update pi-engine

pi/engine/README.md

@@ -2,7 +2,7 @@ Pi Engine
 =================
 
 Pi Engine is a role oriented application development engine for web and mobile, designed as the next generation and a successor to Xoops.
-Pi is developed upon PHP and MySQL with selected third-party frameworks including but not limited to [Zend Framework 2](https://github.com/zendframework/zf2), jQuery, Bootstrap and Backbone.
+Pi is developed upon PHP and MySQL with selected third-party frameworks including but not limited to [Zend Framework 2](https://github.com/zendframework/zf2), jQuery, Bootstrap, Angular and Backbone.
 
 Pi Project follows the philosophy of open standard, open design, open development and open management. Pi is born as a complete open source project and intended to build a sustainable ecosystem that benefits all contributors and users. 
 

pi/engine/doc/PermissionManagementDesign.md

@@ -13,3 +13,51 @@
 采用这种方式避免了使用角色管理权限时需要单独赋予某用户某项权限时的不便，如果使用角色管理权限在这种情况下需要单独为此用户创建一个角色，现在只需要把用户加入有该权限的组中即可。同时，避免了因为使用组造成的管理不便。
 
 ![permissionModel3](https://raw.github.com/pi-asset/image/master/permission/permissionModel3.jpg)
+
+## Permission Management Design
+权限管理分为对角色、角色权限、用户角色的管理。角色属于各个网站，由各个网站分别管理。<br>
+对角色的管理在operation->system->Role下进行，对用户角色的分配在operationg->user/user client下进行，对权限的管理在setting->permission中。
+
+### Permission Management
+对权限的管理在setting->permission中进行，每个模块分别管理自己的权限。<br>
+权限按照模块划分，模块内分前后台权限。
+
+前台：<br>
+每个模块都有总入口，控制用户是否具有查看和管理两种权限，如果关闭，其他权限依然可以编辑，但是无法生效<br>
+各模块权限包括模块自己定义的、callback和区块权限
+
+后台：<br>
+后台权限包括operation和setting下的各项权限<br>
+其中operation下的权限每个模块分别控制，setting下的权限在system->site中统一控制
+
+可批量分配权限。
+
+### Role Management
+角色管理在operation->system->Role下进行。<br>
+系统默认有前台角色：Guest、Member、Webmaster，以及后台角色Administrator，这些默认角色都不能删除或禁用。
+- Guest角色不允许添加或删除用户，所有用户都不属于这个角色，该角色用于定义非站点会员的权限
+- Member为所有注册用户默认具有的角色，不能把用户从该组中移除
+- WebMaster和Administrator分别为前后台管理员。
+
+角色分前台角色和后台角色，一个用户可以具有多个角色，角色之间没有继承关系。
+
+功能
+- 添加角色 添加前台、后台角色
+- 删除角色 只能删除用户创建的角色，系统自带角色不能删除或修改，只能编辑其权限
+- 修改角色的title
+
+### User Management
+用户角色管理是由各个网站分别控制的，在operationg->user/user client下进行。<br>
+**注意：每个站点创建的角色只在该站点内有效**<br>
+
+**User**<br>
+功能
+- 基本信息查看
+- 过滤用户
+- 批量赋予、取消角色
+
+**Role**<br>
+功能
+- 查看站点内角色
+- 根据ID/Username/Displayname/Email往角色内添加用户
+- 从角色内移除用户

pi/engine/lib/Pi/Application/Installer/Resource/User.php

@@ -115,6 +115,29 @@
  *                  <...>,
  *              ),
  *          ),
+ *          <...>,
+ *
+ *          // Custom compound
+ *          <custom-field-key> => array(
+ *              // Field type, MUST be 'custom'
+ *              'type'          => 'custom',
+ *              // Field name, optional, will be set as <module>_<field-key>
+ *              // if not specified
+ *              'name'          => <specified_field_name>,
+ *              'title'         => __('Custom Compound'),
+ *
+ *              'field' => array(
+ *                  <field-key> => array(
+ *                      'title'         => __('Custom Field Item'),
+ *
+ *                      // Edit element specs
+ *                      'edit'          => 'text',
+ *                      // Filter for value processing for output
+ *                      'filter'        => <output-filter>
+ *                  ),
+ *                  <...>,
+ *              ),
+ *          ),
  *      ),
  *
  *      // Timeline
@@ -192,27 +215,25 @@ protected function canonize($config)
             if (isset($profile['compound_field'])) {
                 $result['compound_field'] = $profile['compound_field'];
             }
-            /*
-            foreach ($config['field'] as $key => &$spec) {
-                $spec = $this->canonizeField($spec);
-            }
-            */
         }
 
         foreach (array('timeline', 'activity', 'quicklink') as $op) {
             if (isset($config[$op])) {
                 foreach ($config[$op] as $key => $spec) {
                     // Canonize field name
-                    $name = !empty($spec['name'])
-                        ? $spec['name']
-                        : $module . '_' . $key;
+                    if (!empty($spec['name'])) {
+                        $name = $spec['name'];
+                    } else {
+                        $name = $module . '_' . $key;
+                        $spec['name'] = $name;
+                    }
                     if (!isset($spec['active'])) {
                         $spec['active'] = 1;
                     }
-                    $result[$op][$name] = array_merge($spec, array(
-                        'name'      => $name,
-                        'module'    => $module,
-                    ));
+                    if (!isset($spec['module'])) {
+                        $spec['module'] = $module;
+                    }
+                    $result[$op][$name] = $spec;
                 }
             }
         }
@@ -265,7 +286,6 @@ public function canonizeProfile(array $config)
         return $profile;
     }
 
-
     /**
      * Canonize a profile field specs
      *
@@ -291,15 +311,14 @@ public function canonizeProfile(array $config)
      */
     protected function canonizeField($spec)
     {
-        if (isset($spec['field'])) {
-            $spec['type'] = 'compound';
-        }
-        if (!isset($spec['type'])
-            || ('user' != $this->getModule() && 'compound' != $spec['type'])
-        ) {
-            $spec['type'] = 'profile';
+        if (!isset($spec['type'])) {
+            if (isset($spec['field'])) {
+                $spec['type'] = 'compound';
+            } else {
+                $spec['type'] = 'profile';
+            }
         }
-        if ('compound' == $spec['type']) {
+        if ('compound' == $spec['type'] || 'custom' == $spec['type']) {
             $spec['is_edit'] = 0;
             $spec['is_display'] = 0;
             $spec['is_search'] = 0;
@@ -409,7 +428,7 @@ public function installAction()
         if (empty($this->config)) {
             return;
         }
-        Pi::registry('profile', 'user')->clear();
+        Pi::registry('profile_field', 'user')->clear();
 
         $profileFields = array();
         $config = $this->canonize($this->config);
@@ -456,7 +475,7 @@ public function updateAction()
             return;
         }
         $module = $this->getModule();
-        Pi::registry('profile', 'user')->clear();
+        Pi::registry('profile_field', 'user')->clear();
 
         if ($this->skipUpgrade()) {
             return;
@@ -576,7 +595,7 @@ public function uninstallAction()
         if (!$this->isActive() || 'user' == $module) {
             return;
         }
-        Pi::registry('profile', 'user')->clear();
+        Pi::registry('profile_field', 'user')->clear();
 
         $model = Pi::model('field', 'user');
         $fields = array();
@@ -629,7 +648,7 @@ public function activateAction()
             return;
         }
         $module = $this->getModule();
-        Pi::registry('profile', 'user')->clear();
+        Pi::registry('profile_field', 'user')->clear();
 
         foreach (array('field', 'timeline', 'activity', 'quicklink')
             as $op
@@ -650,7 +669,7 @@ public function deactivateAction()
             return;
         }
         $module = $this->getModule();
-        Pi::registry('profile', 'user')->clear();
+        Pi::registry('profile_field', 'user')->clear();
 
         foreach (array('field', 'timeline', 'activity', 'quicklink')
             as $op
@@ -671,8 +690,9 @@ public function deactivateAction()
      */
     protected function addFields(array $fields)
     {
-        $meta = Pi::registry('profile', 'user')->read('account');
+        //$meta = Pi::registry('profile_field', 'user')->read('account');
         $table = Pi::model('profile', 'user')->getTable();
+        $meta = Pi::db()->metadata()->getColumns($table);
         $pattern = 'ALTER TABLE ' . $table . ' ADD `%s` text';
         foreach ($fields as $field) {
             if (isset($meta[$field])) {
@@ -704,8 +724,9 @@ protected function addFields(array $fields)
      */
     protected function dropFields(array $fields)
     {
-        $meta = Pi::registry('profile', 'user')->read('profile');
+        //$meta = Pi::registry('profile_field', 'user')->read('profile');
         $table = Pi::model('profile', 'user')->getTable();
+        $meta = Pi::db()->metadata()->getColumns($table);
         $pattern = 'ALTER TABLE ' . $table . ' DROP `%s`';
         foreach ($fields as $field) {
             if (!isset($meta[$field])) {

pi/engine/lib/Pi/Application/Registry/Navigation.php

@@ -11,7 +11,6 @@
 namespace Pi\Application\Registry;
 
 use Pi;
-//use Pi\Acl\Acl as AclManager;
 
 /**
  * Navigation list
@@ -26,6 +25,9 @@ class Navigation extends AbstractRegistry
     /** @var string Section */
     protected $section = 'front';
 
+    /** @var bool Check access permission to pages */
+    protected $checkPermission = true;
+
     /**
      * Columns for URI pages
      *
@@ -186,7 +188,19 @@ public function read(
         $locale = ''
     ) {
         //$this->cache = false;
-        $role = $this->canonizeRole($role);
+        if (null === $role) {
+            if (Pi::service('permission')->isAdmin()) {
+                $role = 'admin';
+            }
+        } elseif (Pi::service('permission')->isAdminRole($role)) {
+            $role = 'admin';
+        }
+        if ('admin' === $role) {
+            $this->checkPermission = false;
+        } else {
+            $this->checkPermission = true;
+            $role = $this->canonizeRole($role);
+        }
         $options = compact('name', 'module', 'section', 'role', 'locale');
         $data = $this->loadData($options);
 
@@ -560,7 +574,8 @@ protected function translatePage(&$page, &$parent, $pKey, $isTop = false)
      */
     public function isAllowed($page)
     {
-        if (!empty($page['resource'])
+        if ($this->checkPermission
+            && !empty($page['resource'])
             && !empty($page['resource']['resource'])
         ) {
             $params = $page['resource'];

pi/engine/lib/Pi/Application/Service/Module.php

@@ -175,6 +175,7 @@ public function isActive($module)
      *
      * @param string $key
      * @param string $module
+     *
      * @return array
      */
     public function config($key = null, $module = null)
@@ -184,6 +185,7 @@ public function config($key = null, $module = null)
             $this->container['config'][$module] =
                 Pi::registry('config')->read($module);
         }
+
         return $key
             ? $this->container['config'][$module][$key]
             : $this->container['config'][$module];

pi/engine/lib/Pi/Application/Service/Permission.php

@@ -421,7 +421,7 @@ public function isAdminRole($role, $module = '')
     public function isAdmin($module = '', $uid = null, $section = '')
     {
         $result = false;
-        $uid = null !== $uid ? (int) $uid : Pi::user()->getIdentity();
+        $uid = null !== $uid ? (int) $uid : Pi::user()->getId();
         if ($this->isRoot($uid)) {
             return true;
         }
@@ -466,7 +466,7 @@ public function canonizeRole($roleOrUid)
     {
         // uid
         if (null === $roleOrUid) {
-            $roleOrUid = (int) Pi::user()->getIdentity();
+            $roleOrUid = Pi::user()->getId();
         }
         // uid => roles
         if (is_numeric($roleOrUid)) {

pi/engine/lib/Pi/Application/Service/Remote.php

@@ -202,18 +202,59 @@ protected function canonizeHeaders($headers = array())
         if (!isset($headers['User-Agent'])) {
             $headers['User-Agent'] = 'Pi Engine cURL';
         }
-        if (!array_key_exists('Authorization', $headers)) {
-            if ($this->getOption('username') && $this->getOption('password')) {
-                $httpauth = $this->getOption('httpauth') ?: 'basic';
-                $headers['Authorization'] = ucfirst($httpauth) . ' '
-                    . base64_encode($this->getOption('username') . ':'
-                    . $this->getOption('password'));
+        if (!array_key_exists('Authorization', $headers)
+            && ($auth = $this->getOption('authorization'))
+        ) {
+            $authHeader = $this->buildAuthorization($auth);
+            if ($authHeader) {
+                $headers['Authorization'] = $authHeader;
             }
         }
 
         return $headers;
     }
 
+    /**
+     * Set options for authorization
+     *
+     * @param array|null $params
+     *
+     * @return $this
+     */
+    public function setAuthorization($params)
+    {
+        $params = $params ? : array();
+        foreach (array('httpauth', 'username', 'password') as $key) {
+            if (array_key_exists($key, $params)) {
+                $this->options[$key] = $params[$key];
+            }
+        }
+
+        return $this;
+    }
+
+    /**
+     * Build authorization header
+     *
+     * @param array|null $params
+     *
+     * @return string
+     */
+    public function buildAuthorization($params)
+    {
+        $params = $params ? : array();
+        $authorization = '';
+        if (!empty($params['username']) && !empty($params['password'])) {
+            $httpauth = !empty($params['httpauth'])
+                ? ucfirst($params['httpauth']) : 'basic';
+            $authorization = ucfirst($httpauth) . ' ' . base64_encode(
+                $params['username'] . ':' . $params['password']
+            );
+        }
+
+        return $authorization;
+    }
+
     /**
      * Perform a GET request
      *
@@ -236,7 +277,7 @@ public function get(
         $cache = array();
         if (false !== $options) {
             $cacheOption = $this->getOption('cache');
-            if (false !== $cacheOption) {
+            if (false !== $cacheOption && 'production' == Pi::environment()) {
                 if (is_string($cacheOption)) {
                     $cache['storage'] = $cacheOption;
                 } elseif (is_int($cacheOption)) {
@@ -296,6 +337,13 @@ public function get(
         $this->adapter()->connect($host, $port);
 
         if ($params) {
+            // FIXME: Convert sub arrays to string
+            array_walk($params, function (&$param) {
+                if (is_array($param)) {
+                    $param = implode(',', $param);
+                }
+            });
+
             $uri->setQuery($params);
         }