Bitrix-D7 23.9
 
Загрузка...
Поиск...
Не найдено
role.php
1<?php
2namespace Bitrix\Landing;
3
4use \Bitrix\Main\Localization\Loc;
5use \Bitrix\Landing\Internals\RightsTable;
6
7Loc::loadMessages(__FILE__);
8
15class Role extends \Bitrix\Landing\Internals\BaseTable
16{
21 protected static $expectedType = null;
22
27 public static $internalClass = 'RoleTable';
28
33 public static $forbiddenManagerRights = [
34 'admin',
35 'knowledge_admin',
36 'unexportable',
37 'knowledge_unexportable',
38 'knowledge_extension',
39 ];
40
45 public static $forbiddenAdminRights = [
46 'unexportable',
47 'knowledge_unexportable'
48 ];
49
54 public static function checkRequiredRoles(): void
55 {
56 $type = Site\Type::getCurrentScopeId();
57 $res = self::getList([
58 'select' => [
59 'ID'
60 ],
61 'filter' => [
62 '=TYPE' => $type
63 ],
64 'order' => [
65 'ID' => 'asc'
66 ]
67 ]);
68 while ($role = $res->fetch())
69 {
70 $taskRefs = Rights::getAccessTasksReferences();
71 $taskReadId = $taskRefs[Rights::ACCESS_TYPES['read']];
72 $taskDenyId = $taskRefs[Rights::ACCESS_TYPES['denied']];
73 $resRight = RightsTable::getList([
74 'select' => [
75 'ID'
76 ],
77 'filter' => [
78 'ENTITY_ID' => 0,
79 'TASK_ID' => [$taskReadId, $taskDenyId],
80 'ROLE_ID' => $role['ID'],
81 '=ENTITY_TYPE' => Rights::ENTITY_TYPE_SITE
82 ]
83 ]);
84 if (!$resRight->fetch())
85 {
86 RightsTable::add([
87 'ENTITY_ID' => 0,
88 'ENTITY_TYPE' => Rights::ENTITY_TYPE_SITE,
89 'TASK_ID' => $taskReadId,
90 'ROLE_ID' => $role['ID'],
91 'ACCESS_CODE' => 'G1'
92 ]);
93 }
94 }
95
96 if (isset($taskRefs))
97 {
98 return;
99 }
100
101 $keyDemoInstalled = 'role_demo_installed';
102 if ($type)
103 {
104 $keyDemoInstalled .= '_' . mb_strtolower($type);
105 }
106 Manager::setOption($keyDemoInstalled, 'N');
107 self::fetchAll();
108 }
109
114 public static function fetchAll()
115 {
116 static $roles = null;
117
118 $type = Site\Type::getCurrentScopeId();
119
120 if ($roles !== null)
121 {
122 return $roles;
123 }
124
125 $roles = [];
126 $codes = [];
127 $access = new \CAccess;
128
129 // gets from db
130 $res = self::getList([
131 'filter' => [
132 '=TYPE' => $type
133 ],
134 'order' => [
135 'ID' => 'asc'
136 ]
137 ]);
138 while ($row = $res->fetch())
139 {
140 if (!trim($row['TITLE']))
141 {
142 $row['TITLE'] = Loc::getMessage('LANDING_ROLE_DEF_' . $row['XML_ID']);
143 }
144 $row['ACCESS_CODES'] = !$row['ACCESS_CODES'] ? [] : (array)$row['ACCESS_CODES'];
145 $roles[$row['ID']] = $row;
146 $codes = array_merge($codes, $row['ACCESS_CODES']);
147 }
148
149 // get titles for access codes
150 if ($roles)
151 {
152 $codesNames = $access->getNames($codes);
153 foreach ($roles as &$role)
154 {
155 foreach ($role['ACCESS_CODES'] as &$code)
156 {
157 $provider = (
158 isset($codesNames[$code]['provider']) &&
159 $codesNames[$code]['provider']
160 )
161 ? $codesNames[$code]['provider']
162 : '';
163 $name = isset($codesNames[$code]['name'])
164 ? $codesNames[$code]['name']
165 : $code;
166 $code = [
167 'CODE' => $code,
168 'PROVIDER' => $provider,
169 'NAME' => $name
170 ];
171 }
172 unset($code);
173 }
174 unset($role);
175 }
176
177 // install demo data if need
178 $keyDemoInstalled = 'role_demo_installed';
179 if ($type)
180 {
181 $keyDemoInstalled .= '_'.mb_strtolower($type);
182 }
183 if (
184 empty($roles) &&
185 Manager::getOption($keyDemoInstalled, 'N') == 'N'
186 )
187 {
188 $roles = null;
189 self::installDemo($type);
190 Manager::setOption($keyDemoInstalled, 'Y');
191 return self::fetchAll();
192 }
193
194 return $roles;
195 }
196
202 public static function installDemo($type = null)
203 {
204 Manager::enableFeatureTmp(
205 Manager::FEATURE_PERMISSIONS_AVAILABLE
206 );
207
208 $defGroup = 'G1';
209 // for B24 gets employees group
210 if (Manager::isB24())
211 {
212 $res = \Bitrix\Main\GroupTable::getList([
213 'select' => [
214 'ID'
215 ],
216 'filter' => [
217 '=STRING_ID' => 'EMPLOYEES_' . SITE_ID
218 ]
219 ]);
220 if ($row = $res->fetch())
221 {
222 $defGroup = 'G' . $row['ID'];
223 }
224 unset($row, $res);
225 }
226
227 $addRights = [];
228 foreach (Rights::ADDITIONAL_RIGHTS as $accessCode)
229 {
230 if (mb_strpos($accessCode, '_') > 0)
231 {
232 [$prefix, ] = explode('_', $accessCode);
233 $prefix = mb_strtoupper($prefix);
234 if ($prefix == $type)
235 {
236 $addRights[] = $accessCode;
237 }
238 }
239 else if ($type === null)
240 {
241 $addRights[] = $accessCode;
242 }
243 }
244
245 $addRightsManager = $addRights;
246 foreach (self::$forbiddenManagerRights as $rightCode)
247 {
248 $key = array_search($rightCode, $addRightsManager, true);
249 if ($key)
250 {
251 array_splice($addRightsManager, $key, 1);
252 }
253 }
254 $addRightsAdmin = $addRights;
255 foreach (self::$forbiddenAdminRights as $rightCode)
256 {
257 $key = array_search($rightCode, $addRightsAdmin, true);
258 if ($key)
259 {
260 array_splice($addRightsAdmin, $key, 1);
261 }
262 }
263
264 $demoData = [
265 'admin' => [
266 'rights' => [
267 'read',
268 'edit',
269 'sett',
270 'public',
271 'delete'
272 ],
273 'additional_rights' => $addRightsAdmin,
274 'access' => [
275 $defGroup
276 ]
277 ],
278 'manager' => [
279 'rights' => [
280 'read',
281 'edit',
282 'public'
283 ],
284 'additional_rights' => $addRightsManager,
285 'access' => []
286 ]
287 ];
288 $type = (string)$type;
289 foreach ($demoData as $code => $rights)
290 {
291 $code = mb_strtoupper($code);
292 $check = false;
293 /*$check = self::getList([
294 'filter' => [
295 '=XML_ID' => $code
296 ]
297 ])->fetch();*/
298 if (!$check)
299 {
300 $res = self::add([
301 'TYPE' => $type,
302 'XML_ID' => $code,
303 'ADDITIONAL_RIGHTS' => $rights['additional_rights']
304 ]);
305 if ($res->isSuccess())
306 {
307 self::setRights(
308 $res->getId(),
309 [0 => $rights['rights']]
310 );
311 if ($rights['access'])
312 {
313 self::setAccessCodes(
314 $res->getId(),
315 $rights['access']
316 );
317 }
318 }
319 unset($res);
320 }
321 unset($check);
322 }
323 unset($demoData, $defGroup, $code, $rights);
324
325 Manager::disableFeatureTmp(
326 Manager::FEATURE_PERMISSIONS_AVAILABLE
327 );
328 }
329
336 public static function setAccessCodes($roleId, array $codes = array())
337 {
338 if (!Manager::checkFeature(Manager::FEATURE_PERMISSIONS_AVAILABLE))
339 {
340 return;
341 }
342
343 $roleId = intval($roleId);
344
345 self::update($roleId, [
346 'ACCESS_CODES' => $codes
347 ]);
348
349 self::setRights(
350 $roleId,
351 self::getRights($roleId)
352 );
353
354 Rights::refreshAdditionalRights();
355 }
356
362 public static function getRights($roleId)
363 {
364 $tasks = Rights::getAccessTasksReferences();
365 $tasks = array_flip($tasks);
366 $roleId = intval($roleId);
367 $return = [];
368
369 $res = RightsTable::getlist([
370 'select' => [
371 'ENTITY_ID',
372 'TASK_ID'
373 ],
374 'filter' => [
375 'ROLE_ID' => $roleId,
376 '=ENTITY_TYPE' => Rights::ENTITY_TYPE_SITE
377 ]
378 ]);
379 while ($row = $res->fetch())
380 {
381 if (!isset($tasks[$row['TASK_ID']]))
382 {
383 continue;
384 }
385 if (!isset($return[$row['ENTITY_ID']]))
386 {
387 $return[$row['ENTITY_ID']] = [];
388 }
389 $right = $tasks[$row['TASK_ID']];
390 if (!in_array($right, $return[$row['ENTITY_ID']]))
391 {
392 $return[$row['ENTITY_ID']][] = $right;
393 }
394 }
395
396 return $return;
397 }
398
406 public static function setRights($roleId, $rights = [], $additionalRights = null)
407 {
408 if (!Manager::checkFeature(Manager::FEATURE_PERMISSIONS_AVAILABLE))
409 {
410 return;
411 }
412
413 if (!empty($rights))
414 {
415 $rights = (array) $rights;
416 }
417 $roleId = intval($roleId);
418 $tasks = Rights::getAccessTasksReferences();
419
420 // func for setting additional rights
421 $setAdditionalRights = function() use($roleId, $additionalRights)
422 {
423 // set additional rights
424 if ($additionalRights !== null)
425 {
426 if (!is_array($additionalRights))
427 {
428 $additionalRights = [];
429 }
430 self::update($roleId, [
431 'ADDITIONAL_RIGHTS' => $additionalRights
432 ]);
433 Rights::refreshAdditionalRights();
434 }
435 };
436
437 // gets access codes from role
438 $res = self::getList([
439 'select' => [
440 'ACCESS_CODES'
441 ],
442 'filter' => [
443 'ID' => $roleId
444 ]
445 ]);
446 if ($row = $res->fetch())
447 {
448 $accessCodes = $row['ACCESS_CODES'];
449 if (!$accessCodes)
450 {
451 $accessCodes = ['G1'];
452 }
453 }
454 else
455 {
456 $setAdditionalRights();
457 return;
458 }
459
460 // first remove all rights for role
461 $res = RightsTable::getlist([
462 'select' => [
463 'ID'
464 ],
465 'filter' => [
466 'ROLE_ID' => $roleId,
467 '=ENTITY_TYPE' => Rights::ENTITY_TYPE_SITE
468 ]
469 ]);
470 while ($row = $res->fetch())
471 {
472 RightsTable::delete($row['ID']);
473 }
474
475 if (empty($rights))
476 {
477 $setAdditionalRights();
478 return;
479 }
480
481 // check for site exists
482 $siteExists = [];
483 $res = Site::getList([
484 'select' => [
485 'ID'
486 ],
487 'filter' => array_keys($rights)
488 ]);
489 while ($row = $res->fetch())
490 {
491 $siteExists[] = $row['ID'];
492 }
493
494 // and set new rights for each site
495 $deniedCode = Rights::ACCESS_TYPES['denied'];
496 $readCode = Rights::ACCESS_TYPES['read'];
497 foreach ($rights as $siteId => $rightCodes)
498 {
499 if (!is_array($rightCodes))
500 {
501 continue;
502 }
503 if ($siteId > 0 && !in_array($siteId, $siteExists))
504 {
505 continue;
506 }
507 if (in_array($deniedCode, $rightCodes))
508 {
509 $rightCodes = [$deniedCode];
510 }
511 else if (!in_array($readCode, $rightCodes))
512 {
513 $rightCodes[] = $readCode;
514 }
515 foreach ($rightCodes as $rightCode)
516 {
517 if (isset($tasks[$rightCode]))
518 {
519 foreach ($accessCodes as $accessCode)
520 {
521 RightsTable::add([
522 'ROLE_ID' => $roleId,
523 'ENTITY_ID' => $siteId,
524 'ENTITY_TYPE' => Rights::ENTITY_TYPE_SITE,
525 'TASK_ID' => $tasks[$rightCode],
526 'ACCESS_CODE' => $accessCode
527 ]);
528 }
529 }
530 }
531 }
532
533 $setAdditionalRights();
534
535 Manager::getCacheManager()->clearByTag(
536 "intranet_menu_binding"
537 );
538 }
539
545 public static function setExpectedType($type)
546 {
547 if (is_string($type) || $type === null)
548 {
549 self::$expectedType = $type;
550 }
551 }
552
557 public static function getExpectedType()
558 {
559 return self::$expectedType;
560 }
561
566 public static function getExpectedRoleIds()
567 {
568 static $ids = [];
569
570 if (!$ids)
571 {
572 $ids[] = -1;
573 $res = self::getList([
574 'select' => [
575 'ID'
576 ],
577 'filter' => [
578 '=TYPE' => self::$expectedType
579 ]
580 ]);
581 while ($row = $res->fetch())
582 {
583 $ids[] = $row['ID'];
584 }
585 }
586
587 return $ids;
588 }
589}
Bitrix\Landing\Manager\getOption
static getOption($code, $default=null)
Definition manager.php:160
Bitrix\Landing\Manager\FEATURE_PERMISSIONS_AVAILABLE
const FEATURE_PERMISSIONS_AVAILABLE
Definition manager.php:42
Bitrix\Landing\Manager\setOption
static setOption($code, $value)
Definition manager.php:171
Bitrix\Landing\Manager\getCacheManager
static getCacheManager()
Definition manager.php:89
Bitrix\Landing\Manager\enableFeatureTmp
static enableFeatureTmp($feature)
Definition manager.php:769
Bitrix\Landing\Manager\disableFeatureTmp
static disableFeatureTmp($feature)
Definition manager.php:779
Bitrix\Landing\Manager\checkFeature
static checkFeature(string $feature, array $params=array())
Definition manager.php:831
Bitrix\Landing\PublicAction\Role\setRights
static setRights($id, array $rights, $additional=null)
Definition role.php:92
Bitrix\Landing\PublicAction\Role\setAccessCodes
static setAccessCodes($id, array $codes=array())
Definition role.php:114
Bitrix\Landing\PublicAction\Site\getList
static getList(array $params=[], $initiator=null)
Definition site.php:99
Bitrix\Landing\Rights\getAccessTasksReferences
static getAccessTasksReferences()
Definition rights.php:232
Bitrix\Landing\Rights\refreshAdditionalRights
static refreshAdditionalRights(array $additionalRights=[])
Definition rights.php:812
Bitrix\Landing\Role\$expectedType
static $expectedType
Definition role.php:21
Bitrix\Landing\Role\checkRequiredRoles
static checkRequiredRoles()
Definition role.php:54
Bitrix\Landing\Role\installDemo
static installDemo($type=null)
Definition role.php:202
Bitrix\Landing\Role\setRights
static setRights($roleId, $rights=[], $additionalRights=null)
Definition role.php:406
Bitrix\Landing\Role\getExpectedType
static getExpectedType()
Definition role.php:557
Bitrix\Landing\Role\$internalClass
static $internalClass
Definition role.php:27
Bitrix\Landing\Role\$forbiddenManagerRights
static $forbiddenManagerRights
Definition role.php:33
Bitrix\Landing\Role\setAccessCodes
static setAccessCodes($roleId, array $codes=array())
Definition role.php:336
Bitrix\Landing\Role\getExpectedRoleIds
static getExpectedRoleIds()
Definition role.php:566
Bitrix\Landing\Role\fetchAll
static fetchAll()
Definition role.php:114
Bitrix\Landing\Role\getRights
static getRights($roleId)
Definition role.php:362
Bitrix\Landing\Role\setExpectedType
static setExpectedType($type)
Definition role.php:545
Bitrix\Landing\Role\$forbiddenAdminRights
static $forbiddenAdminRights
Definition role.php:45
Bitrix\Main\Localization\Loc\loadMessages
static loadMessages($file)
Definition loc.php:64
Bitrix\Main\Localization\Loc\getMessage
static getMessage($code, $replace=null, $language=null)
Definition loc.php:29