PHP Class Prado\Security\TAuthorizationRule

TAuthorizationRule represents a single authorization rule. A rule is specified by an action (required), a list of users (optional), a list of roles (optional), a verb (optional), and a list of IP rules (optional). Action can be either 'allow' or 'deny'. Guest (anonymous, unauthenticated) users are represented by question mark '?'. All users (including guest users) are represented by asterisk '*'. Authenticated users are represented by '@'. Users/roles are case-insensitive. Different users/roles are separated by comma ','. Verb can be either 'get' or 'post'. If it is absent, it means both. IP rules are separated by comma ',' and can contain wild card in the rules (e.g. '192.132.23.33, 192.122.*.*')
Since: 3.0
Author: Qiang Xue ([email protected])
Inheritance: extends Prado\TComponent
Mostrar archivo Open project: pradosoft/prado

Public Methods

Method Description
__construct ( $action, $users, $roles, $verb = '', $ipRules = '' ) Constructor.
getAction ( ) : string
getAuthenticatedApplied ( ) : boolean
getEveryoneApplied ( ) : boolean
getGuestApplied ( ) : boolean
getIPRules ( ) : array
getRoles ( ) : array
getUsers ( ) : array
getVerb ( ) : string
isUserAllowed ( Prado\Security\IUser $user, $verb, $ip ) : integer

Private Methods

Method Description
isIpMatched ( $ip )
isRoleMatched ( $user )
isUserMatched ( $user )
isVerbMatched ( $verb )

Method Details

__construct() public method

Constructor.
public __construct ( $action, $users, $roles, $verb = '', $ipRules = '' )

getAction() public method

public getAction ( ) : string
return string action, either 'allow' or 'deny'

getAuthenticatedApplied() public method

public getAuthenticatedApplied ( ) : boolean
return boolean if this rule applies to authenticated users

getEveryoneApplied() public method

public getEveryoneApplied ( ) : boolean
return boolean if this rule applies to everyone

getGuestApplied() public method

public getGuestApplied ( ) : boolean
return boolean if this rule applies to everyone

getIPRules() public method

Since: 3.1.1
public getIPRules ( ) : array
return array list of IP rules.

getRoles() public method

public getRoles ( ) : array
return array list of roles

getUsers() public method

public getUsers ( ) : array
return array list of user IDs

getVerb() public method

public getVerb ( ) : string
return string verb, may be empty, 'get', or 'post'.

isUserAllowed() public method

public isUserAllowed ( Prado\Security\IUser $user, $verb, $ip ) : integer
$user Prado\Security\IUser
return integer 1 if the user is allowed, -1 if the user is denied, 0 if the rule does not apply to the user