations/completeEvaluationMixeval');
568        $this->Acl->allow($role, 'controllers/Users/editProfile');
569        $this->Acl->deny($role, 'functions');
570        $this->Acl->deny($role, 'functions/viewemailaddresses');
571        $this->Acl->deny($role, 'functions/superadmin');
572
573        $role->id = 5; // student
574        $this->Acl->deny($role, 'controllers');
575        $this->Acl->allow($role, 'controllers/Home');
576        $this->Acl->deny($role, 'controllers/Courses');
577        $this->Acl->deny($role, 'controllers/Emailer');
578        $this->Acl->deny($role, 'controllers/Emailtemplates');
579        $this->Acl->deny($role, 'controllers/Evaltools');
580        $this->Acl->deny($role, 'controllers/Events');
581        $this->Acl->deny($role, 'controllers/Groups');
582        $this->Acl->deny($role, 'controllers/Mixevals');
583        $this->Acl->deny($role, 'controllers/Rubrics');
584        $this->Acl->deny($role, 'controllers/Simpleevaluations');
585        $this->Acl->deny($role, 'controllers/Surveys');
586        $this->Acl->deny($role, 'controllers/Surveygroups');
587        $this->Acl->deny($role, 'controllers/Users');
588        $this->Acl->allow($role, 'controllers/guard/guard/logout');
589        $this->Acl->allow($role, 'controllers/Evaluations/makeEvaluation');
590        $this->Acl->allow($role, 'controllers/Evaluations/studentViewEvaluationResult');
591        $this->Acl->allow($role, 'controllers/Evaluations/completeEvaluationRubric');
592        $this->Acl->allow($role, 'controllers/Evaluations/completeEvaluationMixeval');
593        $this->Acl->allow($role, 'controllers/Users/editProfile');
594        $this->Acl->allow($role, 'controllers/Oauthclients/add');
595        $this->Acl->allow($role, 'controllers/Oauthclients/delete');
596        $this->Acl->allow($role, 'controllers/Oauthtokens/add');
597        $this->Acl->allow($role, 'controllers/Oauthtokens/delete');
598        $this->Acl->deny($role, 'functions');
599        $this->Acl->allow($role, 'functions/viewstudentresults');
600        $this->Acl->deny($role, 'functions/viewemailaddresses');
601        $this->Acl->deny($role, 'functions/superadmin');
602    }
603}
Note: See TracBrowser for help on using the repository browser.