Bitrix-D7 23.9
 
Загрузка...
Поиск...
Не найдено
RolePermissionService.php
1<?php
2namespace Bitrix\Catalog\Access\Service;
3
4use Bitrix\Catalog\Access\Component\PermissionConfig;
5use Bitrix\Catalog\Access\Permission\Catalog\IblockCatalogPermissionStepper;
6use Bitrix\Catalog\Access\Permission\PermissionDictionary;
7use Bitrix\Main\Event;
8use Bitrix\Main\DB\SqlQueryException;
9use Bitrix\Main\Text\Encoding;
10use Bitrix\Catalog\Access\Permission\PermissionTable;
11use Bitrix\Catalog\Access\Role\RoleTable;
12use Bitrix\Catalog\Access\Role\RoleUtil;
13use Bitrix\Main\Application;
14use Bitrix\Main\DB\SqlExpression;
15use Bitrix\Main\SystemException;
16use Throwable;
17
18class RolePermissionService implements RolePermissionServiceInterface
19{
20 private const DB_ERROR_KEY = "CATALOG_CONFIG_PERMISSIONS_DB_ERROR";
21 private const EVENT_ON_BEFORE_SAVE = "onBeforeCatalogRolePermissionSave";
22 private const EVENT_ON_AFTER_SAVE = "onAfterCatalogRolePermissionSave";
23
27 private $roleRelationService;
28
38 public function saveRolePermissions(array $permissionSettings): array
39 {
40 $event = new Event(
41 'catalog',
42 self::EVENT_ON_BEFORE_SAVE,
43 $permissionSettings
44 );
45 $event->send();
46
47 $query = [];
48 $roles = [];
49
50 $catalogStoreDocumentPermissions = PermissionDictionary::getStoreDocumentPermissionRules(
51 [
52 PermissionDictionary::CATALOG_STORE_DOCUMENT_VIEW,
53 PermissionDictionary::CATALOG_STORE_DOCUMENT_MODIFY,
54 PermissionDictionary::CATALOG_STORE_DOCUMENT_CANCEL,
55 PermissionDictionary::CATALOG_STORE_DOCUMENT_CONDUCT,
56 PermissionDictionary::CATALOG_STORE_DOCUMENT_DELETE,
57 PermissionDictionary::CATALOG_STORE_DOCUMENT_ALLOW_NEGATION_PRODUCT_QUANTITY,
58 ]
59 );
60
61 foreach ($permissionSettings as &$setting)
62 {
63 $roleId = (int)$setting['id'];
64 $roleTitle = (string)$setting['title'];
65
66 $roleId = $this->saveRole($roleTitle, $roleId);
67 $setting['id'] = $roleId;
68 $roles[] = $roleId;
69
70 if(!isset($setting['accessRights']))
71 {
72 continue;
73 }
74
75 foreach ($setting['accessRights'] as $permission)
76 {
77 $permissionId =
78 in_array($permission['id'], $catalogStoreDocumentPermissions, true)
79 ? $permission['id']
80 : (int)$permission['id']
81 ;
82
83 if ($permissionId < 1)
84 {
85 continue;
86 }
87
88 $query[] = new SqlExpression(
89 '(?i, ?, ?i)',
90 $roleId,
91 $permissionId,
92 $permission['value']
93 );
94 }
95 }
96
97 if ($query)
98 {
99 $db = Application::getConnection();
100
101 try
102 {
103 $db->startTransaction();
104
105 if (!PermissionTable::deleteList(["=ROLE_ID" => $roles]))
106 {
107 throw new SqlQueryException(self::DB_ERROR_KEY);
108 }
109
110 RoleUtil::insertPermissions($query);
111 if (\Bitrix\Main\Loader::includeModule("intranet"))
112 {
113 \CIntranetUtils::clearMenuCache();
114 }
115
116 $this->roleRelationService->saveRoleRelation($permissionSettings);
117
118 $db->commitTransaction();
119
120 IblockCatalogPermissionStepper::bind(1);
121 }
122 catch (\Exception $e)
123 {
124 $db->rollbackTransaction();
125
126 throw new SqlQueryException(self::DB_ERROR_KEY);
127 }
128 }
129
130 $event = new Event(
131 'catalog',
132 self::EVENT_ON_AFTER_SAVE,
133 $permissionSettings
134 );
135 $event->send();
136
137 return $permissionSettings;
138 }
139
148 public function saveRole(string $name, int $roleId = null): int
149 {
150 $nameField = [
151 "NAME" => Encoding::convertEncodingToCurrent($name),
152 ];
153
154 try
155 {
156 if(!$roleId)
157 {
158 if(!
159 (
160 $role = RoleTable::getList(
161 ['filter' => [
162 '=NAME' => $nameField['NAME'],
163 ]])->fetchObject()
164 )
165 )
166 {
167 $role = RoleTable::add($nameField);
168 }
169 }
170 else
171 {
172 $role = RoleTable::update($roleId, $nameField);
173 }
174 } catch (\Exception $e)
175 {
176 throw new SqlQueryException(self::DB_ERROR_KEY);
177 }
178
179 return $role->getId();
180 }
181
186 public function deleteRole(int $roleId): void
187 {
188 $db = Application::getConnection();
189
190 try
191 {
192 $db->startTransaction();
193
194 PermissionTable::deleteList(["=ROLE_ID" => $roleId]);
195
196 $this->roleRelationService->deleteRoleRelations($roleId);
197
201 $result = RoleTable::delete($roleId);
202 if (!$result->isSuccess())
203 {
204 throw new SqlQueryException(self::DB_ERROR_KEY);
205 }
206
207 $db->commitTransaction();
208 }
209 catch (Throwable $e)
210 {
211 $db->rollbackTransaction();
212
213 throw $e;
214 }
215 }
216
217 public function __construct()
218 {
219 $this->roleRelationService = new RoleRelationService();
220 }
221
225 public function getRoleList(array $parameters = []): array
226 {
227 return RoleTable::getList($parameters)->fetchAll();
228 }
229
233 public function getSavedPermissions(array $parameters = []): array
234 {
235 return PermissionTable::getList($parameters)->fetchAll();
236 }
237
241 public function getRoleListByUser(int $userId): array
242 {
243 $userAccessCodes = \CAccess::getUserCodesArray($userId);
244
245 return $this->roleRelationService->getRolesByRelations($userAccessCodes);
246 }
247
258 public function appendInventoryManagmentPermissions(array $permissionSettings): array
259 {
260 $inventoryManagementPermissions = (new PermissionConfig)->getInventoryManagementPermissions();
261
262 foreach ($permissionSettings as &$setting)
263 {
264 $roleId = (int)$setting['id'];
265 if (!$roleId)
266 {
267 continue;
268 }
269
270 $newRights = $setting['accessRights'] ?? [];
271 if (!is_array($newRights))
272 {
273 throw new SystemException('Parameter `acessRights` must be array');
274 }
275
276 $inventoryManagementRights = array_map(
277 static function (array $item) {
278 return [
279 'id' => $item['PERMISSION_ID'],
280 'value' => $item['VALUE'],
281 ];
282 },
283 $this->getSavedPermissions([
284 'filter' => [
285 '=ROLE_ID' => $roleId,
286 '=PERMISSION_ID' => $inventoryManagementPermissions,
287 ],
288 ])
289 );
290
291 $diffRights = array_udiff($inventoryManagementRights, $newRights, static function ($a, $b) {
292 $a = (string)$a['id'];
293 $b = (string)$b['id'];
294
295 return $a <=> $b;
296 });
297 if (empty($diffRights))
298 {
299 continue;
300 }
301
302 array_push($newRights, ... $diffRights);
303
304 $setting['accessRights'] = $newRights;
305 }
306
307 return $permissionSettings;
308 }
309
315 private function getAccessCodesMap(): array
316 {
317 $result = [];
318
319 $rows = $this->roleRelationService->getRelationList([
320 'select' => [
321 'ROLE_ID',
322 'RELATION',
323 ],
324 ]);
325 foreach ($rows as $row)
326 {
327 $roleId = (int)$row['ROLE_ID'];
328
329 $result[$roleId] ??= [];
330 $result[$roleId][] = (string)$row['RELATION'];
331 }
332
333 return $result;
334 }
335}
Bitrix\Main\Application\getConnection
static getConnection($name="")
Definition application.php:611
Bitrix\Main\Text\Encoding
Definition encoding.php:8