From 0a6440a6a69fa0cc3bc875d0207a1e2854bbf650 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Wed, 19 Nov 2014 14:22:33 +0100 Subject: [PATCH] Security: Add role form This form will replace the permission and restriction form refs #5647 --- application/forms/Security/RoleForm.php | 225 ++++++++++++++++++++++++ 1 file changed, 225 insertions(+) create mode 100644 application/forms/Security/RoleForm.php diff --git a/application/forms/Security/RoleForm.php b/application/forms/Security/RoleForm.php new file mode 100644 index 000000000..5861fa6fa --- /dev/null +++ b/application/forms/Security/RoleForm.php @@ -0,0 +1,225 @@ +getModuleManager()->getLoadedModules() as $module) { + foreach ($module->getProvidedPermissions() as $permission) { + /** @var object $permission */ + $this->providedPermissions[$permission->name] = $permission->name . ': ' . $permission->description; + } + foreach ($module->getProvidedRestrictions() as $restriction) { + /** @var object $restriction */ + $this->providedRestrictions[$restriction->name] = $restriction->name . ': ' . $restriction->description; + } + } + } + + /** + * (non-PHPDoc) + * @see \Icinga\Web\Form::createElements() For the method documentation. + */ + public function createElements(array $formData = array()) + { + $this->addElements(array( + array( + 'text', + 'name', + array( + 'required' => true, + 'label' => t('Role Name'), + 'description' => t('The name of the role') + ), + ), + array( + 'textarea', + 'users', + array( + 'label' => t('Users'), + 'description' => t('Comma-separated list of users that are assigned to the role') + ), + ), + array( + 'textarea', + 'groups', + array( + 'label' => t('Groups'), + 'description' => t('Comma-separated list of groups that are assigned to the role') + ), + ), + array( + 'multiselect', + 'permissions', + array( + 'label' => t('Permissions Set'), + 'description' => t('The permissions to grant. You may select more than one permission'), + 'multiOptions' => $this->providedPermissions + ) + ) + )); + return $this; + } + + /** + * Load a role + * + * @param string $name The name of the role + * + * @return $this + * + * @throws LogicException If the config is not set + * @see ConfigForm::setConfig() For setting the config. + */ + public function load($name) + { + if (! isset($this->config)) { + throw new LogicException(sprintf('Can\'t load role \'%s\'. Config is not set', $name)); + } + if (! $this->config->hasSection($name)) { + throw new InvalidArgumentException(sprintf( + t('Can\'t load role \'%s\'. Role does not exist'), + $name + )); + } + $role = $this->config->{$name}->toArray(); + $role['permissions'] = ! empty($role['permissions']) + ? String::trimSplit($role['permissions']) + : null; + $role['name'] = $name; + $this->populate($role); + return $this; + } + + /** + * Add a role + * + * @param string $name The name of the role + * @param array $values + * + * @return $this + * + * @throws LogicException If the config is not set + * @throws InvalidArgumentException If the role to add already exists + * @see ConfigForm::setConfig() For setting the config. + */ + public function add($name, array $values) + { + if (! isset($this->config)) { + throw new LogicException(sprintf('Can\'t add role \'%s\'. Config is not set', $name)); + } + if ($this->config->hasSection($name)) { + throw new InvalidArgumentException(sprintf( + t('Can\'t add role \'%s\'. Role already exists'), + $name + )); + } + $this->config->setSection($name, $values); + return $this; + } + + /** + * Remove a role + * + * @param string $name The name of the role + * + * @return $this + * + * @throws LogicException If the config is not set + * @throws InvalidArgumentException If the role does not exist + * @see ConfigForm::setConfig() For setting the config. + */ + public function remove($name) + { + if (! isset($this->config)) { + throw new LogicException(sprintf('Can\'t remove role \'%s\'. Config is not set', $name)); + } + if (! $this->config->hasSection($name)) { + throw new InvalidArgumentException(sprintf( + t('Can\'t remove role \'%s\'. Role does not exist'), + $name + )); + } + $this->config->removeSection($name); + return $this; + } + + /** + * Update a role + * + * @param string $name The possibly new name of the role + * @param array $values + * @param string $oldName The name of the role to update + * + * @return $this + * + * @throws LogicException If the config is not set + * @throws InvalidArgumentException If the role to update does not exist + * @see ConfigForm::setConfig() For setting the config. + */ + public function update($name, array $values, $oldName) + { + if (! isset($this->config)) { + throw new LogicException(sprintf('Can\'t update role \'%s\'. Config is not set', $name)); + } + if ($name !== $oldName) { + // The permission got a new name + $this->remove($oldName); + $this->add($name, $values); + } else { + if (! $this->config->hasSection($name)) { + throw new InvalidArgumentException(sprintf( + t('Can\'t update role \'%s\'. Role does not exist'), + $name + )); + } + $this->config->setSection($name, $values); + } + return $this; + } + + /** + * (non-PHPDoc) + * @see \Zend_Form::getValues() For the method documentation. + */ + public function getValues($suppressArrayNotation = false) + { + $permissions = $this->getElement('permissions')->getValue(); + return array( + 'users' => $this->getElement('users')->getValue(), + 'groups' => $this->getElement('groups')->getValue(), + 'permissions' => ! empty($permissions) ? implode(', ', $permissions) : null + ); + } +}