Refresh admin ACL when user is updated and on refresh roles, without …

…having lo logout (#1714)
OpenMage · Oct 11, 2022 · 27d0727 · 27d0727
1 parent 1641eab
commit 27d0727
Show file tree

Hide file tree

Showing 6 changed files with 100 additions and 106 deletions.
diff --git a/app/code/core/Mage/Admin/Model/Resource/Roles.php b/app/code/core/Mage/Admin/Model/Resource/Roles.php
@@ -47,7 +47,7 @@ protected function _construct()
         $this->_init('admin/role', 'role_id');
 
         $this->_usersTable = $this->getTable('admin/user');
-        $this->_ruleTable = $this->getTable('admin/rule');
+        $this->_ruleTable  = $this->getTable('admin/rule');
     }
 
     /**
@@ -79,8 +79,10 @@ protected function _beforeSave(Mage_Core_Model_Abstract $role)
         } else {
             $treeLevel = 0;
         }
+
         $role->setTreeLevel($treeLevel + 1);
         $role->setRoleName($role->getName());
+
         return $this;
     }
 
@@ -109,17 +111,8 @@ protected function _afterSave(Mage_Core_Model_Abstract $role)
     protected function _afterDelete(Mage_Core_Model_Abstract $role)
     {
         $adapter = $this->_getWriteAdapter();
-
-        $adapter->delete(
-            $this->getMainTable(),
-            ['parent_id = ?' => (int) $role->getId()]
-        );
-
-        $adapter->delete(
-            $this->_ruleTable,
-            ['role_id = ?' => (int) $role->getId()]
-        );
-
+        $adapter->delete($this->getMainTable(), ['parent_id = ?' => (int) $role->getId()]);
+        $adapter->delete($this->_ruleTable, ['role_id = ?' => (int) $role->getId()]);
         return $this;
     }
 
@@ -131,38 +124,32 @@ protected function _afterDelete(Mage_Core_Model_Abstract $role)
      */
     public function getRoleUsers(Mage_Admin_Model_Roles $role)
     {
-        $read = $this->_getReadAdapter();
-
-        $binds = [
-            'role_id'   => $role->getId(),
-            'role_type' => 'U'
-        ];
-
-        $select = $read->select()
+        $adapter = $this->_getReadAdapter();
+        $select  = $adapter->select()
             ->from($this->getMainTable(), ['user_id'])
-            ->where('parent_id = :role_id')
-            ->where('role_type = :role_type')
+            ->where('parent_id = ?', $role->getId())
+            ->where('role_type = ?', Mage_Admin_Model_Acl::ROLE_TYPE_USER)
             ->where('user_id > 0');
-
-        return $read->fetchCol($select, $binds);
+        return $adapter->fetchCol($select);
     }
 
     /**
-     * Update role users ACL
+     * Update role users
      *
      * @param Mage_Admin_Model_Roles $role
      * @return bool
      */
     private function _updateRoleUsersAcl(Mage_Admin_Model_Roles $role)
     {
-        $write  = $this->_getWriteAdapter();
-        $users  = $this->getRoleUsers($role);
+        $users = $this->getRoleUsers($role);
         $rowsCount = 0;
 
         if (count($users)) {
-            $bind  = ['reload_acl_flag' => 1];
-            $where = ['user_id IN(?)' => $users];
-            $rowsCount = $write->update($this->_usersTable, $bind, $where);
+            $rowsCount = $this->_getWriteAdapter()->update(
+                $this->_usersTable,
+                ['reload_acl_flag' => 1],
+                ['user_id IN (?)' => $users]
+            );
         }
 
         return $rowsCount > 0;

diff --git a/app/code/core/Mage/Admin/Model/Resource/User.php b/app/code/core/Mage/Admin/Model/Resource/User.php
@@ -221,13 +221,11 @@ public function delete(Mage_Core_Model_Abstract $user)
     public function _saveRelations(Mage_Core_Model_Abstract $user)
     {
         $rolesIds = $user->getRoleIds();
-
         if (!is_array($rolesIds) || count($rolesIds) == 0) {
             return $user;
         }
 
         $adapter = $this->_getWriteAdapter();
-
         $adapter->beginTransaction();
 
         try {
@@ -239,23 +237,28 @@ public function _saveRelations(Mage_Core_Model_Abstract $user)
             foreach ($rolesIds as $rid) {
                 $rid = intval($rid);
                 if ($rid > 0) {
-                    $row = Mage::getModel('admin/role')->load($rid)->getData();
+                    $role = Mage::getModel('admin/role')->load($rid);
                 } else {
-                    $row = ['tree_level' => 0];
+                    $role = new Varien_Object(['tree_level' => 0]);
                 }
 
                 $data = new Varien_Object([
-                    'parent_id'     => $rid,
-                    'tree_level'    => $row['tree_level'] + 1,
-                    'sort_order'    => 0,
-                    'role_type'     => 'U',
-                    'user_id'       => $user->getId(),
-                    'role_name'     => $user->getFirstname()
+                    'parent_id'  => $rid,
+                    'tree_level' => $role->getTreeLevel() + 1,
+                    'sort_order' => 0,
+                    'role_type'  => Mage_Admin_Model_Acl::ROLE_TYPE_USER,
+                    'user_id'    => $user->getId(),
+                    'role_name'  => $user->getFirstname()
                 ]);
 
                 $insertData = $this->_prepareDataForTable($data, $this->getTable('admin/role'));
                 $adapter->insert($this->getTable('admin/role'), $insertData);
             }
+
+            if ($user->getId() > 0) {
+                // reload acl on next user http request
+                $this->saveReloadAclFlag($user, 1);
+            }
             $adapter->commit();
         } catch (Mage_Core_Exception $e) {
             $adapter->rollBack();
@@ -280,10 +283,9 @@ public function getRoles(Mage_Core_Model_Abstract $user)
             return [];
         }
 
-        $table  = $this->getTable('admin/role');
-        $adapter   = $this->_getReadAdapter();
-
-        $select = $adapter->select()
+        $table   = $this->getTable('admin/role');
+        $adapter = $this->_getReadAdapter();
+        $select  = $adapter->select()
                     ->from($table, [])
                     ->joinLeft(
                         ['ar' => $table],
@@ -314,38 +316,39 @@ public function getRoles(Mage_Core_Model_Abstract $user)
     public function add(Mage_Core_Model_Abstract $user)
     {
         $dbh = $this->_getWriteAdapter();
-
         $aRoles = $this->hasAssigned2Role($user);
         if (count($aRoles)) {
             foreach ($aRoles as $idx => $data) {
-                $conditions = [
-                    'role_id = ?' => $data['role_id'],
-                ];
-
-                $dbh->delete($this->getTable('admin/role'), $conditions);
+                $dbh->delete(
+                    $this->getTable('admin/role'),
+                    ['role_id = ?' => $data['role_id']]
+                );
             }
         }
 
         if ($user->getId() > 0) {
             $role = Mage::getModel('admin/role')->load($user->getRoleId());
         } else {
-            $role = new Varien_Object();
-            $role->setTreeLevel(0);
+            $role = new Varien_Object(['tree_level' => 0]);
         }
 
         $data = new Varien_Object([
             'parent_id'  => $user->getRoleId(),
-            'tree_level' => ($role->getTreeLevel() + 1),
+            'tree_level' => $role->getTreeLevel() + 1,
             'sort_order' => 0,
-            'role_type'  => 'U',
+            'role_type'  => Mage_Admin_Model_Acl::ROLE_TYPE_USER,
             'user_id'    => $user->getUserId(),
             'role_name'  => $user->getFirstname()
         ]);
 
         $insertData = $this->_prepareDataForTable($data, $this->getTable('admin/role'));
-
         $dbh->insert($this->getTable('admin/role'), $insertData);
 
+        if ($user->getId() > 0) {
+            // reload acl on next user http request
+            $this->saveReloadAclFlag($user, 1);
+        }
+
         return $this;
     }
 
@@ -412,7 +415,7 @@ public function roleUserExists(Mage_Core_Model_Abstract $user)
     public function userExists(Mage_Core_Model_Abstract $user)
     {
         $adapter = $this->_getReadAdapter();
-        $select = $adapter->select();
+        $select  = $adapter->select();
 
         $binds = [
             'username' => $user->getUsername(),
@@ -462,6 +465,13 @@ public function saveReloadAclFlag($object, $flag)
                 ['reload_acl_flag' => $flag],
                 ['user_id = ?' => (int) $object->getId()]
             );
+            if ($flag) {
+                // refresh cache menu
+                Mage::app()->getCache()->clean(
+                    Zend_Cache::CLEANING_MODE_MATCHING_TAG,
+                    [Mage_Adminhtml_Block_Page_Menu::CACHE_TAGS]
+                );
+            }
         }
 
         return $this;

diff --git a/app/code/core/Mage/Adminhtml/controllers/Permissions/RoleController.php b/app/code/core/Mage/Adminhtml/controllers/Permissions/RoleController.php
@@ -83,7 +83,6 @@ protected function _initRole($requestVariable = 'rid')
 
     /**
      * Show grid with roles existing in systems
-     *
      */
     public function indexAction()
     {
@@ -92,13 +91,11 @@ public function indexAction()
              ->_title($this->__('Roles'));
 
         $this->_initAction();
-
         $this->renderLayout();
     }
 
     /**
      * Action for ajax request from grid
-     *
      */
     public function roleGridAction()
     {
@@ -108,7 +105,6 @@ public function roleGridAction()
 
     /**
      * Edit role action
-     *
      */
     public function editRoleAction()
     {
@@ -143,7 +139,6 @@ public function editRoleAction()
 
     /**
      * Remove role action
-     *
      */
     public function deleteAction()
     {
@@ -177,9 +172,9 @@ public function deleteAction()
 
         try {
             $role->delete();
-
             Mage::getSingleton('adminhtml/session')->addSuccess($this->__('The role has been deleted.'));
         } catch (Exception $e) {
+            Mage::logException($e);
             Mage::getSingleton('adminhtml/session')->addError($this->__('An error occurred while deleting this role.'));
         }
 
@@ -188,7 +183,6 @@ public function deleteAction()
 
     /**
      * Role form submit action to save or create new role
-     *
      */
     public function saveRoleAction()
     {
@@ -243,29 +237,27 @@ public function saveRoleAction()
                 ->setResources($resource)
                 ->saveRel();
 
-            foreach($oldRoleUsers as $oUid) {
+            foreach ($oldRoleUsers as $oUid) {
                 $this->_deleteUserFromRole($oUid, $role->getId());
             }
 
             foreach ($roleUsers as $nRuid) {
                 $this->_addUserToRole($nRuid, $role->getId());
             }
 
-            $rid = $role->getId();
             Mage::getSingleton('adminhtml/session')->addSuccess($this->__('The role has been successfully saved.'));
         } catch (Mage_Core_Exception $e) {
             Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
         } catch (Exception $e) {
+            Mage::logException($e);
             Mage::getSingleton('adminhtml/session')->addError($this->__('An error occurred while saving this role.'));
         }
 
-        //$this->getResponse()->setRedirect($this->getUrl("*/*/editrole/rid/$rid"));
         $this->_redirect('*/*/');
     }
 
     /**
      * Action for ajax request from assigned users grid
-     *
      */
     public function editrolegridAction()
     {
@@ -307,7 +299,7 @@ protected function _addUserToRole($userId, $roleId)
         $user = Mage::getModel('admin/user')->load($userId);
         $user->setRoleId($roleId)->setUserId($userId);
 
-        if( $user->roleUserExists() === true ) {
+        if ($user->roleUserExists() === true) {
             return false;
         } else {
             $user->add();
@@ -344,6 +336,11 @@ public function refreshRolesAction()
                     ->saveRel();
             }
 
+            $users = Mage::getResourceModel('admin/user_collection');
+            foreach ($users as $user) {
+                $user->getResource()->saveReloadAclFlag($user, 1);
+            }
+
             Mage::getSingleton('adminhtml/session')->addSuccess($this->__('The roles have been refreshed.'));
         } catch (Mage_Core_Exception $e) {
             Mage::getSingleton('adminhtml/session')->addError($e->getMessage());

diff --git a/app/code/core/Mage/Adminhtml/controllers/Permissions/UserController.php b/app/code/core/Mage/Adminhtml/controllers/Permissions/UserController.php
@@ -162,17 +162,12 @@ public function saveAction()
                 if (Mage::getStoreConfigFlag('admin/security/crate_admin_user_notification') && $isNew) {
                     Mage::getModel('admin/user')->sendAdminNotification($model);
                 }
-                if ( $uRoles = $this->getRequest()->getParam('roles', false) ) {
-                    if (count($uRoles) === 1) {
-                        $model->setRoleIds($uRoles)
+                if ($uRoles = $this->getRequest()->getParam('roles', false)) {
+                    if (is_array($uRoles) && (count($uRoles) >= 1)) {
+                        // with fix for previous multi-roles logic
+                        $model->setRoleIds(array_slice($uRoles, 0, 1))
                             ->setRoleUserId($model->getUserId())
                             ->saveRelations();
-                    } else if (count($uRoles) > 1) {
-                        //@FIXME: stupid fix of previous multi-roles logic.
-                        //@TODO:  make proper DB upgrade in the future revisions.
-                        $rs = [];
-                        $rs[0] = $uRoles[0];
-                        $model->setRoleIds( $rs )->setRoleUserId( $model->getUserId() )->saveRelations();
                     }
                 }
                 Mage::getSingleton('adminhtml/session')->addSuccess($this->__('The user has been saved.'));
@@ -209,7 +204,7 @@ public function deleteAction()
         $currentUser = Mage::getSingleton('admin/session')->getUser();
 
         if ($id = $this->getRequest()->getParam('user_id')) {
-            if ( $currentUser->getId() == $id ) {
+            if ($currentUser->getId() == $id) {
                 Mage::getSingleton('adminhtml/session')->addError($this->__('You cannot delete your own account.'));
                 $this->_redirect('*/*/edit', ['user_id' => $id]);
                 return;