1C-Bitrix 25.700.0
Загрузка...
Поиск...
Не найдено
permission.php
См. документацию.
1<?php
2
3namespace Bitrix\Sender\Security\Role;
4
5use Bitrix\Main\ArgumentException;
6use Bitrix\Main\Localization\Loc;
7use Bitrix\Sender\Internals\Model;
8use Bitrix\Sender\Security\User;
9
10Loc::loadMessages(__FILE__);
11
12class Permission
13{
14 const ENTITY_AD = 'AD';
15 const ENTITY_RC = 'RC';
16 const ENTITY_LETTER = 'LETTER';
17 const ENTITY_SEGMENT = 'SEGMENT';
18 const ENTITY_BLACKLIST = 'BLACKLIST';
19 const ENTITY_SETTINGS = 'SETTINGS';
20
21 const ACTION_VIEW = 'VIEW';
22 const ACTION_MODIFY = 'MODIFY';
23
24 const PERMISSION_NONE = '';
25 const PERMISSION_SELF = 'A';
26 const PERMISSION_DEPARTMENT = 'D';
27 const PERMISSION_ANY = 'X';
28
29 private static $cache = [];
30
31
41 /*
42 public function getPermission($entityCode, $actionCode)
43 {
44
45 $permissionMap = $this->getMap();
46 if(!isset($permissionMap[$entityCode][$actionCode]))
47 throw new ArgumentException('Unknown entity or action code');
48
49 return (isset($this->Permission[$entityCode][$actionCode]) ? $this->Permission[$entityCode][$actionCode] : self::PERMISSION_NONE);
50
51 }
52 */
53
64 public static function check(array $permissions, $entityCode, $actionCode, $minPerm = null)
65 {
66 $map = self::getMap();
67 if (!isset($map[$entityCode][$actionCode]))
68 {
69 throw new ArgumentException('Unknown entity or action code.');
70 }
71
72 if (!isset($permissions[$entityCode][$actionCode]))
73 {
74 return false;
75 }
76
77 $perm = $permissions[$entityCode][$actionCode];
78 $minPerm = $minPerm ?: self::PERMISSION_NONE;
79
80
81 if ($minPerm === self::PERMISSION_NONE)
82 {
83 return $perm > $minPerm;
84 } else
85 {
86 return $perm >= $minPerm;
87 }
88 }
89
97 public static function getByUserId($userId)
98 {
99 if (!isset(static::$cache[$userId]))
100 {
101 $user = User::get($userId);
102 if ($user->isPortalAdmin() || $user->isAdmin())
103 {
104 static::$cache[$userId] = self::getAdminPermissions();
105 return static::$cache[$userId];
106 }
107
108 //everybody else's permissions are defined by their role
109 $result = [];
110 $userAccessCodes = \CAccess::getUserCodesArray($user->getId());
111
112 if (!is_array($userAccessCodes) || count($userAccessCodes) === 0)
113 {
114 static::$cache[$userId] = [];
115 return static::$cache[$userId];
116 }
117
118 $list = Model\Role\PermissionTable::getList(array(
119 'filter' => array(
120 '=ROLE_ACCESS.ACCESS_CODE' => $userAccessCodes
121 )
122 ));
123
124 foreach ($list as $row)
125 {
126 if (!isset($result[$row['ENTITY']][$row['ACTION']])
127 || $result[$row['ENTITY']][$row['ACTION']] < $row['PERMISSION'])
128 {
129 $result[$row['ENTITY']][$row['ACTION']] = $row['PERMISSION'];
130 }
131 }
132
133 static::$cache[$userId] = $result;
134 }
135
136 return static::$cache[$userId];
137 }
138
144 public static function getMap()
145 {
146 return [
147 self::ENTITY_LETTER => [
148 self::ACTION_VIEW => [
149 self::PERMISSION_NONE,
150 self::PERMISSION_ANY
151 ],
152 self::ACTION_MODIFY => [
153 self::PERMISSION_NONE,
154 self::PERMISSION_ANY
155 ],
156 ],
157 self::ENTITY_AD => [
158 self::ACTION_VIEW => [
159 self::PERMISSION_NONE,
160 self::PERMISSION_ANY
161 ],
162 self::ACTION_MODIFY => [
163 self::PERMISSION_NONE,
164 self::PERMISSION_ANY
165 ],
166 ],
167 self::ENTITY_RC => [
168 self::ACTION_VIEW => [
169 self::PERMISSION_NONE,
170 self::PERMISSION_ANY
171 ],
172 self::ACTION_MODIFY => [
173 self::PERMISSION_NONE,
174 self::PERMISSION_ANY
175 ],
176 ],
177 self::ENTITY_SEGMENT => [
178 self::ACTION_VIEW => [
179 self::PERMISSION_NONE,
180 self::PERMISSION_ANY
181 ],
182 self::ACTION_MODIFY => [
183 self::PERMISSION_NONE,
184 self::PERMISSION_ANY
185 ],
186 ],
187 self::ENTITY_BLACKLIST => [
188 self::ACTION_VIEW => [
189 self::PERMISSION_NONE,
190 self::PERMISSION_ANY
191 ],
192 self::ACTION_MODIFY => [
193 self::PERMISSION_NONE,
194 self::PERMISSION_ANY
195 ]
196 ],
197 self::ENTITY_SETTINGS => [
198 self::ACTION_MODIFY => [
199 self::PERMISSION_NONE,
200 self::PERMISSION_ANY
201 ]
202 ],
203 ];
204 }
205
212 public static function normalize(array $source)
213 {
214 $map = self::getMap();
215 $result = [];
216
217 foreach ($map as $entity => $actions)
218 {
219 foreach ($actions as $action => $permission)
220 {
221 if (isset($source[$entity][$action]))
222 {
223 $result[$entity][$action] = $source[$entity][$action];
224 } else
225 {
226 $result[$entity][$action] = self::PERMISSION_NONE;
227 }
228 }
229 }
230
231 return $result;
232 }
233
240 public static function getEntityName($entity)
241 {
242 return Loc::getMessage('SENDER_SECURITY_ROLE_ENTITY_' . $entity);
243 }
244
251 public static function getActionName($action)
252 {
253 return Loc::getMessage('SENDER_SECURITY_ROLE_ACTION_' . $action);
254 }
255
262 public static function getPermissionName($permission)
263 {
264 switch ($permission)
265 {
266 case self::PERMISSION_NONE:
267 $result = Loc::getMessage('SENDER_SECURITY_ROLE_PERMISSION_NONE');
268 break;
269 case self::PERMISSION_SELF:
270 $result = Loc::getMessage('SENDER_SECURITY_ROLE_PERMISSION_SELF');
271 break;
272 case self::PERMISSION_DEPARTMENT:
273 $result = Loc::getMessage('SENDER_SECURITY_ROLE_PERMISSION_DEPARTMENT');
274 break;
275 case self::PERMISSION_ANY:
276 $result = Loc::getMessage('SENDER_SECURITY_ROLE_PERMISSION_ANY');
277 break;
278 default:
279 $result = '';
280 break;
281 }
282 return $result;
283 }
284
290 protected static function getAdminPermissions()
291 {
292 $result = array();
293 $permissionMap = self::getMap();
294
295 foreach ($permissionMap as $entity => $actions)
296 {
297 foreach ($actions as $action => $permissions)
298 {
299 foreach ($permissions as $permission)
300 {
301 if (!isset($result[$entity][$action]) || $result[$entity][$action] < $permission)
302 {
303 $result[$entity][$action] = $permission;
304 }
305 }
306 }
307 }
308
309 return $result;
310 }
311}
$userId
if(!is_object($USER)||! $USER->IsAuthorized()) $userId
Определения check_mail.php:18
Bitrix\Sender\Security\Role\Permission\check
static check(array $permissions, $entityCode, $actionCode, $minPerm=null)
Определения permission.php:64
Bitrix\Sender\Security\Role\Permission\normalize
static normalize(array $source)
Определения permission.php:212
Bitrix\Sender\Security\Role\Permission\getPermissionName
static getPermissionName($permission)
Определения permission.php:262
Bitrix\Sender\Security\Role\Permission\getByUserId
static getByUserId($userId)
Определения permission.php:97
Bitrix\Sender\Security\Role\Permission\getEntityName
static getEntityName($entity)
Определения permission.php:240
Bitrix\Sender\Security\Role\Permission\getActionName
static getActionName($action)
Определения permission.php:251
Bitrix\Sender\Security\Role\Permission\getAdminPermissions
static getAdminPermissions()
Определения permission.php:290
Bitrix\Sender\Security\User\get
static get($id)
Определения user.php:63
array
</td ></tr ></table ></td ></tr >< tr >< td class="bx-popup-label bx-width30"><?=GetMessage("PAGE_NEW_TAGS")?> array( $site)
Определения file_new.php:804
$perm
$perm
Определения options.php:169
$result
$result
Определения get_property_values.php:14
$entity
$entity
Определения group_bizproc_workflow_delete.php:17
$map
$map
Определения config.php:5
Bitrix\Main\$user
$user
Определения mysql_to_pgsql.php:33
count
</p ></td >< td valign=top style='border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0cm 2.0pt 0cm 2.0pt;height:9.0pt'>< p class=Normal align=center style='margin:0cm;margin-bottom:.0001pt;text-align:center;line-height:normal'>< a name=ТекстовоеПоле54 ></a ><?=($taxRate > count( $arTaxList) > 0) ? $taxRate."%"
Определения waybill.php:936
$action
$action
Определения file_dialog.php:21