From f2c2ec6bdf59d492ddf42de38985b8b5a5e2377e Mon Sep 17 00:00:00 2001 From: Mehmood Asghar Date: Tue, 26 Dec 2023 19:49:55 -0500 Subject: [PATCH] Add a check to ignore adding duplicate ACL resources --- application/libraries/Acl_manager.php | 129 +++----------------------- 1 file changed, 11 insertions(+), 118 deletions(-) diff --git a/application/libraries/Acl_manager.php b/application/libraries/Acl_manager.php index 7e5ec39e..df8bcb92 100644 --- a/application/libraries/Acl_manager.php +++ b/application/libraries/Acl_manager.php @@ -351,6 +351,11 @@ function has_access($resource,$privilege, $user=null, $repositoryid=null) //check roles has access to resource foreach($permissions as $perm){ + + if ($acl->hasResource($perm['resource'])){ + continue; + } + $acl->addResource(new Resource($perm['resource'])); $acl->allow($perm['role_id'],$perm['resource'], $perm['permissions']); } @@ -358,6 +363,11 @@ function has_access($resource,$privilege, $user=null, $repositoryid=null) //resources by repository if(!empty($repositoryid)){ foreach($permissions as $perm){ + + if ($acl->hasResource($repositoryid.'-'.$perm['resource'])){ + continue; + } + $acl->addResource(new Resource($repositoryid.'-'.$perm['resource'])); $acl->allow($perm['role_id'],$repositoryid.'-'.$perm['resource'], $perm['permissions']); } @@ -397,121 +407,4 @@ function has_access($resource,$privilege, $user=null, $repositoryid=null) } } - - function role_has_access($roles) - { - $acl = new Acl(); - - $acl->addRole(new Role('user')) - ->addRole(new Role('admin')) - ->addRole(new Role('study_manager')) - ->addRole(new Role('lsms_collection_manager')) - ->addRole(new Role('lsms_collection_editor')) - ->addRole(new Role('lsms_collection_reviewer')) - ->addRole(new Role('findex_collection_manager')) - ->addRole(new Role('citation_manager')) - ->addRole(new Role('licensed_request_manager')); - - /* - $acl->addResource(new Resource('lsms_collection')); - $acl->addResource(new Resource('findex_collection')); - $acl->addResource(new Resource('study')); - */ - - - $acl->addResource(new Resource('study')); - - //afr and lsms inherit from study - $acl->addResource(new Resource('afr'), 'study'); - //$acl->addResource(new Resource('lsms'), 'study'); - - $acl->addResource(new Resource('lsms')); - - - //allow full control for admin - $acl->allow('admin',null, null); - - //can edit, import, but not publish, delete - $acl->allow('lsms_collection_editor', 'lsms', array('view','edit','import','resources.admin', 'uploads.admin')); - - //can only publish, delete nothing else - $acl->allow('lsms_collection_reviewer', 'lsms', array('unpublish','publish','view')); - - //everything - $acl->allow('lsms_collection_manager', 'lsms'); - - - //isAllowed(user_role, resource, rules, permissions) - echo $acl->isAllowed('admin', 'afr','publish') ? 'user is allowed afr '."
" : 'user is denied'; - } - - - //todo: remove everything below - - /** - * Return Repo object with basic info - repositoryid, title - **/ - /*function get_repo($id) - { - //get repo info - $this->ci->db->select("repositoryid,id,title"); - $this->ci->db->where("id",$id); - $query=$this->ci->db->get("repositories"); - - if (!$query){ - return FALSE; - } - - $result=$query->row_array(); - - if ($result){ - return (object)$result; - } - return FALSE; - }*/ - - - - - - /** - * - * Return user groups - **/ - /*function get_user_groups($user_id) - { - return $this->ci->ion_auth->get_groups_by_user($user_id); - }*/ - - - /** - * - * Check if user has UNLIMITED access - **/ - /*function user_has_unlimited_access($user_id=NULL) - { - if($user_id==NULL) - { - $user=$this->current_user(); - $user_id=$user->id; - } - - - $groups=$this->get_user_groups($user_id); - - if (!$groups) - { - return FALSE; - } - - return $this->has_unlimited_access($groups); - } - - function has_unlimited_access($groups){ - return true; - }*/ - - - -} - +} \ No newline at end of file