Bitrix-D7
23.9
Загрузка...
Поиск...
Не найдено
permission.php
1
<?php
2
3
namespace
Bitrix\Sender\Security\Role
;
4
5
use
Bitrix\Main\ArgumentException
;
6
use
Bitrix\Main\Localization\Loc
;
7
use
Bitrix\Sender\Internals\Model
;
8
use
Bitrix\Sender\Security\User
;
9
10
Loc::loadMessages
(__FILE__);
11
12
class
Permission
13
{
14
const
ENTITY_AD
=
'AD'
;
15
const
ENTITY_RC
=
'RC'
;
16
const
ENTITY_LETTER
=
'LETTER'
;
17
const
ENTITY_SEGMENT
=
'SEGMENT'
;
18
const
ENTITY_BLACKLIST
=
'BLACKLIST'
;
19
const
ENTITY_SETTINGS
=
'SETTINGS'
;
20
21
const
ACTION_VIEW
=
'VIEW'
;
22
const
ACTION_MODIFY
=
'MODIFY'
;
23
24
const
PERMISSION_NONE
=
''
;
25
const
PERMISSION_SELF
=
'A'
;
26
const
PERMISSION_DEPARTMENT
=
'D'
;
27
const
PERMISSION_ANY
=
'X'
;
28
29
private
static
$cache = [];
30
31
41
/*
42
public function getPermission($entityCode, $actionCode)
43
{
44
45
$permissionMap = $this->getMap();
46
if(!isset($permissionMap[$entityCode][$actionCode]))
47
throw new ArgumentException('Unknown entity or action code');
48
49
return (isset($this->Permission[$entityCode][$actionCode]) ? $this->Permission[$entityCode][$actionCode] : self::PERMISSION_NONE);
50
51
}
52
*/
53
64
public
static
function
check
(array $permissions, $entityCode, $actionCode, $minPerm =
null
)
65
{
66
$map =
self::getMap
();
67
if
(!isset($map[$entityCode][$actionCode]))
68
{
69
throw
new
ArgumentException
(
'Unknown entity or action code.'
);
70
}
71
72
if
(!isset($permissions[$entityCode][$actionCode]))
73
{
74
return
false
;
75
}
76
77
$perm = $permissions[$entityCode][$actionCode];
78
$minPerm = $minPerm ?:
self::PERMISSION_NONE
;
79
80
81
if
($minPerm === self::PERMISSION_NONE)
82
{
83
return
$perm > $minPerm;
84
}
else
85
{
86
return
$perm >= $minPerm;
87
}
88
}
89
97
public
static
function
getByUserId
($userId)
98
{
99
if
(!isset(static::$cache[$userId]))
100
{
101
$user =
User::get
($userId);
102
if
($user->isPortalAdmin() || $user->isAdmin())
103
{
104
static::$cache[$userId] =
self::getAdminPermissions
();
105
return
static::$cache[$userId];
106
}
107
108
//everybody else's permissions are defined by their role
109
$result = [];
110
$userAccessCodes = \CAccess::getUserCodesArray($user->getId());
111
112
if
(!is_array($userAccessCodes) || count($userAccessCodes) === 0)
113
{
114
static::$cache[$userId] = [];
115
return
static::$cache[$userId];
116
}
117
118
$list = Model\Role\PermissionTable::getList(array(
119
'filter'
=> array(
120
'=ROLE_ACCESS.ACCESS_CODE'
=> $userAccessCodes
121
)
122
));
123
124
foreach
($list as $row)
125
{
126
if
(!isset($result[$row[
'ENTITY'
]][$row[
'ACTION'
]])
127
|| $result[$row[
'ENTITY'
]][$row[
'ACTION'
]] < $row[
'PERMISSION'
])
128
{
129
$result[$row[
'ENTITY'
]][$row[
'ACTION'
]] = $row[
'PERMISSION'
];
130
}
131
}
132
133
static::$cache[$userId] = $result;
134
}
135
136
return
static::$cache[$userId];
137
}
138
144
public
static
function
getMap
()
145
{
146
return
[
147
self::ENTITY_LETTER => [
148
self::ACTION_VIEW => [
149
self::PERMISSION_NONE
,
150
self::PERMISSION_ANY
151
],
152
self::ACTION_MODIFY => [
153
self::PERMISSION_NONE
,
154
self::PERMISSION_ANY
155
],
156
],
157
self::ENTITY_AD => [
158
self::ACTION_VIEW => [
159
self::PERMISSION_NONE
,
160
self::PERMISSION_ANY
161
],
162
self::ACTION_MODIFY => [
163
self::PERMISSION_NONE
,
164
self::PERMISSION_ANY
165
],
166
],
167
self::ENTITY_RC => [
168
self::ACTION_VIEW => [
169
self::PERMISSION_NONE
,
170
self::PERMISSION_ANY
171
],
172
self::ACTION_MODIFY => [
173
self::PERMISSION_NONE
,
174
self::PERMISSION_ANY
175
],
176
],
177
self::ENTITY_SEGMENT => [
178
self::ACTION_VIEW => [
179
self::PERMISSION_NONE
,
180
self::PERMISSION_ANY
181
],
182
self::ACTION_MODIFY => [
183
self::PERMISSION_NONE
,
184
self::PERMISSION_ANY
185
],
186
],
187
self::ENTITY_BLACKLIST => [
188
self::ACTION_VIEW => [
189
self::PERMISSION_NONE
,
190
self::PERMISSION_ANY
191
],
192
self::ACTION_MODIFY => [
193
self::PERMISSION_NONE
,
194
self::PERMISSION_ANY
195
]
196
],
197
self::ENTITY_SETTINGS => [
198
self::ACTION_MODIFY => [
199
self::PERMISSION_NONE
,
200
self::PERMISSION_ANY
201
]
202
],
203
];
204
}
205
212
public
static
function
normalize
(array $source)
213
{
214
$map =
self::getMap
();
215
$result = [];
216
217
foreach
($map as $entity => $actions)
218
{
219
foreach
($actions as $action => $permission)
220
{
221
if
(isset($source[$entity][$action]))
222
{
223
$result[$entity][$action] = $source[$entity][$action];
224
}
else
225
{
226
$result[$entity][$action] =
self::PERMISSION_NONE
;
227
}
228
}
229
}
230
231
return
$result;
232
}
233
240
public
static
function
getEntityName
($entity)
241
{
242
return
Loc::getMessage
(
'SENDER_SECURITY_ROLE_ENTITY_'
. $entity);
243
}
244
251
public
static
function
getActionName
($action)
252
{
253
return
Loc::getMessage
(
'SENDER_SECURITY_ROLE_ACTION_'
. $action);
254
}
255
262
public
static
function
getPermissionName
($permission)
263
{
264
switch
($permission)
265
{
266
case
self::PERMISSION_NONE
:
267
$result =
Loc::getMessage
(
'SENDER_SECURITY_ROLE_PERMISSION_NONE'
);
268
break
;
269
case
self::PERMISSION_SELF
:
270
$result =
Loc::getMessage
(
'SENDER_SECURITY_ROLE_PERMISSION_SELF'
);
271
break
;
272
case
self::PERMISSION_DEPARTMENT
:
273
$result =
Loc::getMessage
(
'SENDER_SECURITY_ROLE_PERMISSION_DEPARTMENT'
);
274
break
;
275
case
self::PERMISSION_ANY
:
276
$result =
Loc::getMessage
(
'SENDER_SECURITY_ROLE_PERMISSION_ANY'
);
277
break
;
278
default
:
279
$result =
''
;
280
break
;
281
}
282
return
$result;
283
}
284
290
protected
static
function
getAdminPermissions
()
291
{
292
$result = array();
293
$permissionMap =
self::getMap
();
294
295
foreach
($permissionMap as $entity => $actions)
296
{
297
foreach
($actions as $action => $permissions)
298
{
299
foreach
($permissions as $permission)
300
{
301
if
(!isset($result[$entity][$action]) || $result[$entity][$action] < $permission)
302
{
303
$result[$entity][$action] = $permission;
304
}
305
}
306
}
307
}
308
309
return
$result;
310
}
311
}
Bitrix\Main\ArgumentException
Definition
exception.php:34
Bitrix\Main\Localization\Loc
Definition
loc.php:11
Bitrix\Main\Localization\Loc\loadMessages
static loadMessages($file)
Definition
loc.php:64
Bitrix\Main\Localization\Loc\getMessage
static getMessage($code, $replace=null, $language=null)
Definition
loc.php:29
Bitrix\Sender\Security\Role\Permission
Definition
permission.php:13
Bitrix\Sender\Security\Role\Permission\PERMISSION_NONE
const PERMISSION_NONE
Definition
permission.php:24
Bitrix\Sender\Security\Role\Permission\check
static check(array $permissions, $entityCode, $actionCode, $minPerm=null)
Definition
permission.php:64
Bitrix\Sender\Security\Role\Permission\PERMISSION_DEPARTMENT
const PERMISSION_DEPARTMENT
Definition
permission.php:26
Bitrix\Sender\Security\Role\Permission\getMap
static getMap()
Definition
permission.php:144
Bitrix\Sender\Security\Role\Permission\ACTION_VIEW
const ACTION_VIEW
Definition
permission.php:21
Bitrix\Sender\Security\Role\Permission\ENTITY_SEGMENT
const ENTITY_SEGMENT
Definition
permission.php:17
Bitrix\Sender\Security\Role\Permission\PERMISSION_ANY
const PERMISSION_ANY
Definition
permission.php:27
Bitrix\Sender\Security\Role\Permission\ACTION_MODIFY
const ACTION_MODIFY
Definition
permission.php:22
Bitrix\Sender\Security\Role\Permission\ENTITY_BLACKLIST
const ENTITY_BLACKLIST
Definition
permission.php:18
Bitrix\Sender\Security\Role\Permission\normalize
static normalize(array $source)
Definition
permission.php:212
Bitrix\Sender\Security\Role\Permission\getPermissionName
static getPermissionName($permission)
Definition
permission.php:262
Bitrix\Sender\Security\Role\Permission\ENTITY_RC
const ENTITY_RC
Definition
permission.php:15
Bitrix\Sender\Security\Role\Permission\ENTITY_SETTINGS
const ENTITY_SETTINGS
Definition
permission.php:19
Bitrix\Sender\Security\Role\Permission\getByUserId
static getByUserId($userId)
Definition
permission.php:97
Bitrix\Sender\Security\Role\Permission\ENTITY_LETTER
const ENTITY_LETTER
Definition
permission.php:16
Bitrix\Sender\Security\Role\Permission\getEntityName
static getEntityName($entity)
Definition
permission.php:240
Bitrix\Sender\Security\Role\Permission\PERMISSION_SELF
const PERMISSION_SELF
Definition
permission.php:25
Bitrix\Sender\Security\Role\Permission\getActionName
static getActionName($action)
Definition
permission.php:251
Bitrix\Sender\Security\Role\Permission\getAdminPermissions
static getAdminPermissions()
Definition
permission.php:290
Bitrix\Sender\Security\Role\Permission\ENTITY_AD
const ENTITY_AD
Definition
permission.php:14
Bitrix\Sender\Security\User
Definition
user.php:24
Bitrix\Sender\Security\User\get
static get($id)
Definition
user.php:62
Bitrix\Sender\Internals\Model
Definition
abuse.php:3
Bitrix\Sender\Security\Role
Definition
manager.php:3
modules
sender
lib
security
role
permission.php
Создано системой
1.10.0
1.10.0