WebSVN – LeadersLinked - Backend – Diff – /module/LeadersLinked/src/Module.php

 use Laminas\ModuleManager\ModuleEvent;
 use Laminas\ModuleManager\ModuleManager;
 use Laminas\Mvc\MvcEvent;
 use Laminas\Config\Reader\Ini;
 use Laminas\Permissions\Acl\Acl;
+use LeadersLinked\Plugin\CurrentNetworkPlugin;
 use LeadersLinked\Plugin\CurrentUserPlugin;
 use LeadersLinked\Model\Company;
 use LeadersLinked\Mapper\UserMapper;
 use Laminas\Permissions\Acl\Resource\GenericResource;
 use Laminas\Permissions\Acl\Role\GenericRole;
 use LeadersLinked\Mapper\CompanyUserMapper;
 use LeadersLinked\Mapper\CompanyUserRoleMapper;
 use LeadersLinked\Mapper\RoleMapper;
 use LeadersLinked\Mapper\CompanyServiceMapper;
+use LeadersLinked\Model\Network;
 use LeadersLinked\Model\Service;
 use LeadersLinked\Model\User;
 use LeadersLinked\Model\UserType;
 use LeadersLinked\Model\CompanyService;
 use LeadersLinked\Model\CompanyUser;
+use LeadersLinked\Mapper\CompanyMapper;
 class Module
+{
     /**
     /**
+     *
      * @var CurrentUserPlugin
      */
+    private $currentUserPlugin;
+    /**
+     *
+     * @var CurrentNetworkPlugin
+     */
+    private $currentNetworkPlugin;
     private $currentUser;
             'default'
             );
+        \Laminas\Validator\AbstractValidator::setDefaultTranslator($translator);
+        $this->currentNetworkPlugin = new CurrentNetworkPlugin($adapter);
+        if(!$this->currentNetworkPlugin->hasNetwork()) {
+            echo '2';
+            exit;
+            header("HTTP/1.1 401 Unauthorized - Private network - not found");
+            exit;
+        }
+        if($this->currentNetworkPlugin->getNetwork()->status == Network::STATUS_INACTIVE) {
+            echo '3';
+            exit;
+            header("HTTP/1.1 401 Unauthorized - Private network - inactive");
+            exit;
+        }
+        if(empty($_SERVER['REDIRECT_URL'])) {
+            if(empty($_SERVER['REQUEST_URI'])) {
+                $routeName = '';
+            } else {
+                $routeName = $_SERVER['REQUEST_URI'];
+            }
+        } else {
+            $routeName = $_SERVER['REDIRECT_URL'];
+        }
+        $routeName = strtolower(trim($routeName));
+        if(strlen($routeName) > 0 && substr($routeName, 0, 1) == '/') {
+            $routeName = substr($routeName, 1);
+        }
-        \Laminas\Validator\AbstractValidator::setDefaultTranslator($translator);
+        $this->isHtml = $this->isJson ? false : true;
+        $this->currentUserPlugin = new CurrentUserPlugin($adapter);
+        if($this->currentUserPlugin->hasIdentity()) {
+            if(in_array($routeName, ['signout', 'signin-admin', 'signin-company', 'home'])) {
+                $checkUserForNetwork = false;
+            } else {
+                $checkUserForNetwork = true;
+            }
+        } else {
+            $checkUserForNetwork = false;
+        }
+        if($checkUserForNetwork) {
+            if($this->currentUserPlugin->getUser()->network_id != $this->currentNetworkPlugin->getNetworkId()) {
+                header("HTTP/1.1 401 Unauthorized - The user is not part of this private network");
+                exit;
+            }
         $this->isHtml = $this->isJson ? false : true;
         $this->currentUser = new CurrentUserPlugin($adapter);
         $this->initAcl($event);
         $eventManager = $event->getApplication()->getEventManager();
+        }
         $rolesForUsertype = getAclRolesForUsertype();
         $rolesForUsertype = getAclUsertype();
+                    }
                 } else {
                     $companyUserRoleMapper = CompanyUserRoleMapper::getInstance($adapter);
                     $companyUserRoles = $companyUserRoleMapper->fetchAllByCompanyIdAndUserId($company->id, $user->id);
                     foreach($companyUserRoles as $companyUserRole)
+                    {
                          $role = $roleMapper->fetchOne($companyUserRole->role_id);
                          $role = $roleMapper->fetchOne($companyUserRole->role_id);
                          if($role) {
+                             if($role->service_id) {
                              if($role->service_id) {
-                             if(!in_array($role->service_id, $servicesActive)) {
+                                 if(!in_array($role->service_id, $servicesActive)) {
-                                continue;
+                                    continue;
-                             }
+                                 }
-                         }
+                             }
+                             if(isset($rolesForCompany[ $role->code ] )) {
+                                 foreach($rolesForCompany[ $role->code ] as $resourceName)
                          if(isset($roles[ $role->code ] )) {
-                             foreach($roles[ $role->code ] as $resourceName)
-                             {
+                                     if(!in_array($resourceName, $resources)) {
-                                 if(!in_array($resourceName, $resources)) {
-                                    array_push($resources, $resourceName);
+                                        array_push($resources, $resourceName);
+                                     }
+                                 }
+                {
                     // echo $resourceName . PHP_EOL;
                     $this->acl->allow($usertype, $resourceName);
+                }
+            }
+            if($this->currentUserPlugin->hasIdentity()) {
+                $user = $this->currentUserPlugin->getUser();
+                if($user->is_super_user == User::IS_SUPER_USER_YES) {
+                    $resources = getAclPermissionSuperAdmin();
+                    foreach ($resources as $resourceName)
+                    {
+                        $this->acl->allow(UserType::ADMIN, $resourceName);
+                    }
+                }
+            }
+            if($this->company == null) {
+                if($network->default == Network::DEFAULT_YES) {
+                    $resources = getAclPermissionAdminForDefaultNetwork();
+                    foreach ($resources as $resourceName)
+                    {
+                        $this->acl->allow(UserType::ADMIN, $resourceName);
+                    }
+                } else {
+                    $companyMapper = CompanyMapper::getInstance($adapter);
+                    $company = $companyMapper->fetchDefaultForNetworkByNetworkId($network->id);
+                    if($company) {
+                        $companyUserMapper = CompanyUserMapper::getInstance($this->adapter);
+                        $companyUser = $companyUserMapper->fetchCreatorByCompanyId($company->id);
+                        if($companyUser && $companyUser->user_id == $this->currentUserPlugin->getUserId()) {
+                            $resources = getAclPermissionAdminForNonDefaultNetwork();
+                            foreach ($resources as $resourceName)
+                            {
+                                $this->acl->allow(UserType::ADMIN, $resourceName);
+                            }
+                        }
+                    }
+                }
+            }
+        }
         $event->getViewModel()->setVariable('acl', $this->acl);
+    }
     public function authPreDispatch(MvcEvent $event)
+    {
         $serviceManager = $event->getApplication()->getServiceManager();
         $adapter = $serviceManager->get('leaders-linked-db');
-        $userTypeId = $this->currentUser->getUserTypeId();
+        $userTypeId = $this->currentUserPlugin->getUserTypeId();
             echo "userTypeId = $userTypeId routeName = $routeName";
             exit;
-            $this->currentUser->clearIdentity();
+            $this->currentUserPlugin->clearIdentity();

Proyectos de Subversion LeadersLinked - Backend

(root)/module/LeadersLinked/src/Module.php – Rev 15092 → 15343