1C-Bitrix 25.700.0
Загрузка...
Поиск...
Не найдено
role.php
См. документацию.
1<?php
2namespace Bitrix\Landing;
3
4use \Bitrix\Main\Localization\Loc;
5use \Bitrix\Landing\Internals\RightsTable;
6
7Loc::loadMessages(__FILE__);
8
14
15class Role extends \Bitrix\Landing\Internals\BaseTable
16{
21 protected static $expectedType = null;
22
27 public static $internalClass = 'RoleTable';
28
33 public static $forbiddenManagerRights = [
34 'admin',
35 'knowledge_admin',
36 'unexportable',
37 'knowledge_unexportable',
38 'knowledge_extension',
39 ];
40
45 public static $forbiddenAdminRights = [
46 'unexportable',
47 'knowledge_unexportable'
48 ];
49
54 public static function checkRequiredRoles(): void
55 {
56 $type = Site\Type::getCurrentScopeId();
57 $res = self::getList([
58 'select' => [
59 'ID'
60 ],
61 'filter' => [
62 '=TYPE' => $type
63 ],
64 'order' => [
65 'ID' => 'asc'
66 ]
67 ]);
68 while ($role = $res->fetch())
69 {
70 $taskRefs = Rights::getAccessTasksReferences();
71 $taskReadId = $taskRefs[Rights::ACCESS_TYPES['read']];
72 $taskDenyId = $taskRefs[Rights::ACCESS_TYPES['denied']];
73 $resRight = RightsTable::getList([
74 'select' => [
75 'ID'
76 ],
77 'filter' => [
78 'ENTITY_ID' => 0,
79 'TASK_ID' => [$taskReadId, $taskDenyId],
80 'ROLE_ID' => $role['ID'],
81 '=ENTITY_TYPE' => Rights::ENTITY_TYPE_SITE
82 ]
83 ]);
84 if (!$resRight->fetch())
85 {
86 RightsTable::add([
87 'ENTITY_ID' => 0,
88 'ENTITY_TYPE' => Rights::ENTITY_TYPE_SITE,
89 'TASK_ID' => $taskReadId,
90 'ROLE_ID' => $role['ID'],
91 'ACCESS_CODE' => 'G1'
92 ]);
93 }
94 }
95
96 if (isset($taskRefs))
97 {
98 return;
99 }
100
101 $keyDemoInstalled = 'role_demo_installed';
102 if ($type)
103 {
104 $keyDemoInstalled .= '_' . mb_strtolower($type);
105 }
106 Manager::setOption($keyDemoInstalled, 'N');
107 self::fetchAll();
108 }
109
114 public static function fetchAll()
115 {
116 static $roles = null;
117
118 $type = Site\Type::getCurrentScopeId();
119
120 if ($roles !== null)
121 {
122 return $roles;
123 }
124
125 $roles = [];
126 $codes = [];
127 $access = new \CAccess;
128
129 // gets from db
130 $res = self::getList([
131 'filter' => [
132 '=TYPE' => $type
133 ],
134 'order' => [
135 'ID' => 'asc'
136 ]
137 ]);
138 while ($row = $res->fetch())
139 {
140 if (!trim($row['TITLE']))
141 {
142 $row['TITLE'] = Loc::getMessage('LANDING_ROLE_DEF_' . $row['XML_ID']);
143 }
144 $row['ACCESS_CODES'] = !$row['ACCESS_CODES'] ? [] : (array)$row['ACCESS_CODES'];
145 $roles[$row['ID']] = $row;
146 $codes = array_merge($codes, $row['ACCESS_CODES']);
147 }
148
149 // get titles for access codes
150 if ($roles)
151 {
152 $codesNames = $access->getNames($codes);
153 foreach ($roles as &$role)
154 {
155 foreach ($role['ACCESS_CODES'] as &$code)
156 {
157 $provider = (
158 isset($codesNames[$code]['provider']) &&
159 $codesNames[$code]['provider']
160 )
161 ? $codesNames[$code]['provider']
162 : '';
163 $name = isset($codesNames[$code]['name'])
164 ? $codesNames[$code]['name']
165 : $code;
166 $code = [
167 'CODE' => $code,
168 'PROVIDER' => $provider,
169 'NAME' => $name
170 ];
171 }
172 unset($code);
173 }
174 unset($role);
175 }
176
177 // install demo data if need
178 $keyDemoInstalled = 'role_demo_installed';
179 if ($type)
180 {
181 $keyDemoInstalled .= '_'.mb_strtolower($type);
182 }
183 if (
184 empty($roles) &&
185 Manager::getOption($keyDemoInstalled, 'N') == 'N'
186 )
187 {
188 $roles = null;
189 self::installDemo($type);
190 Manager::setOption($keyDemoInstalled, 'Y');
191 return self::fetchAll();
192 }
193
194 return $roles;
195 }
196
202 public static function installDemo($type = null)
203 {
204 Manager::enableFeatureTmp(
205 Manager::FEATURE_PERMISSIONS_AVAILABLE
206 );
207
208 $defGroup = 'G1';
209 // for B24 gets employees group
210 if (Manager::isB24())
211 {
212 $groupID = \CGroup::GetIDByCode('EMPLOYEES_' . SITE_ID);
213 if ($groupID)
214 {
215 $defGroup = 'G' . $groupID;
216 }
217 }
218
219 $addRights = [];
220 foreach (Rights::ADDITIONAL_RIGHTS as $accessCode)
221 {
222 if (mb_strpos($accessCode, '_') > 0)
223 {
224 [$prefix, ] = explode('_', $accessCode);
225 $prefix = mb_strtoupper($prefix);
226 if ($prefix == $type)
227 {
228 $addRights[] = $accessCode;
229 }
230 }
231 else if ($type === null)
232 {
233 $addRights[] = $accessCode;
234 }
235 }
236
237 $addRightsManager = $addRights;
238 foreach (self::$forbiddenManagerRights as $rightCode)
239 {
240 $key = array_search($rightCode, $addRightsManager, true);
241 if ($key)
242 {
243 array_splice($addRightsManager, $key, 1);
244 }
245 }
246 $addRightsAdmin = $addRights;
247 foreach (self::$forbiddenAdminRights as $rightCode)
248 {
249 $key = array_search($rightCode, $addRightsAdmin, true);
250 if ($key)
251 {
252 array_splice($addRightsAdmin, $key, 1);
253 }
254 }
255
256 $demoData = [
257 'admin' => [
258 'rights' => [
259 'read',
260 'edit',
261 'sett',
262 'public',
263 'delete'
264 ],
265 'additional_rights' => $addRightsAdmin,
266 'access' => [
267 $defGroup
268 ]
269 ],
270 'manager' => [
271 'rights' => [
272 'read',
273 'edit',
274 'public'
275 ],
276 'additional_rights' => $addRightsManager,
277 'access' => []
278 ]
279 ];
280 $type = (string)$type;
281 foreach ($demoData as $code => $rights)
282 {
283 $code = mb_strtoupper($code);
284 $check = false;
285 /*$check = self::getList([
286 'filter' => [
287 '=XML_ID' => $code
288 ]
289 ])->fetch();*/
290 if (!$check)
291 {
292 $res = self::add([
293 'TYPE' => $type,
294 'XML_ID' => $code,
295 'ADDITIONAL_RIGHTS' => $rights['additional_rights']
296 ]);
297 if ($res->isSuccess())
298 {
299 self::setRights(
300 $res->getId(),
301 [0 => $rights['rights']]
302 );
303 if ($rights['access'])
304 {
305 self::setAccessCodes(
306 $res->getId(),
307 $rights['access']
308 );
309 }
310 }
311 unset($res);
312 }
313 unset($check);
314 }
315 unset($demoData, $defGroup, $code, $rights);
316
317 Manager::disableFeatureTmp(
318 Manager::FEATURE_PERMISSIONS_AVAILABLE
319 );
320 }
321
328 public static function setAccessCodes($roleId, array $codes = array())
329 {
330 if (!Manager::checkFeature(Manager::FEATURE_PERMISSIONS_AVAILABLE))
331 {
332 return;
333 }
334
335 $roleId = intval($roleId);
336
337 self::update($roleId, [
338 'ACCESS_CODES' => $codes
339 ]);
340
341 self::setRights(
342 $roleId,
343 self::getRights($roleId)
344 );
345
346 Rights::refreshAdditionalRights();
347 }
348
354 public static function getRights($roleId)
355 {
356 $tasks = Rights::getAccessTasksReferences();
357 $tasks = array_flip($tasks);
358 $roleId = intval($roleId);
359 $return = [];
360
361 $res = RightsTable::getlist([
362 'select' => [
363 'ENTITY_ID',
364 'TASK_ID'
365 ],
366 'filter' => [
367 'ROLE_ID' => $roleId,
368 '=ENTITY_TYPE' => Rights::ENTITY_TYPE_SITE
369 ]
370 ]);
371 while ($row = $res->fetch())
372 {
373 if (!isset($tasks[$row['TASK_ID']]))
374 {
375 continue;
376 }
377 if (!isset($return[$row['ENTITY_ID']]))
378 {
379 $return[$row['ENTITY_ID']] = [];
380 }
381 $right = $tasks[$row['TASK_ID']];
382 if (!in_array($right, $return[$row['ENTITY_ID']]))
383 {
384 $return[$row['ENTITY_ID']][] = $right;
385 }
386 }
387
388 return $return;
389 }
390
398 public static function setRights($roleId, $rights = [], $additionalRights = null)
399 {
400 if (!Manager::checkFeature(Manager::FEATURE_PERMISSIONS_AVAILABLE))
401 {
402 return;
403 }
404
405 if (!empty($rights))
406 {
407 $rights = (array) $rights;
408 }
409 $roleId = intval($roleId);
410 $tasks = Rights::getAccessTasksReferences();
411
412 // func for setting additional rights
413 $setAdditionalRights = function() use($roleId, $additionalRights)
414 {
415 // set additional rights
416 if ($additionalRights !== null)
417 {
418 if (!is_array($additionalRights))
419 {
420 $additionalRights = [];
421 }
422 self::update($roleId, [
423 'ADDITIONAL_RIGHTS' => $additionalRights
424 ]);
425 Rights::refreshAdditionalRights();
426 }
427 };
428
429 // gets access codes from role
430 $res = self::getList([
431 'select' => [
432 'ACCESS_CODES'
433 ],
434 'filter' => [
435 'ID' => $roleId
436 ]
437 ]);
438 if ($row = $res->fetch())
439 {
440 $accessCodes = $row['ACCESS_CODES'];
441 if (!$accessCodes)
442 {
443 $accessCodes = ['G1'];
444 }
445 }
446 else
447 {
448 $setAdditionalRights();
449 return;
450 }
451
452 // first remove all rights for role
453 $res = RightsTable::getlist([
454 'select' => [
455 'ID'
456 ],
457 'filter' => [
458 'ROLE_ID' => $roleId,
459 '=ENTITY_TYPE' => Rights::ENTITY_TYPE_SITE
460 ]
461 ]);
462 while ($row = $res->fetch())
463 {
464 RightsTable::delete($row['ID']);
465 }
466
467 if (empty($rights))
468 {
469 $setAdditionalRights();
470 return;
471 }
472
473 // check for site exists
474 $siteExists = [];
475 $res = Site::getList([
476 'select' => [
477 'ID'
478 ],
479 'filter' => array_keys($rights)
480 ]);
481 while ($row = $res->fetch())
482 {
483 $siteExists[] = $row['ID'];
484 }
485
486 // and set new rights for each site
487 $deniedCode = Rights::ACCESS_TYPES['denied'];
488 $readCode = Rights::ACCESS_TYPES['read'];
489 foreach ($rights as $siteId => $rightCodes)
490 {
491 if (!is_array($rightCodes))
492 {
493 continue;
494 }
495 if ($siteId > 0 && !in_array($siteId, $siteExists))
496 {
497 continue;
498 }
499 if (in_array($deniedCode, $rightCodes))
500 {
501 $rightCodes = [$deniedCode];
502 }
503 else if (!in_array($readCode, $rightCodes))
504 {
505 $rightCodes[] = $readCode;
506 }
507 foreach ($rightCodes as $rightCode)
508 {
509 if (isset($tasks[$rightCode]))
510 {
511 foreach ($accessCodes as $accessCode)
512 {
513 RightsTable::add([
514 'ROLE_ID' => $roleId,
515 'ENTITY_ID' => $siteId,
516 'ENTITY_TYPE' => Rights::ENTITY_TYPE_SITE,
517 'TASK_ID' => $tasks[$rightCode],
518 'ACCESS_CODE' => $accessCode
519 ]);
520 }
521 }
522 }
523 }
524
525 $setAdditionalRights();
526
527 Manager::getCacheManager()->clearByTag(
528 "intranet_menu_binding"
529 );
530 }
531
537 public static function setExpectedType($type)
538 {
539 if (is_string($type) || $type === null)
540 {
541 self::$expectedType = $type;
542 }
543 }
544
549 public static function getExpectedType()
550 {
551 return self::$expectedType;
552 }
553
558 public static function getExpectedRoleIds()
559 {
560 static $ids = [];
561
562 if (!$ids)
563 {
564 $ids[] = -1;
565 $res = self::getList([
566 'select' => [
567 'ID'
568 ],
569 'filter' => [
570 '=TYPE' => self::$expectedType
571 ]
572 ]);
573 while ($row = $res->fetch())
574 {
575 $ids[] = $row['ID'];
576 }
577 }
578
579 return $ids;
580 }
581}
$type
$type
Определения options.php:106
$provider
if(!Loader::includeModule('messageservice')) $provider
Определения callback_ednaruimhpx.php:21
Bitrix\Landing\Manager\isB24
static isB24()
Определения manager.php:1135
Bitrix\Landing\Manager\getOption
static getOption($code, $default=null)
Определения manager.php:160
Bitrix\Landing\Manager\FEATURE_PERMISSIONS_AVAILABLE
const FEATURE_PERMISSIONS_AVAILABLE
Определения manager.php:42
Bitrix\Landing\Manager\setOption
static setOption($code, $value)
Определения manager.php:171
Bitrix\Landing\Manager\getCacheManager
static getCacheManager()
Определения manager.php:89
Bitrix\Landing\Manager\enableFeatureTmp
static enableFeatureTmp($feature)
Определения manager.php:774
Bitrix\Landing\Manager\disableFeatureTmp
static disableFeatureTmp($feature)
Определения manager.php:784
Bitrix\Landing\Manager\checkFeature
static checkFeature(string $feature, array $params=array())
Определения manager.php:836
Bitrix\Landing\PublicAction\Role\setRights
static setRights($id, array $rights, $additional=null)
Определения role.php:92
Bitrix\Landing\PublicAction\Role\setAccessCodes
static setAccessCodes($id, array $codes=array())
Определения role.php:114
Bitrix\Landing\PublicAction\Role\getList
static getList()
Определения role.php:51
Bitrix\Landing\PublicAction\Site\getList
static getList(array $params=[], $initiator=null)
Определения site.php:99
Bitrix\Landing\Rights\ADDITIONAL_RIGHTS
const ADDITIONAL_RIGHTS
Определения rights.php:33
Bitrix\Landing\Rights\getAccessTasksReferences
static getAccessTasksReferences()
Определения rights.php:234
Bitrix\Landing\Rights\ENTITY_TYPE_SITE
const ENTITY_TYPE_SITE
Определения rights.php:16
Bitrix\Landing\Rights\ACCESS_TYPES
const ACCESS_TYPES
Определения rights.php:21
Bitrix\Landing\Rights\refreshAdditionalRights
static refreshAdditionalRights(array $additionalRights=[])
Определения rights.php:814
Bitrix\Landing\Role\$expectedType
static $expectedType
Определения role.php:21
Bitrix\Landing\Role\checkRequiredRoles
static checkRequiredRoles()
Определения role.php:54
Bitrix\Landing\Role\installDemo
static installDemo($type=null)
Определения role.php:202
Bitrix\Landing\Role\setRights
static setRights($roleId, $rights=[], $additionalRights=null)
Определения role.php:398
Bitrix\Landing\Role\getExpectedType
static getExpectedType()
Определения role.php:549
Bitrix\Landing\Role\$internalClass
static $internalClass
Определения role.php:27
Bitrix\Landing\Role\$forbiddenManagerRights
static $forbiddenManagerRights
Определения role.php:33
Bitrix\Landing\Role\setAccessCodes
static setAccessCodes($roleId, array $codes=array())
Определения role.php:328
Bitrix\Landing\Role\getExpectedRoleIds
static getExpectedRoleIds()
Определения role.php:558
Bitrix\Landing\Role\fetchAll
static fetchAll()
Определения role.php:114
Bitrix\Landing\Role\getRights
static getRights($roleId)
Определения role.php:354
Bitrix\Landing\Role\setExpectedType
static setExpectedType($type)
Определения role.php:537
Bitrix\Landing\Role\$forbiddenAdminRights
static $forbiddenAdminRights
Определения role.php:45
Bitrix\Landing\Site\Type\getCurrentScopeId
static getCurrentScopeId()
Определения type.php:188
CAllGroup\GetIDByCode
static GetIDByCode($code)
Определения group.php:1502
$right
$right
Определения options.php:8
array
</td ></tr ></table ></td ></tr >< tr >< td class="bx-popup-label bx-width30"><?=GetMessage("PAGE_NEW_TAGS")?> array( $site)
Определения file_new.php:804
$res
$res
Определения filter_act.php:7
$code
if(!is_null($config))($config as $configItem)(! $configItem->isVisible()) $code
Определения options.php:195
$access
if(!is_array($deviceNotifyCodes)) $access
Определения options.php:174
$siteId
$siteId
Определения ajax.php:8
$name
$name
Определения menu_edit.php:35
$key
if(empty($signedUserToken)) $key
Определения quickway.php:257
SITE_ID
const SITE_ID
Определения sonet_set_content_view.php:12
$rights
$rights
Определения options.php:4