| Method | Description | |
|---|---|---|
| createFullAccessAccountRole ( integer $accountId ) : Scalr\Acl\Role\AccountRoleObject | Creates full access account role | |
| createNoAccessAccountRole ( integer $accountId ) : Scalr\Acl\Role\AccountRoleObject | Creates No access account role | |
| deleteAccountRole ( string $accountRoleId, string $accountId ) : boolean | Deletes account role | |
| generateAccountRoleId ( ) : string | Gets auto-generated ID for account role usage. | |
| getAccountRole ( string $accountRoleId, integer $accountId = null ) : Scalr\Acl\Role\AccountRoleObject | Gets role of account level | |
| getAccountRoleByRow ( array $rec ) : Scalr\Acl\Role\AccountRoleObject | Gets Account role using record from acl_account_role | |
| getAccountRoleComputed ( string | Scalr\Acl\Role\AccountRoleObject $role ) : array | Gets account role computed object | |
| getAccountRoles ( integer $accountId ) : ArrayObject | Gets all account roles | |
| getAccountRolesComputed ( integer $accountId ) : array | Gets all account level roles | |
| getDb ( ) : ADODB_mysqli | Gets database instance | |
| getDisabledResources ( ) : array | Returns the list of the disabled resources for current installation | |
| getFullAccessAccountRole ( integer $accountId, boolean $createIfNotExist = false ) : Scalr\Acl\Role\AccountRoleObject | Gets full access account role | |
| getGroups ( ) : array | Gets all ACl groups | |
| getMissingRecords ( ) : string | Gets missing records for predefined global ACL roles: Full Access and Everything forbidden. | |
| getNoAccessAccountRole ( integer $accountId, boolean $createIfNotExist = false ) : Scalr\Acl\Role\AccountRoleObject | Gets no access account role | |
| getPermissionIdByMnemonic ( string $resourceMnemonic, string $permissionMnemonic, string $scope = null ) : string | Converts permission mnemonic to permissionId Method interprets $permissionMnemonic as PERM_$resourceMnemonic_$scope_$permissionMnemonic | |
| getResourceIdByMnemonic ( string $resourceMnemonic, string $scope = null ) : integer | Converts resource mnemonic to resourceId Method interprets $resourceMnemonic as RESOURCE_$resourceMnemonic_$scope, | |
| getResources ( $raw = false ) : ArrayObject | Gets all global predefined resources | |
| getResourcesMnemonic ( ) : array | Gets mnemonic names for all resources using constants | |
|
getRole ( integer $roleId ) : |
Gets role object for the specified ID | |
| getRoles ( ) : ArrayObject | Gets all global predefined roles | |
| getRolesComputed ( ) : array | Gets all base roles | |
| getUserRoleIdsByTeam ( integer | array $userId, integer | array $teamId, integer $accountId ) : array | Returns account_role_id identifiers for specified user and team | |
| getUserRoles ( $user ) : Scalr\Acl\Role\AccountRoleSuperposition | Gets account level roles superposition for the specified user | |
| getUserRolesByEnvironment ( Scalr_Account_User | integer $user, integer $envId, integer $accountId ) : Scalr\Acl\Role\AccountRoleSuperposition | Gets account roles superposition by specified ID of environment | |
| getUserRolesByTeam ( $user, integer $teamId, integer $accountId ) : Scalr\Acl\Role\AccountRoleSuperposition | Gets account roles superposition by specified ID of team | |
| getUsersHaveAccountRole ( string $accountRoleId, integer $accountId ) : array | Gets all users which belong to the specified account role. | |
|
hasAccessTo ( object $object, |
Check whether the user has either READ or WRITE access to the specified object | |
|
isUserAllowedByEnvironment ( Scalr_Account_User | |
Checks wheter access to ACL resource or unique permission is allowed. | |
| setAccountRole ( integer $accountId, integer $baseRoleId, string $name, integer $color, array $resources, string $accountRoleId = null ) : string | Saves account role to database | |
| setAllRolesForTeam ( integer $teamId, array $data = [], integer $accountId = null ) | Set all relations between all users of this team and ACL roles | |
| setAllRolesForUser ( integer $userId, array $data = [], integer $accountId = null ) | Sets ACL roles to this user | |
|
setDb ( ADODB_mysqli $db ) : |
Sets database instance to object | |
| setUserRoles ( integer $teamId, integer $userId, array $accountRoles, integer $accountId = null ) | Set roles for specified user for specified team. |
| Method | Description | |
|---|---|---|
|
loadRolePermissions ( |
Loads permissions into role object |
| public createFullAccessAccountRole ( integer $accountId ) : Scalr\Acl\Role\AccountRoleObject | ||
| $accountId | integer | The identifier of the client's account |
| return | Scalr\Acl\Role\AccountRoleObject | Returns AccountRoleObject |
| public createNoAccessAccountRole ( integer $accountId ) : Scalr\Acl\Role\AccountRoleObject | ||
| $accountId | integer | The identifier of the client's account |
| return | Scalr\Acl\Role\AccountRoleObject | Returns AccountRoleObject |
| public static generateAccountRoleId ( ) : string | ||
| return | string | Returns 20 characters length unique string |
| public getAccountRole ( string $accountRoleId, integer $accountId = null ) : Scalr\Acl\Role\AccountRoleObject | ||
| $accountRoleId | string | The ID of the account role |
| $accountId | integer | optional Restricts result by identifier of the account |
| return | Scalr\Acl\Role\AccountRoleObject | Returns AccountRoleObject for the specified ID of account role. It returns null if object does not exist. |
| public getAccountRoleByRow ( array $rec ) : Scalr\Acl\Role\AccountRoleObject | ||
| $rec | array | Record from acl_account_role |
| return | Scalr\Acl\Role\AccountRoleObject | Returns AccountRoleObject for the specified ID of account role. It returns null if object does not exist. |
| public getAccountRoleComputed ( string | Scalr\Acl\Role\AccountRoleObject $role ) : array | ||
| $role | string | Scalr\Acl\Role\AccountRoleObject | The Id of the account role or object that represetns account role |
| return | array | Returns account role with all resources |
| public getAccountRoles ( integer $accountId ) : ArrayObject | ||
| $accountId | integer | The ID of the account |
| return | ArrayObject | Returns all account roles for the specified account. |
| public getAccountRolesComputed ( integer $accountId ) : array | ||
| $accountId | integer | The ID of the account |
| return | array | Returns all account level roles |
| public static getDisabledResources ( ) : array | ||
| return | array | Returns array of the disabled ACL resources |
| public getFullAccessAccountRole ( integer $accountId, boolean $createIfNotExist = false ) : Scalr\Acl\Role\AccountRoleObject | ||
| $accountId | integer | The identifier of the client's account |
| $createIfNotExist | boolean | optional If true it will create full access role when it does not exist. |
| return | Scalr\Acl\Role\AccountRoleObject | Returns AccountRoleObject |
| public getMissingRecords ( ) : string | ||
| return | string | Returns sql script output that adds missing records |
| public getNoAccessAccountRole ( integer $accountId, boolean $createIfNotExist = false ) : Scalr\Acl\Role\AccountRoleObject | ||
| $accountId | integer | The identifier of the client's account |
| $createIfNotExist | boolean | optional If true it will create no access role when it does not exist. |
| return | Scalr\Acl\Role\AccountRoleObject | Returns AccountRoleObject |
| public static getResources ( $raw = false ) : ArrayObject | ||
| return | ArrayObject | Returns the list of all global predefined resources |
| public static getResourcesMnemonic ( ) : array | ||
| return | array | Returns all resources looks like array(resourceId => mnemonicIndex) |
| public getRoles ( ) : ArrayObject | ||
| return | ArrayObject | Returns all global predefined roles |
| public getRolesComputed ( ) : array | ||
| return | array | Returns array of all base roles |
| public getUserRoles ( $user ) : Scalr\Acl\Role\AccountRoleSuperposition | ||
| return | Scalr\Acl\Role\AccountRoleSuperposition | Returns the list of the account level roles |
| public getUserRolesByEnvironment ( Scalr_Account_User | integer $user, integer $envId, integer $accountId ) : Scalr\Acl\Role\AccountRoleSuperposition | ||
| $user | Scalr_Account_User | integer | The user's object or ID of the user |
| $envId | integer | The ID of the client's environment |
| $accountId | integer | The ID of the client's account |
| return | Scalr\Acl\Role\AccountRoleSuperposition | Returns the list of the roles of account level by specified environment |
| public getUserRolesByTeam ( $user, integer $teamId, integer $accountId ) : Scalr\Acl\Role\AccountRoleSuperposition | ||
| $teamId | integer | The ID of the team |
| $accountId | integer | The ID of the client's account |
| return | Scalr\Acl\Role\AccountRoleSuperposition | Returns the list of the roles of account level by specified team |
| public getUsersHaveAccountRole ( string $accountRoleId, integer $accountId ) : array | ||
| $accountRoleId | string | The identifier of the role of account level. |
| $accountId | integer | The identifier of the account |
| return | array | Returns users array looks like array(userid => array( 'id' => identifier of the user, 'name' => full name, 'type' => user type, 'email' => user email, 'status'=> status, 'teams' => array(teamId => team name), )) |
|
public hasAccessTo ( object $object, |
||
| $object | object | The object to check |
| $user | Either the User Entity or its identifier | |
| $enviroment | optional Either the Environment Entity or its identifier | |
| $modify | boolean | optional Whether it should check MODIFY permission. By default it checks READ permission. |
| return | boolean | Returns TRUE if the user has access to the specified object |
|
public isUserAllowedByEnvironment ( Scalr_Account_User | |
||
| $user | Scalr_Account_User | |
The user |
| $environment | Scalr_Environment | |
The client's environment |
| $resourceId | integer | The ID of the ACL resource or its symbolic name without "RESOURCE_" prefix. |
| $permissionId | string | optional The ID of the uniqure permission which is related to specified resource. |
| return | boolean | Returns TRUE if access is allowed |
|
protected loadRolePermissions ( |
||
| $role | A role object | |
| public setAccountRole ( integer $accountId, integer $baseRoleId, string $name, integer $color, array $resources, string $accountRoleId = null ) : string | ||
| $accountId | integer | The ID of the account. |
| $baseRoleId | integer | The ID of the base role. |
| $name | string | The name of the account role. |
| $color | integer | The color specified as integer value |
| $resources | array | Array of the resources which looks like array( resource_id => array( 'granted' => [0|1], #is granted 'permissions' => array( permissionId => [0|1], #is granted ), mode => valueId | null, # identifier of the Resource Mode value ); |
| $accountRoleId | string | optional The ID of the ACL role of account level. NULL if the new role. |
| return | string | Returns the ID of the created or modified account role on success |
| public setAllRolesForUser ( integer $userId, array $data = [], integer $accountId = null ) | ||
| $userId | integer | The ID of the user |
| $data | array | ACL roles array which looks like array(teamId => array(accountRoleId1, accountRoleId2, ...)) |
| $accountId | integer | optional The ID of the account. Restricts queries to the specified account. |
|
public setDb ( ADODB_mysqli $db ) : |
||
| $db | ADODB_mysqli | The Database instance |
| return | ||
| public setUserRoles ( integer $teamId, integer $userId, array $accountRoles, integer $accountId = null ) | ||
| $teamId | integer | The identifier of the team |
| $userId | integer | The identifier of the user |
| $accountRoles | array | The list of the identifiers of the roles of account level |
| $accountId | integer | optional The identifier of the account |