Task techjoomla#24 chore: Modified the Authorised and Check methods i…

…n RBACL
pravinTek · Feb 19, 2020 · ecf1dfa · ecf1dfa
1 parent d4a0e44
commit ecf1dfa
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 22 deletions.
diff --git a/README.md b/README.md
@@ -1 +1,32 @@
-# com_subusers
+# com_subusers
+
+# Introduction
+Subusers is a powerful component that provides the facility to associate roles to users. Based on the defined roles, users gets access to perform different actions in the organisation. Subusers is usually  integrated with multiagency or clusters. It cannot work on it own. It has to be integrated with any one of the components.
+
+Based on the action mentioned in the RBACL, role hierarchy gets defined. The higher role must have more actions.
+
+# Features
+
+Below features makes subusers a powerful component to use-
+
+1. Roles Management
+Subusers allows the user to introduce / add new role in the system. Roles can be added from the backend.
+
+Example - An agency can have roles like manager, admin, lead etc.
+
+2. Role Hierarchy
+Subusers allows user to define role hierarchy. Hierarchy is defined by the actions each role have. The role with higher actions count is considered to be superior role.
+
+Example - An agency can have roles like manager, admin, lead etc. Admin can perfom 10 actions while manager can perform 8 actions, this defines that admin role is higher than manager in terms of hierarchy.
+
+3. User Role Association
+Subusers allows you to add roles to users. An agency can have multiple user roles and those roles can managed in this component quite easily.
+
+Example - A user can be a manager in one agency and Admin in another.
+
+4. Data access security
+Subusers allows you have multiple user roles within the agencies but with this, the component keeps check on user that user should access the data only for the agency where he has access to.
+
+# Syntax to use
+
+RBACL::check(userId, recordClient, action, actionClient = null, contentId = null)
diff --git a/src/administrator/includes/rbacl.php b/src/administrator/includes/rbacl.php
@@ -73,27 +73,33 @@ public static function model($name, $config = array())
 	/**
 	 * Method to check if a user is authorised to perform an action, optionally on an content.
 	 *
-	 * @param   integer  $userId     Id of the user for which to check authorisation.
-	 * @param   string   $client     The name of the client to authorise. com_content
-	 * @param   string   $action     The name of the action to authorise. Eg. core.edit
-	 * @param   integer  $contentId  The content key. null check with role and allowed actions.
+	 * @param   integer  $userId        Id of the user for which to check authorisation.
+	 * @param   string   $client        The name of the client to authorise. com_content
+	 * @param   string   $action        The name of the action to authorise. Eg. core.edit
+	 * @param   string   $actionClient  The name of the client of action to authorise. Eg. com_content
+	 * @param   integer  $contentId     The content key. null check with role and allowed actions.
 	 *
 	 * @return  boolean         True if allowed, false for an explicit deny, null for an implicit deny.
 	 *
 	 * @since   __DEPLOY_VERSION__
 	 */
-	public static function check($userId, $client, $action, $contentId = null)
+	public static function check($userId, $client, $action, $actionClient = null, $contentId = null)
 	{
 		$action = strtolower(preg_replace('#[\s\-]+#', '.', trim($action)));
 
 		$user = Factory::getUser($userId);
 
 		if ($user->id)
 		{
+			if (empty(trim($actionClient)))
+			{
+				$actionClient = $client;
+			}
+
 			/*
 			 * Step 1. Check the action is exist
 			 */
-			$actionObj = SubusersAction::loadActionByCode($action, $client);
+			$actionObj = SubusersAction::loadActionByCode($action, $actionClient);
 
 			if ($actionObj->id)
 			{
@@ -130,9 +136,7 @@ public static function check($userId, $client, $action, $contentId = null)
 					$userModel = self::model("user");
 					$contentRoleId = $userModel->getAssociatedContentRole($userId, $client, $contentId);
 
-					$rolesAllowed = array_intersect($contentRoleId, $allowedRoles);
-
-					if (!empty($rolesAllowed))
+					if (in_array($contentRoleId[0], $allowedRoles))
 					{
 						return true;
 					}
@@ -146,23 +150,31 @@ public static function check($userId, $client, $action, $contentId = null)
 	/**
 	 * This method will check the core Joomla authorisatoion and RBACL authorisation
 	 *
-	 * @param   integer  $userId     Id of the user for which to check authorisation.
-	 * @param   string   $client     The name of the client to authorise. com_content
-	 * @param   string   $action     The name of the action to authorise. Eg. core.edit
-	 * @param   integer  $contentId  The content key. null check with role and allowed actions.
+	 * @param   integer  $userId        Id of the user for which to check authorisation.
+	 * @param   string   $client        The name of the client to authorise. com_content
+	 * @param   string   $action        The name of the action to authorise. Eg. core.edit
+	 * @param   string   $actionClient  The name of the client of action to authorise. Eg. com_content
+	 * @param   integer  $contentId     The content key. null check with role and allowed actions.
 	 *
 	 * @return  boolean  True if authorised
 	 *
 	 * @since   __DEPLOY_VERSION__
 	 */
-	public static function authorise($userId, $client, $action, $contentId = null)
+	public static function authorise($userId, $client, $action, $actionClient = null, $contentId = null)
 	{
 		$client = (string) $client;
 		$action = (string) $action;
+		$actionClient = (string) $actionClient;
+
+		if (empty(trim($actionClient)))
+		{
+			$actionClient = $client;
+		}
+
 		$user = Factory::getUser($userId);
-		$result = $user->authorise($action, $client);
+		$result = $user->authorise($action, $actionClient);
 
-		return $result && self::check($userId, $client, $action, $contentId);
+		return $result && self::check($userId, $client, $action, $actionClient, $contentId);
 	}
 
 	/**

diff --git a/src/administrator/models/roles.php b/src/administrator/models/roles.php
@@ -78,7 +78,6 @@ protected function populateState($ordering = 'a.id', $direction = 'desc')
 	 */
 	protected function getListQuery()
 	{
-		// Create a new query object.
 		$db    = $this->getDbo();
 		$query = $db->getQuery(true);
 
@@ -90,11 +89,9 @@ protected function getListQuery()
 		);
 		$query->from('`#__tjsu_roles` AS a');
 
-		// Join over the user field 'created_by'
 		$query->select('`created_by`.name AS `created_by`');
 		$query->join('LEFT', '#__users AS `created_by` ON `created_by`.id = a.`created_by`');
 
-		// Filter by search in title
 		$search = $this->getState('filter.search');
 
 		if (!empty($search))
@@ -114,13 +111,11 @@ protected function getListQuery()
 
 		$client = $this->getState('filter.client');
 
-		// Filter by client
 		if (!empty($client))
 		{
 			$query->where($db->quoteName('a.client') . ' = ' . $db->quote($client));
 		}
 
-		// Add the list ordering clause.
 		$orderCol  = $this->state->get('list.ordering');
 		$orderDirn = $this->state->get('list.direction');
 

diff --git a/src/administrator/sql/install.mysql.utf8.sql b/src/administrator/sql/install.mysql.utf8.sql
@@ -6,6 +6,7 @@ CREATE TABLE IF NOT EXISTS `#__tjsu_roles` (
   `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
   `name` varchar(255) NOT NULL COMMENT 'The name of the role',
   `client` varchar(255) NOT NULL COMMENT 'The client name Eg. com_tjlms, com_jlike',
+  `state` tinyint(1) NOT NULL DEFAULT '1',
   `created_by` int(11) NOT NULL,
   `created_date` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
   `modified_by` int(11) NOT NULL,