Skip to content

Commit

Permalink
Apply new permission 'Authorization' to workflows
Browse files Browse the repository at this point in the history
  • Loading branch information
@leonardolauryel @eduardoperetto
leonardolauryel authored and eduardoperetto committed Jan 31, 2023
1 parent 9e0182c commit b6b94bd
Show file tree
Hide file tree
Showing 5 changed files with 101 additions and 79 deletions.
42 changes: 21 additions & 21 deletions migrations/m210609_120000_new_permissions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,29 +12,29 @@ class m210609_120000_new_permissions extends Migration
public function up()
{

$this->execute("
INSERT INTO `meican_auth_item` (`name`, `type`, `description`, `rule_name`, `data`, `created_at`, `updated_at`) VALUES
('g10', 1, NULL, NULL, NULL, 1623250718, 1623250718),
('readAuthorization', 2, NULL, NULL, NULL, 1623250718, 1623250718),
('updateAuthorization', 2, NULL, NULL, NULL, 1623250718, 1623250718);
");

$this->execute("
INSERT INTO `meican_auth_item` (`name`, `type`, `description`, `rule_name`, `data`, `created_at`, `updated_at`) VALUES
('g10', 1, NULL, NULL, NULL, 1623250718, 1623250718),
('readAuthorization', 2, NULL, NULL, NULL, 1623250718, 1623250718),
('updateAuthorization', 2, NULL, NULL, NULL, 1623250718, 1623250718);
");

$this->execute("
INSERT INTO `meican_group` (`name`, `role_name`, `type`) VALUES
('Authorization Manager', 'g10', 'DOMAIN');
");

$this->execute("
INSERT INTO `meican_group` (`name`, `role_name`, `type`) VALUES
('Authorization Manager', 'g10', 'DOMAIN');
");



$this->execute("
INSERT INTO `meican_auth_item_child` (`parent`, `child`) VALUES
('g2', 'readAuthorization'),
('g2', 'updateAuthorization'),
('g5', 'readAuthorization'),
('g5', 'updateAuthorization'),
('g10', 'readAuthorization'),
('g10', 'updateAuthorization');
");
$this->execute("
INSERT INTO `meican_auth_item_child` (`parent`, `child`) VALUES
('g2', 'readAuthorization'),
('g2', 'updateAuthorization'),
('g5', 'readAuthorization'),
('g5', 'updateAuthorization'),
('g10', 'readAuthorization'),
('g10', 'updateAuthorization');
");

}

Expand Down
5 changes: 3 additions & 2 deletions modules/aaa/RbacController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,13 +102,14 @@ static private function checkPermission($permissions, $role) {
* deve ser redirecionado para a página de erro padrão (403).
*
*/
static function can($permissions = null, $domain = null, $redirect = false) {
static function can($permissions = null, $domain = null, $redirect = false, $userId = false ) {
if (!is_array($permissions)) {
if ($permissions)
$permissions = [$permissions];
}

$userId = Yii::$app->user->getId();
if(!$userId)
$userId = Yii::$app->user->getId();

if($domain != null) {
$roles = UserDomainRole::find()->where([
Expand Down
30 changes: 15 additions & 15 deletions modules/bpm/assets/public/workflowLanguage.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,11 @@ for (k in users) {
users_values.push(users[k]);
}

var admins = admins ? admins : [];
var admins_keys = [], admins_values = [];
for (k in admins) {
admins_keys.push(k);
admins_values.push(admins[k]);
var authUsers = authUsers ? authUsers : [];
var authUsers_keys = [], authUsers_values = [];
for (k in authUsers) {
authUsers_keys.push(k);
authUsers_values.push(authUsers[k]);
}

var groups = groups ? groups : [];
Expand All @@ -37,12 +37,12 @@ for (k in groups) {
groups_values.push(groups[k]);
}

var admgroups_keys = [], admgroups_values = [];
for (k in groups) {
if(groups[k]=="Admin" || groups[k]=="Reservations Editor"){
admgroups_keys.push(k);
admgroups_values.push(groups[k]);
}
var authGroups = authGroups ? authGroups : [];

var authGroups_keys = [], authGroups_values = [];
for (k in authGroups) {
authGroups_keys.push(k);
authGroups_values.push(authGroups[k]);
}

var owner_domains = owner_domains ? owner_domains : [];
Expand Down Expand Up @@ -849,8 +849,8 @@ modules: [
inputParams:
{ label: "",
name: "title",
selectValues: admins_keys,
selectOptions: admins_values
selectValues: authUsers_keys,
selectOptions: authUsers_values
}
},
animColors:{
Expand Down Expand Up @@ -923,8 +923,8 @@ modules: [
inputParams:
{ label: "",
name: "title",
selectValues: admgroups_keys,
selectOptions: admgroups_values
selectValues: authGroups_keys,
selectOptions: authGroups_values
}
},
animColors:{
Expand Down
100 changes: 60 additions & 40 deletions modules/bpm/controllers/WorkflowController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,11 @@ public function actionIndex() {

public function actionNew() {
if(!self::can('workflow/create')){
if(!self::can("workflow/read")) return $this->goHome();
Yii::$app->getSession()->setFlash('danger', Yii::t("bpm", 'You are not allowed to create workflows'));
if(!self::can("workflow/read")) {
return $this->goHome();
}
else{
Yii::$app->getSession()->setFlash('warning', Yii::t("bpm", 'You are not allowed to create workflows'));
return $this->redirect(array('/bpm/workflow'));
}
}
Expand All @@ -72,8 +74,14 @@ public function actionCreate($domainTop = null){
));
};
};
if(!self::can("workflow/read")) return $this->goHome();
else return $this->redirect(array('/bpm/workflow/index'));
if(!self::can("workflow/read")) {
Yii::$app->getSession()->setFlash('danger', Yii::t("bpm", 'You are not allowed to read workflows'));
return $this->goHome();
}
else {
Yii::$app->getSession()->setFlash('danger', Yii::t("bpm", 'You are not allowed to create workflows'));
return $this->redirect(array('/bpm/workflow/index'));
}
}

public function actionUpdate($id = null){
Expand Down Expand Up @@ -125,30 +133,36 @@ public function actionEditorCreate($domainTop = null) {

$roles = $domain->getUserDomainsRoles()->all();

$adminsNames = [];
foreach($roles as $role):
$adminsNames[$role->getUser()->id] = $role->getUser()->name;
endforeach;

foreach(User::find()->all() as $user):
$usersNames[$user->id] = $user->name;
endforeach;

$groupsNames = [];
foreach(Group::find()->where(['type' => Group::TYPE_DOMAIN, 'domain' => $domainTop])->orWhere(['type' => Group::TYPE_DOMAIN, 'domain' => null])->all() as $group):
$queryGroup = Group::find()->where(['type' => Group::TYPE_DOMAIN, 'domain' => $domainTop])->orWhere(['type' => Group::TYPE_DOMAIN, 'domain' => null]);

$groupsNames = [];
foreach($queryGroup->all() as $group):
$groupsNames[$group->id] = $group->name;
endforeach;

Yii::trace($roles);
Yii::trace($usersNames);
Yii::trace($groupsNames);


$authGroupsNames = [];
foreach($queryGroup ->innerJoin('meican_auth_item_child', 'meican_group.role_name = meican_auth_item_child.parent')
->where(['meican_auth_item_child.child' => "updateAuthorization"])
->select(['meican_group.id', 'meican_group.name'])
->all() as $authGroup):
$authGroupsNames[$authGroup->id] = $authGroup->name;
endforeach;

$authUsersNames = [];
foreach(User::find()->all() as $user) {
$usersNames[$user->id] = $user->name;
if(RbacController::can("authorization/update", $domainTop, false, $user->id)) {
$authUsersNames[$user->id] = $user->name;
}
}

return $this->render('editor', array(
'owner_domain' => $ownerDomain,
'domains' => $allDomains,
'groups' => $groupsNames,
'users' => $usersNames,
'admins' => $adminsNames,
'authGroups' => $authGroupsNames,
'authUsers' => $authUsersNames,
));
};
};
Expand Down Expand Up @@ -181,31 +195,37 @@ public function actionEditorUpdate($id = null) {
}

$roles = $domain->getUserDomainsRoles()->all();

$adminsNames = [];
foreach($roles as $role):
$adminsNames[$role->getUser()->id] = $role->getUser()->name;
endforeach;

foreach(User::find()->all() as $user):
$usersNames[$user->id] = $user->name;
endforeach;


$queryGroup = Group::find()->where(['type' => Group::TYPE_DOMAIN, 'domain' => $domain->name])->orWhere(['type' => Group::TYPE_DOMAIN, 'domain' => null]);

$groupsNames = [];
foreach(Group::find()->where(['type' => Group::TYPE_DOMAIN, 'domain' => $domain->name])->orWhere(['type' => Group::TYPE_DOMAIN, 'domain' => null])->all() as $group):
$groupsNames[$group->id] = $group->name;
endforeach;

Yii::trace($roles);
Yii::trace($usersNames);
Yii::trace($groupsNames);

foreach($queryGroup->all() as $group):
$groupsNames[$group->id] = $group->name;
endforeach;

$authGroupsNames = [];
foreach($queryGroup ->innerJoin('meican_auth_item_child', 'meican_group.role_name = meican_auth_item_child.parent')
->where(['meican_auth_item_child.child' => "updateAuthorization"])
->select(['meican_group.id', 'meican_group.name'])
->all() as $authGroup):
$authGroupsNames[$authGroup->id] = $authGroup->name;
endforeach;

$authUsersNames = [];
foreach(User::find()->all() as $user) {
$usersNames[$user->id] = $user->name;
if(RbacController::can("authorization/update", $domain->name, false, $user->id)) {
$authUsersNames[$user->id] = $user->name;
}
}

return $this->render('editor', array(
'owner_domain' => $ownerDomain,
'domains' => $allDomains,
'groups' => $groupsNames,
'users' => $usersNames,
'admins' => $adminsNames,
'authGroups' => $authGroupsNames,
'authUsers' => $authUsersNames,
'id' => $_GET['id'],
));
};
Expand Down
3 changes: 2 additions & 1 deletion modules/bpm/views/workflow/editor.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@
var owner_domains = <?php echo json_encode($owner_domain); ?>;
var domains = <?php echo json_encode($domains); ?>;
var users = <?php echo json_encode($users); ?>;
var admins = <?php echo json_encode($admins); ?>;
var groups = <?php echo json_encode($groups); ?>;
var language = '<?= $_GET['lang']; ?>';
var authGroups = <?php echo json_encode($authGroups); ?>;
var authUsers = <?php echo json_encode($authUsers); ?>;
</script>

0 comments on commit b6b94bd

Please sign in to comment.