Bitrix-D7 23.9
 
Загрузка...
Поиск...
Не найдено
manager.php
1<?php
2
3namespace Bitrix\Sender\Security\Role;
4
5use Bitrix\Main\Loader;
6use Bitrix\Main\Application;
7use Bitrix\Main\ArgumentException;
8use Bitrix\Main\Entity\AddResult;
9use Bitrix\Main\Localization\Loc;
10use Bitrix\Sender\Access\Role\RoleTable;
11use Bitrix\Sender\Internals\Model;
12
13use Bitrix\Bitrix24\Feature;
14
15Loc::loadMessages(__FILE__);
16
22class Manager
23{
25 protected static $userRoles = []; // 'USER_ID' => 'ROLE_ID'
26
32 public static function clearMenuCache()
33 {
34 Application::getInstance()->getTaggedCache()->clearByTag('bitrix:menu');
35 }
36
42 public static function canUse()
43 {
44 if(!Loader::includeModule('bitrix24'))
45 {
46 return true;
47 }
48
49 return Feature::isFeatureEnabled('sender_security');
50 }
51
57 public static function getTrialText()
58 {
59 return Loc::getMessage('SENDER_SECURITY_ROLE_MANAGER_TRIAL_TEXT_NEW');
60 }
61
68 public static function getRoleList(array $parameters = [])
69 {
70 return RoleTable::getList($parameters);
71 }
72
79 public static function getAccessList(array $parameters = [])
80 {
81 return Model\Role\AccessTable::getList($parameters);
82 }
83
90 public static function setAccessCodes(array $list = [])
91 {
92 self::clearMenuCache();
93 Model\Role\AccessTable::truncate();
94 foreach ($list as $item)
95 {
96 $result = Model\Role\AccessTable::add(array(
97 'ROLE_ID' => $item['ROLE_ID'],
98 'ACCESS_CODE' => $item['ACCESS_CODE']
99 ));
100 if(!$result->isSuccess())
101 {
102 return $result;
103 }
104 }
105
106 return new AddResult();
107 }
108
117 public static function getRolesByUserId($userId)
118 {
119 if(isset(self::$userRoles[$userId]))
120 return self::$userRoles[$userId];
121
122 $result = [];
123 $userAccessCodes = \CAccess::getUserCodesArray($userId);
124
125 if(!is_array($userAccessCodes) || count($userAccessCodes) === 0)
126 return [];
127
128 $cursor = Model\Role\AccessTable::getList([
129 'filter' => [
130 '=ACCESS_CODE' => $userAccessCodes
131 ]
132 ]);
133
134 while($row = $cursor->fetch())
135 {
136 $result[] = $row['ROLE_ID'];
137 }
138
139 self::$userRoles[$userId] = $result;
140 return $result;
141 }
142
149 public static function getRolePermissions($roleId)
150 {
151 $result = [];
152 $list = Model\Role\PermissionTable::getList(['filter' => ['=ROLE_ID' => $roleId]]);
153 foreach ($list as $row)
154 {
155 $result[$row['ENTITY']][$row['ACTION']] = $row['PERMISSION'];
156 }
157
158 return Permission::normalize($result);
159 }
160
170 public static function setRolePermissions($roleId = null, array $roleFields = [], array $permissions)
171 {
172 $roleId = (int) $roleId;
173 if ($roleId <= 0 && empty($roleFields))
174 {
175 throw new ArgumentException('Role id should be greater than zero', 'roleId');
176 }
177
178 if(RoleTable::getRowById($roleId))
179 {
180 if (!empty($roleFields))
181 {
182 $result = RoleTable::update($roleId, $roleFields);
183 if (!$result->isSuccess())
184 {
185 return $result;
186 }
187 }
188 }
189 else
190 {
191 $result = RoleTable::add($roleFields);
192 if (!$result->isSuccess())
193 {
194 return $result;
195 }
196
197 $roleId = $result->getId();
198 }
199
200 $normalizedPermissions = Permission::normalize($permissions);
201 Model\Role\PermissionTable::deleteByRoleId($roleId);
202 foreach ($normalizedPermissions as $entity => $actions)
203 {
204 foreach ($actions as $action => $permission)
205 {
206 $result = Model\Role\PermissionTable::add(array(
207 'ROLE_ID' => $roleId,
208 'ENTITY' => $entity,
209 'ACTION' => $action,
210 'PERMISSION' => $permission
211 ));
212 if (!$result->isSuccess())
213 {
214 return $result;
215 }
216 }
217 }
218
219 self::clearMenuCache();
220 $result = new AddResult();
221 $result->setId($roleId);
222 return $result;
223 }
224
231 public static function deleteRole($roleId)
232 {
233 Model\Role\PermissionTable::deleteByRoleId($roleId);
234 Model\Role\AccessTable::deleteByRoleId($roleId);
235 RoleTable::delete($roleId);
236 self::clearMenuCache();
237 }
238
244 public static function installRolesAgent()
245 {
246 self::installRoles();
247 return '';
248 }
249
255 public static function installRoles()
256 {
257 $roleRow = RoleTable::getRow([]);
258 if($roleRow)
259 {
260 return;
261 }
262
263
264 $defaultRoles = array(
265 'ADMIN' => array(
266 'NAME' => Loc::getMessage('SENDER_SECURITY_ROLE_MANAGER_INSTALLER_ADMIN'),
267 'PERMISSIONS' => array(
268 Permission::ENTITY_AD => array(
269 Permission::ACTION_VIEW => Permission::PERMISSION_ANY,
270 Permission::ACTION_MODIFY => Permission::PERMISSION_ANY,
271 ),
272 Permission::ENTITY_RC => array(
273 Permission::ACTION_VIEW => Permission::PERMISSION_ANY,
274 Permission::ACTION_MODIFY => Permission::PERMISSION_ANY,
275 ),
276 Permission::ENTITY_LETTER => array(
277 Permission::ACTION_VIEW => Permission::PERMISSION_ANY,
278 Permission::ACTION_MODIFY => Permission::PERMISSION_ANY,
279 ),
280 Permission::ENTITY_SEGMENT => array(
281 Permission::ACTION_VIEW => Permission::PERMISSION_ANY,
282 Permission::ACTION_MODIFY => Permission::PERMISSION_ANY,
283 ),
284 Permission::ENTITY_BLACKLIST => array(
285 Permission::ACTION_VIEW => Permission::PERMISSION_ANY,
286 Permission::ACTION_MODIFY => Permission::PERMISSION_ANY,
287 ),
288 Permission::ENTITY_SETTINGS => array(
289 Permission::ACTION_MODIFY => Permission::PERMISSION_ANY,
290 ),
291 )
292 ),
293 'MANAGER' => array(
294 'NAME' => Loc::getMessage('SENDER_SECURITY_ROLE_MANAGER_INSTALLER_MANAGER'),
295 'PERMISSIONS' => array(
296 Permission::ENTITY_AD => array(
297 Permission::ACTION_VIEW => Permission::PERMISSION_ANY,
298 Permission::ACTION_MODIFY => Permission::PERMISSION_ANY,
299 ),
300 Permission::ENTITY_RC => array(
301 Permission::ACTION_VIEW => Permission::PERMISSION_ANY,
302 Permission::ACTION_MODIFY => Permission::PERMISSION_ANY,
303 ),
304 Permission::ENTITY_LETTER => array(
305 Permission::ACTION_VIEW => Permission::PERMISSION_ANY,
306 Permission::ACTION_MODIFY => Permission::PERMISSION_ANY,
307 ),
308 Permission::ENTITY_SEGMENT => array(
309 Permission::ACTION_VIEW => Permission::PERMISSION_ANY,
310 Permission::ACTION_MODIFY => Permission::PERMISSION_NONE,
311 ),
312 Permission::ENTITY_BLACKLIST => array(
313 Permission::ACTION_VIEW => Permission::PERMISSION_ANY,
314 Permission::ACTION_MODIFY => Permission::PERMISSION_ANY,
315 ),
316 Permission::ENTITY_SETTINGS => array(
317 Permission::ACTION_MODIFY => Permission::PERMISSION_NONE,
318 ),
319 )
320 )
321 );
322
323 $roleIds = array();
324 foreach ($defaultRoles as $roleCode => $role)
325 {
326 $addResult = RoleTable::add(array(
327 'NAME' => $role['NAME'],
328 'XML_ID' => $roleCode,
329 ));
330
331 $roleId = $addResult->getId();
332 if ($roleId)
333 {
334 $roleIds[$roleCode] = $roleId;
335 Manager::setRolePermissions($roleId, [], $role['PERMISSIONS']);
336 }
337 }
338
339 if (isset($roleIds['ADMIN']))
340 {
341 Model\Role\AccessTable::add(array(
342 'ROLE_ID' => $roleIds['ADMIN'],
343 'ACCESS_CODE' => 'G1'
344 ));
345 }
346 if (isset($roleIds['MANAGER']) && Loader::includeModule('intranet'))
347 {
348 $departmentTree = \CIntranetUtils::getDeparmentsTree();
349 $rootDepartment = (int)$departmentTree[0][0];
350
351 if ($rootDepartment > 0)
352 {
353 Model\Role\AccessTable::add(array(
354 'ROLE_ID' => $roleIds['MANAGER'],
355 'ACCESS_CODE' => 'DR'.$rootDepartment
356 ));
357 }
358 }
359 }
360}
Bitrix\Main\Localization\Loc\loadMessages
static loadMessages($file)
Definition loc.php:64
Bitrix\Main\Localization\Loc\getMessage
static getMessage($code, $replace=null, $language=null)
Definition loc.php:29
Bitrix\Sender\Security\Role\Manager\getRoleList
static getRoleList(array $parameters=[])
Definition manager.php:68
Bitrix\Sender\Security\Role\Manager\getAccessList
static getAccessList(array $parameters=[])
Definition manager.php:79
Bitrix\Sender\Security\Role\Manager\setAccessCodes
static setAccessCodes(array $list=[])
Definition manager.php:90
Bitrix\Sender\Security\Role\Manager\setRolePermissions
static setRolePermissions($roleId=null, array $roleFields=[], array $permissions)
Definition manager.php:170