-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathaccess_control.inc
71 lines (61 loc) · 2.97 KB
/
access_control.inc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<?php
/**
* @copyright 2014-2023 City of Bloomington, Indiana
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE
*/
use Laminas\Permissions\Acl\Acl;
use Laminas\Permissions\Acl\Role\GenericRole as Role;
use Laminas\Permissions\Acl\Resource\GenericResource as Resource;
use Web\Auth\CommitteeAssociation;
use Web\Auth\DepartmentAssociation;
$requiresCommitteeAssociation = new CommitteeAssociation();
$requiresDepartmentAssociation = new DepartmentAssociation();
$ACL = new Acl();
$ACL->addRole(new Role('Anonymous'))
->addRole(new Role('Public'), 'Anonymous')
->addRole(new Role('Appointer'), 'Public')
->addRole(new Role('Clerk'), 'Public')
->addRole(new Role('Liaison'), ['Appointer', 'Clerk'])
->addRole(new Role('Staff'))
->addRole(new Role('Administrator'));
/**
* Create resources for all the routes
*/
foreach ($ROUTES->getMap()->getRoutes() as $r) {
list($resource, $permission) = explode('.', $r->name);
if (!$ACL->hasResource($resource)) {
$ACL->addResource(new Resource($resource));
}
}
/**
* Assign permissions to the resources
*/
// Permissions for unauthenticated browsing
$ACL->allow(null, 'home', 'index');
$ACL->allow(null, 'people', 'parameters');
$ACL->allow(null, 'legislationTypes', 'index');
$ACL->allow(null, 'committees', ['index','info', 'members', 'seats', 'report', 'meetings']);
$ACL->allow(null, 'seats', ['index','view', 'vacancies']);
$ACL->allow(null, 'applicants', 'apply');
$ACL->allow(null, ['callback', 'login']);
$ACL->allow(null, ['people', 'legislation', 'liaisons'], ['index', 'view', 'years']);
$ACL->allow(null, ['meetingFiles', 'legislationFiles', 'reports'], ['index', 'download', 'years']);
$ACL->allow('Appointer', 'committees', 'applications', $requiresDepartmentAssociation);
$ACL->allow('Appointer', 'applicantFiles', 'download', $requiresDepartmentAssociation);
$ACL->allow('Appointer', 'applicants', 'view', $requiresDepartmentAssociation);
$ACL->allow('Appointer', 'applications', 'report', $requiresDepartmentAssociation);
$ACL->allow('Appointer', 'people', 'viewContactInfo');
$ACL->allow('Staff');
$ACL->deny ('Staff', 'users', ['update', 'delete']);
$ACL->allow('Clerk', 'people', 'viewContactInfo');
$ACL->allow('Clerk',
['meetingFiles', 'legislation', 'legislationFiles', 'legislationActions', 'reports'],
['update'],
$requiresDepartmentAssociation);
$ACL->allow('Liaison', 'committees', 'update', $requiresCommitteeAssociation);
$ACL->allow('Liaison', 'committeeStatutes', ['update', 'delete'], $requiresDepartmentAssociation);
$ACL->allow('Liaison', 'members', ['index', 'appoint', 'reappoint', 'resign', 'update'], $requiresCommitteeAssociation);
$ACL->allow('Liaison', 'offices', 'update', $requiresCommitteeAssociation);
$ACL->allow('Liaison', 'people', 'update');
// Administrator is allowed access to everything
$ACL->allow('Administrator');