rework permission creation

diff --git a/ipf/auth/app.php b/ipf/auth/app.php
index 96bebb6ce6c9c41b2016a1cce7428ac1c7471bca..55bd770f856fbf31c1c963070a30afbce394bdca 100644 (file)
--- a/ipf/auth/app.php
+++ b/ipf/auth/app.php
@@ -5,19 +5,10 @@ class IPF_Auth_App extends IPF_Application
     public function __construct()
     {
         parent::__construct(array(
-            'models' => self::ArePermissionsEnabled()
-                ? array(
+            'models' => array(
                     'User',
                     'Role',
-                    'Permission',
-                    'UserPermission',
-                    'RolePermission',
-                    'UserRole',
-                )
-                : array(
-                    'User',
-                ),
-        ));
+        )));
     }
 
     static function login($request, $user)
@@ -49,66 +40,55 @@ class IPF_Auth_App extends IPF_Application
         $project = IPF_Project::getInstance();
         $project->loadAllModels();
 
+        print "COLLECTED PERMS:\n----\n";
         $permissions = array();
         foreach ($project->appList() as $appname => $app) {
             foreach ($app->modelList() as $modelName) {
                 $adminModel = IPF_Admin_Model::getModelAdmin($modelName);
                 if ($adminModel) {
                     foreach ($adminModel->getPerms(null) as $permName) {
-                        $permissions[] = get_class($app).'|'.$modelName.'|'.$permName;
+                        $name = get_class($app).'|'.$modelName.'|'.$permName;
+                        $permissions[$name] = array($app, $modelName, $permName);
+                        print $name."\n";
                     }
                 }
             }
         }
+        print "\n";
 
-        print "COLLECTED PERMS:\n----\n".implode("\n", $permissions)."\n----\n";
+        print "EXISTING PERMS:\n----\n";
+        $existingPerms = array();
+        foreach ($permsTable->findAll() as $model) {
+            $existingPerms[$model->name] = $model;
+            print $model->name."\n";
+        }
+        print "\n";
 
-        if (count($permissions)) {
-            $existingPerms = array();
 
-            foreach ($permsTable->findAll() as $model)
-                $existingPerms[] = $model->name;
+        $toDel = array_diff(array_keys($existingPerms), array_keys($permissions));
 
-            print "EXISTING PERMS:\n----\n".implode("\n",$existingPerms)."\n----\n";
+        print "2DEL:\n----\n".implode("\n", $toDel)."\n----\n";
 
-            if (count($existingPerms)) {
-                $toDel = array_diff($existingPerms, $permissions);
+        if (count($toDel)) {
+            $permsTable->createQuery()
+                ->delete()
+                ->where("name in ('".implode("','", $toDel)."')")
+                ->execute();
+        }
 
-                print "2DEL:\n----\n".implode("\n",$toDel)."\n----\n";
 
-                if (count($toDel)) {
-                    $permsTable->createQuery()
-                        ->delete()
-                        ->where("name in ('".implode("','", $toDel)."')")
-                        ->execute();
-                }
+        $toAdd = array_diff(array_keys($permissions), array_keys($existingPerms));
 
-                $toAdd = array_diff($permissions, $existingPerms);
-            } else {
-                // first time
-                // *** FIX: previously, the following models haven't "onDelete: CASCADE" constrain ***
-                print "DROP RolePermission, UserRole, UserPermission\n";
-                $export = IPF_ORM_Manager::connection()->export;
-                $export->dropTable(IPF_ORM::getTable('RolePermission')->getTableName());
-                $export->dropTable(IPF_ORM::getTable('UserRole')->getTableName());
-                $export->dropTable(IPF_ORM::getTable('UserPermission')->getTableName());
-                $auth_app = new IPF_Auth_App();
-                IPF_ORM::createTablesFromModels($auth_app->modelList());
-
-                $toAdd = $permissions;
-            }
+        print "2ADD:\n----\n".implode("\n", $toAdd)."\n----\n";
 
-            print "2ADD:\n----\n".implode("\n",$toAdd)."\n----\n";
+        foreach ($toAdd as $name) {
+            $app = $permissions[$name][0];
+            $admin = IPF_Admin_Model::getModelAdmin($permissions[$name][1]);
 
-            foreach ($toAdd as $name) {
-                $model = new Permission();
-                $model->name = $name;
-                $model->save();
-            }
-        } else {
-            print "REMOVE ALL\n";
-
-            $permsTable->createQuery()->delete()->execute();   // no women, no cry...
+            $model = new Permission;
+            $model->name = $name;
+            $model->title = $app->getTitle().' | '.$admin->verbose_name().' | '.ucfirst($permissions[$name][2]);
+            $model->save();
         }
     }
 
@@ -172,16 +152,6 @@ class IPF_Auth_App extends IPF_Application
         return $permissions;
     }
 
-    static function GetHumanNameOfPermission($permissionName)
-    {
-        $parts   = explode('|', $permissionName);
-        $appName = $parts[0];
-        $app     = new $appName();
-        $admin   = IPF_Admin_Model::getModelAdmin($parts[1]);
-
-        return $app->getTitle().' | '.$admin->verbose_name().' | '.ucfirst($parts[2]);
-    }
-
     public function commands()
     {
         return array(

diff --git a/ipf/auth/models.yml b/ipf/auth/models.yml
index e13e4d1085ee297554608ced5654ebe0acc94f9c..1d1515c0e4516da7c85197ad3c3d01e0201debf9 100644 (file)
--- a/ipf/auth/models.yml
+++ b/ipf/auth/models.yml
@@ -71,6 +71,10 @@ Permission:
         name:
             unique: true 
             type: string(255)
+            notnull: true
+        title:
+            type: string(255)
+            notnull: true
     options:
         type: INNODB
         collate: utf8_unicode_ci

diff --git a/ipf/auth/models/Permission.php b/ipf/auth/models/Permission.php
index 78b2b0073cdab29c9797b0802ebfbeced85ab2ae..30943f238b7d485c4f92f344579c8b1fe19bf22a 100644 (file)
--- a/ipf/auth/models/Permission.php
+++ b/ipf/auth/models/Permission.php
@@ -4,7 +4,7 @@ class Permission extends BasePermission
 {
     public function __toString()
     {
-        return IPF_Auth_App::GetHumanNameOfPermission($this->name);
+        return $this->title;
     }
 }
 

diff --git a/ipf/auth/models/Role.php b/ipf/auth/models/Role.php
index 6621bd0f9722c90b8b1941728c26887d895fcfa3..42817838dcf0d168ad0b90434a6a76a1a4dd57d4 100644 (file)
--- a/ipf/auth/models/Role.php
+++ b/ipf/auth/models/Role.php
@@ -68,5 +68,6 @@ class AdminRole extends IPF_Admin_Model
     public function verbose_name() { return 'Group'; }
 }
 
-IPF_Admin_Model::register('Role', 'AdminRole');
+if (IPF_Auth_App::ArePermissionsEnabled())
+    IPF_Admin_Model::register('Role', 'AdminRole');
 

diff --git a/ipf/auth/models/_generated/BasePermission.php b/ipf/auth/models/_generated/BasePermission.php
index 62ab8c44416980b7b460042db3d382ad09f0f3b9..fdc6d184e817bf068ca68118d22335b94ff4a4be 100644 (file)
--- a/ipf/auth/models/_generated/BasePermission.php
+++ b/ipf/auth/models/_generated/BasePermission.php
@@ -11,7 +11,8 @@ abstract class BasePermission extends IPF_ORM_Record
   public static function setTableDefinition(IPF_ORM_Table $table)
   {
     $table->setTableName('auth_permission');
-    $table->setColumn('name', 'string', 255, array('unique' => true, 'type' => 'string', 'length' => '255'));
+    $table->setColumn('name', 'string', 255, array('unique' => true, 'type' => 'string', 'notnull' => true, 'length' => '255'));
+    $table->setColumn('title', 'string', 255, array('type' => 'string', 'notnull' => true, 'length' => '255'));
     $table->setOption('type', 'INNODB');
     $table->setOption('collate', 'utf8_unicode_ci');
     $table->setOption('charset', 'utf8');