PHP Class Scalr\Acl\Acl

Since: 30.07.2013

Author: Vitaliy Demidov ([email protected])

Show file Open project: scalr/scalr Class Usage Examples

Public Methods

Method	Description
createFullAccessAccountRole ( integer $accountId ) : Scalr\Acl\Role\AccountRoleObject	Creates full access account role
createNoAccessAccountRole ( integer $accountId ) : Scalr\Acl\Role\AccountRoleObject	Creates No access account role
deleteAccountRole ( string $accountRoleId, string $accountId ) : boolean	Deletes account role
generateAccountRoleId ( ) : string	Gets auto-generated ID for account role usage.
getAccountRole ( string $accountRoleId, integer $accountId = null ) : Scalr\Acl\Role\AccountRoleObject	Gets role of account level
getAccountRoleByRow ( array $rec ) : Scalr\Acl\Role\AccountRoleObject	Gets Account role using record from acl_account_role
getAccountRoleComputed ( string \| Scalr\Acl\Role\AccountRoleObject $role ) : array	Gets account role computed object
getAccountRoles ( integer $accountId ) : ArrayObject	Gets all account roles
getAccountRolesComputed ( integer $accountId ) : array	Gets all account level roles
getDb ( ) : ADODB_mysqli	Gets database instance
getDisabledResources ( ) : array	Returns the list of the disabled resources for current installation
getFullAccessAccountRole ( integer $accountId, boolean $createIfNotExist = false ) : Scalr\Acl\Role\AccountRoleObject	Gets full access account role
getGroups ( ) : array	Gets all ACl groups
getMissingRecords ( ) : string	Gets missing records for predefined global ACL roles: Full Access and Everything forbidden.
getNoAccessAccountRole ( integer $accountId, boolean $createIfNotExist = false ) : Scalr\Acl\Role\AccountRoleObject	Gets no access account role
getPermissionIdByMnemonic ( string $resourceMnemonic, string $permissionMnemonic, string $scope = null ) : string	Converts permission mnemonic to permissionId Method interprets $permissionMnemonic as PERM_$resourceMnemonic_$scope_$permissionMnemonic
getResourceIdByMnemonic ( string $resourceMnemonic, string $scope = null ) : integer	Converts resource mnemonic to resourceId Method interprets $resourceMnemonic as RESOURCE_$resourceMnemonic_$scope,
getResources ( $raw = false ) : ArrayObject	Gets all global predefined resources
getResourcesMnemonic ( ) : array	Gets mnemonic names for all resources using constants
getRole ( integer $roleId ) : RoleObject \| null	Gets role object for the specified ID
getRoles ( ) : ArrayObject	Gets all global predefined roles
getRolesComputed ( ) : array	Gets all base roles
getUserRoleIdsByTeam ( integer \| array $userId, integer \| array $teamId, integer $accountId ) : array	Returns account_role_id identifiers for specified user and team
getUserRoles ( $user ) : Scalr\Acl\Role\AccountRoleSuperposition	Gets account level roles superposition for the specified user
getUserRolesByEnvironment ( Scalr_Account_User \| integer $user, integer $envId, integer $accountId ) : Scalr\Acl\Role\AccountRoleSuperposition	Gets account roles superposition by specified ID of environment
getUserRolesByTeam ( $user, integer $teamId, integer $accountId ) : Scalr\Acl\Role\AccountRoleSuperposition	Gets account roles superposition by specified ID of team
getUsersHaveAccountRole ( string $accountRoleId, integer $accountId ) : array	Gets all users which belong to the specified account role.
hasAccessTo ( object $object, User \| integer $user, Environment \| integer $enviroment = null, boolean $modify = null ) : boolean	Check whether the user has either READ or WRITE access to the specified object
isUserAllowedByEnvironment ( Scalr_Account_User \| User $user, Scalr_Environment \| Environment $environment, integer $resourceId, string $permissionId = null ) : boolean	Checks wheter access to ACL resource or unique permission is allowed.
setAccountRole ( integer $accountId, integer $baseRoleId, string $name, integer $color, array $resources, string $accountRoleId = null ) : string	Saves account role to database
setAllRolesForTeam ( integer $teamId, array $data = [], integer $accountId = null )	Set all relations between all users of this team and ACL roles
setAllRolesForUser ( integer $userId, array $data = [], integer $accountId = null )	Sets ACL roles to this user
setDb ( ADODB_mysqli $db ) : Acl	Sets database instance to object
setUserRoles ( integer $teamId, integer $userId, array $accountRoles, integer $accountId = null )	Set roles for specified user for specified team.

Protected Methods

Method	Description
loadRolePermissions ( RoleObject $role )	Loads permissions into role object

Method Details

createFullAccessAccountRole() public method

Creates full access account role

public createFullAccessAccountRole ( integer $accountId ) : Scalr\Acl\Role\AccountRoleObject
$accountId	integer	The identifier of the client's account
return	Scalr\Acl\Role\AccountRoleObject	Returns AccountRoleObject

createNoAccessAccountRole() public method

Creates No access account role

public createNoAccessAccountRole ( integer $accountId ) : Scalr\Acl\Role\AccountRoleObject
$accountId	integer	The identifier of the client's account
return	Scalr\Acl\Role\AccountRoleObject	Returns AccountRoleObject

deleteAccountRole() public method

Deletes account role

public deleteAccountRole ( string $accountRoleId, string $accountId ) : boolean
$accountRoleId	string	The ID of account role
$accountId	string	The ID of account
return	boolean	Returns true on success or throws an exception

generateAccountRoleId() public static method

Gets auto-generated ID for account role usage.

public static generateAccountRoleId ( ) : string
return	string	Returns 20 characters length unique string

getAccountRole() public method

Gets role of account level

public getAccountRole ( string $accountRoleId, integer $accountId = null ) : Scalr\Acl\Role\AccountRoleObject
$accountRoleId	string	The ID of the account role
$accountId	integer	optional Restricts result by identifier of the account
return	Scalr\Acl\Role\AccountRoleObject	Returns AccountRoleObject for the specified ID of account role. It returns null if object does not exist.

getAccountRoleByRow() public method

Gets Account role using record from acl_account_role

public getAccountRoleByRow ( array $rec ) : Scalr\Acl\Role\AccountRoleObject
$rec	array	Record from acl_account_role
return	Scalr\Acl\Role\AccountRoleObject	Returns AccountRoleObject for the specified ID of account role. It returns null if object does not exist.

getAccountRoleComputed() public method

Gets account role computed object

public getAccountRoleComputed ( string \| Scalr\Acl\Role\AccountRoleObject $role ) : array
$role	string \| Scalr\Acl\Role\AccountRoleObject	The Id of the account role or object that represetns account role
return	array	Returns account role with all resources

getAccountRoles() public method

Gets all account roles

public getAccountRoles ( integer $accountId ) : ArrayObject
$accountId	integer	The ID of the account
return	ArrayObject	Returns all account roles for the specified account.

getAccountRolesComputed() public method

This method guarantees that all resources and unique permissions will be returned.

public getAccountRolesComputed ( integer $accountId ) : array
$accountId	integer	The ID of the account
return	array	Returns all account level roles

getDb() public method

Gets database instance

public getDb ( ) : ADODB_mysqli
return	ADODB_mysqli

getDisabledResources() public static method

It looks in the config.

public static getDisabledResources ( ) : array
return	array	Returns array of the disabled ACL resources

getFullAccessAccountRole() public method

Gets full access account role

public getFullAccessAccountRole ( integer $accountId, boolean $createIfNotExist = false ) : Scalr\Acl\Role\AccountRoleObject
$accountId	integer	The identifier of the client's account
$createIfNotExist	boolean	optional If true it will create full access role when it does not exist.
return	Scalr\Acl\Role\AccountRoleObject	Returns AccountRoleObject

getGroups() public static method

Gets all ACl groups

public static getGroups ( ) : array
return	array	Returns the list of the Groups looks like array(name => sortOrder)

getMissingRecords() public method

Gets missing records for predefined global ACL roles: Full Access and Everything forbidden.

public getMissingRecords ( ) : string
return	string	Returns sql script output that adds missing records

getNoAccessAccountRole() public method

Gets no access account role

public getNoAccessAccountRole ( integer $accountId, boolean $createIfNotExist = false ) : Scalr\Acl\Role\AccountRoleObject
$accountId	integer	The identifier of the client's account
$createIfNotExist	boolean	optional If true it will create no access role when it does not exist.
return	Scalr\Acl\Role\AccountRoleObject	Returns AccountRoleObject

getPermissionIdByMnemonic() public static method

Converts permission mnemonic to permissionId Method interprets $permissionMnemonic as PERM_$resourceMnemonic_$scope_$permissionMnemonic

public static getPermissionIdByMnemonic ( string $resourceMnemonic, string $permissionMnemonic, string $scope = null ) : string
$resourceMnemonic	string	Name of resource
$permissionMnemonic	string	Name of permission
$scope	string	optional
return	string	permissionId

getResourceIdByMnemonic() public static method

Converts resource mnemonic to resourceId Method interprets $resourceMnemonic as RESOURCE_$resourceMnemonic_$scope,

public static getResourceIdByMnemonic ( string $resourceMnemonic, string $scope = null ) : integer
$resourceMnemonic	string	Name of resource
$scope	string	optional Name of permission
return	integer	resourceId

getResources() public static method

Gets all global predefined resources

public static getResources ( $raw = false ) : ArrayObject
return	ArrayObject	Returns the list of all global predefined resources

getResourcesMnemonic() public static method

This method excludes disabled resources.

public static getResourcesMnemonic ( ) : array
return	array	Returns all resources looks like array(resourceId => mnemonicIndex)

getRole() public method

Gets role object for the specified ID

public getRole ( integer $roleId ) : RoleObject \| null
$roleId	integer	The ID of the ACL role.
return	Scalr\Acl\Role\RoleObject \| null	Returns role object for the specified ID

getRoles() public method

Gets all global predefined roles

public getRoles ( ) : ArrayObject
return	ArrayObject	Returns all global predefined roles

getRolesComputed() public method

This method guarantees that all resources with unique permissions will be returned.

public getRolesComputed ( ) : array
return	array	Returns array of all base roles

getUserRoleIdsByTeam() public method

You cannot specify both userId and teamId with an array at the one call

public getUserRoleIdsByTeam ( integer \| array $userId, integer \| array $teamId, integer $accountId ) : array
$userId	integer \| array	The ID of the user
$teamId	integer \| array	The ID of the team
$accountId	integer	The ID of the client's account
return	array	Returns the list of the identifiers

getUserRoles() public method

Gets account level roles superposition for the specified user

public getUserRoles ( $user ) : Scalr\Acl\Role\AccountRoleSuperposition
return	Scalr\Acl\Role\AccountRoleSuperposition	Returns the list of the account level roles

getUserRolesByEnvironment() public method

Gets account roles superposition by specified ID of environment

public getUserRolesByEnvironment ( Scalr_Account_User \| integer $user, integer $envId, integer $accountId ) : Scalr\Acl\Role\AccountRoleSuperposition
$user	Scalr_Account_User \| integer	The user's object or ID of the user
$envId	integer	The ID of the client's environment
$accountId	integer	The ID of the client's account
return	Scalr\Acl\Role\AccountRoleSuperposition	Returns the list of the roles of account level by specified environment

getUserRolesByTeam() public method

Gets account roles superposition by specified ID of team

public getUserRolesByTeam ( $user, integer $teamId, integer $accountId ) : Scalr\Acl\Role\AccountRoleSuperposition
$teamId	integer	The ID of the team
$accountId	integer	The ID of the client's account
return	Scalr\Acl\Role\AccountRoleSuperposition	Returns the list of the roles of account level by specified team

getUsersHaveAccountRole() public method

Gets all users which belong to the specified account role.

public getUsersHaveAccountRole ( string $accountRoleId, integer $accountId ) : array
$accountRoleId	string	The identifier of the role of account level.
$accountId	integer	The identifier of the account
return	array	Returns users array looks like array(userid => array( 'id' => identifier of the user, 'name' => full name, 'type' => user type, 'email' => user email, 'status'=> status, 'teams' => array(teamId => team name), ))

hasAccessTo() public method

Check whether the user has either READ or WRITE access to the specified object

public hasAccessTo ( object $object, User \| integer $user, Environment \| integer $enviroment = null, boolean $modify = null ) : boolean
$object	object	The object to check
$user	Scalr\Model\Entity\Account\User \| integer	Either the User Entity or its identifier
$enviroment	Scalr\Model\Entity\Account\Environment \| integer	optional Either the Environment Entity or its identifier
$modify	boolean	optional Whether it should check MODIFY permission. By default it checks READ permission.
return	boolean	Returns TRUE if the user has access to the specified object

isUserAllowedByEnvironment() public method

Checks wheter access to ACL resource or unique permission is allowed.

public isUserAllowedByEnvironment ( Scalr_Account_User \| User $user, Scalr_Environment \| Environment $environment, integer $resourceId, string $permissionId = null ) : boolean
$user	Scalr_Account_User \| Scalr\Model\Entity\Account\User	The user
$environment	Scalr_Environment \| Scalr\Model\Entity\Account\Environment	The client's environment
$resourceId	integer	The ID of the ACL resource or its symbolic name without "RESOURCE_" prefix.
$permissionId	string	optional The ID of the uniqure permission which is related to specified resource.
return	boolean	Returns TRUE if access is allowed

loadRolePermissions() protected method

Loads permissions into role object

protected loadRolePermissions ( RoleObject $role )
$role	Scalr\Acl\Role\RoleObject	A role object

setAccountRole() public method

Saves account role to database

public setAccountRole ( integer $accountId, integer $baseRoleId, string $name, integer $color, array $resources, string $accountRoleId = null ) : string
$accountId	integer	The ID of the account.
$baseRoleId	integer	The ID of the base role.
$name	string	The name of the account role.
$color	integer	The color specified as integer value
$resources	array	Array of the resources which looks like array( resource_id => array( 'granted' => [0\|1], #is granted 'permissions' => array( permissionId => [0\|1], #is granted ), mode => valueId \| null, # identifier of the Resource Mode value );
$accountRoleId	string	optional The ID of the ACL role of account level. NULL if the new role.
return	string	Returns the ID of the created or modified account role on success

setAllRolesForTeam() public method

Set all relations between all users of this team and ACL roles

public setAllRolesForTeam ( integer $teamId, array $data = [], integer $accountId = null )
$teamId	integer	The ID of the team
$data	array	Roles array should look like array(user_id => array(account_role_id, ...))
$accountId	integer	optional Restricts queries to the specified account

setAllRolesForUser() public method

This method modifies resords of two tables account_team_users and account_team_user_acls. Attention! It expects full list of the ACL roles relations for user. All missing relations will be removed.

public setAllRolesForUser ( integer $userId, array $data = [], integer $accountId = null )
$userId	integer	The ID of the user
$data	array	ACL roles array which looks like array(teamId => array(accountRoleId1, accountRoleId2, ...))
$accountId	integer	optional The ID of the account. Restricts queries to the specified account.

setDb() public method

Sets database instance to object

public setDb ( ADODB_mysqli $db ) : Acl
$db	ADODB_mysqli	The Database instance
return	Acl

setUserRoles() public method

Set roles for specified user for specified team.

public setUserRoles ( integer $teamId, integer $userId, array $accountRoles, integer $accountId = null )
$teamId	integer	The identifier of the team
$userId	integer	The identifier of the user
$accountRoles	array	The list of the identifiers of the roles of account level
$accountId	integer	optional The identifier of the account