PHP Class Scalr\Acl\Acl

Since: 30.07.2013

Author: Vitaliy Demidov ([email protected])

Afficher le fichier Open project: scalr/scalr Class Usage Examples

Méthodes publiques

Méthode	Description
createFullAccessAccountRole ( integer $accountId ) : Scalr\Acl\Role\AccountRoleObject	Creates full access account role
createNoAccessAccountRole ( integer $accountId ) : Scalr\Acl\Role\AccountRoleObject	Creates No access account role
deleteAccountRole ( string $accountRoleId, string $accountId ) : boolean	Deletes account role
generateAccountRoleId ( ) : string	Gets auto-generated ID for account role usage.
getAccountRole ( string $accountRoleId, integer $accountId = null ) : Scalr\Acl\Role\AccountRoleObject	Gets role of account level
getAccountRoleByRow ( array $rec ) : Scalr\Acl\Role\AccountRoleObject	Gets Account role using record from acl_account_role
getAccountRoleComputed ( string \| Scalr\Acl\Role\AccountRoleObject $role ) : array	Gets account role computed object
getAccountRoles ( integer $accountId ) : ArrayObject	Gets all account roles
getAccountRolesComputed ( integer $accountId ) : array	Gets all account level roles
getDb ( ) : ADODB_mysqli	Gets database instance
getDisabledResources ( ) : array	Returns the list of the disabled resources for current installation
getFullAccessAccountRole ( integer $accountId, boolean $createIfNotExist = false ) : Scalr\Acl\Role\AccountRoleObject	Gets full access account role
getGroups ( ) : array	Gets all ACl groups
getMissingRecords ( ) : string	Gets missing records for predefined global ACL roles: Full Access and Everything forbidden.
getNoAccessAccountRole ( integer $accountId, boolean $createIfNotExist = false ) : Scalr\Acl\Role\AccountRoleObject	Gets no access account role
getPermissionIdByMnemonic ( string $resourceMnemonic, string $permissionMnemonic, string $scope = null ) : string	Converts permission mnemonic to permissionId Method interprets $permissionMnemonic as PERM_$resourceMnemonic_$scope_$permissionMnemonic
getResourceIdByMnemonic ( string $resourceMnemonic, string $scope = null ) : integer	Converts resource mnemonic to resourceId Method interprets $resourceMnemonic as RESOURCE_$resourceMnemonic_$scope,
getResources ( $raw = false ) : ArrayObject	Gets all global predefined resources
getResourcesMnemonic ( ) : array	Gets mnemonic names for all resources using constants
getRole ( integer $roleId ) : RoleObject \| null	Gets role object for the specified ID
getRoles ( ) : ArrayObject	Gets all global predefined roles
getRolesComputed ( ) : array	Gets all base roles
getUserRoleIdsByTeam ( integer \| array $userId, integer \| array $teamId, integer $accountId ) : array	Returns account_role_id identifiers for specified user and team
getUserRoles ( $user ) : Scalr\Acl\Role\AccountRoleSuperposition	Gets account level roles superposition for the specified user
getUserRolesByEnvironment ( Scalr_Account_User \| integer $user, integer $envId, integer $accountId ) : Scalr\Acl\Role\AccountRoleSuperposition	Gets account roles superposition by specified ID of environment
getUserRolesByTeam ( $user, integer $teamId, integer $accountId ) : Scalr\Acl\Role\AccountRoleSuperposition	Gets account roles superposition by specified ID of team
getUsersHaveAccountRole ( string $accountRoleId, integer $accountId ) : array	Gets all users which belong to the specified account role.
hasAccessTo ( object $object, User \| integer $user, Environment \| integer $enviroment = null, boolean $modify = null ) : boolean	Check whether the user has either READ or WRITE access to the specified object
isUserAllowedByEnvironment ( Scalr_Account_User \| User $user, Scalr_Environment \| Environment $environment, integer $resourceId, string $permissionId = null ) : boolean	Checks wheter access to ACL resource or unique permission is allowed.
setAccountRole ( integer $accountId, integer $baseRoleId, string $name, integer $color, array $resources, string $accountRoleId = null ) : string	Saves account role to database
setAllRolesForTeam ( integer $teamId, array $data = [], integer $accountId = null )	Set all relations between all users of this team and ACL roles
setAllRolesForUser ( integer $userId, array $data = [], integer $accountId = null )	Sets ACL roles to this user
setDb ( ADODB_mysqli $db ) : Acl	Sets database instance to object
setUserRoles ( integer $teamId, integer $userId, array $accountRoles, integer $accountId = null )	Set roles for specified user for specified team.

Méthodes protégées

Méthode	Description
loadRolePermissions ( RoleObject $role )	Loads permissions into role object

Method Details

createFullAccessAccountRole() public méthode

Creates full access account role

public createFullAccessAccountRole ( integer $accountId ) : Scalr\Acl\Role\AccountRoleObject
$accountId	integer	The identifier of the client's account
Résultat	Scalr\Acl\Role\AccountRoleObject	Returns AccountRoleObject

createNoAccessAccountRole() public méthode

Creates No access account role

public createNoAccessAccountRole ( integer $accountId ) : Scalr\Acl\Role\AccountRoleObject
$accountId	integer	The identifier of the client's account
Résultat	Scalr\Acl\Role\AccountRoleObject	Returns AccountRoleObject

deleteAccountRole() public méthode

Deletes account role

public deleteAccountRole ( string $accountRoleId, string $accountId ) : boolean
$accountRoleId	string	The ID of account role
$accountId	string	The ID of account
Résultat	boolean	Returns true on success or throws an exception

generateAccountRoleId() public static méthode

Gets auto-generated ID for account role usage.

public static generateAccountRoleId ( ) : string
Résultat	string	Returns 20 characters length unique string

getAccountRole() public méthode

Gets role of account level

public getAccountRole ( string $accountRoleId, integer $accountId = null ) : Scalr\Acl\Role\AccountRoleObject
$accountRoleId	string	The ID of the account role
$accountId	integer	optional Restricts result by identifier of the account
Résultat	Scalr\Acl\Role\AccountRoleObject	Returns AccountRoleObject for the specified ID of account role. It returns null if object does not exist.

getAccountRoleByRow() public méthode

Gets Account role using record from acl_account_role

public getAccountRoleByRow ( array $rec ) : Scalr\Acl\Role\AccountRoleObject
$rec	array	Record from acl_account_role
Résultat	Scalr\Acl\Role\AccountRoleObject	Returns AccountRoleObject for the specified ID of account role. It returns null if object does not exist.

getAccountRoleComputed() public méthode

Gets account role computed object

public getAccountRoleComputed ( string \| Scalr\Acl\Role\AccountRoleObject $role ) : array
$role	string \| Scalr\Acl\Role\AccountRoleObject	The Id of the account role or object that represetns account role
Résultat	array	Returns account role with all resources

getAccountRoles() public méthode

Gets all account roles

public getAccountRoles ( integer $accountId ) : ArrayObject
$accountId	integer	The ID of the account
Résultat	ArrayObject	Returns all account roles for the specified account.

getAccountRolesComputed() public méthode

This method guarantees that all resources and unique permissions will be returned.

public getAccountRolesComputed ( integer $accountId ) : array
$accountId	integer	The ID of the account
Résultat	array	Returns all account level roles

getDb() public méthode

Gets database instance

public getDb ( ) : ADODB_mysqli
Résultat	ADODB_mysqli

getDisabledResources() public static méthode

It looks in the config.

public static getDisabledResources ( ) : array
Résultat	array	Returns array of the disabled ACL resources

getFullAccessAccountRole() public méthode

Gets full access account role

public getFullAccessAccountRole ( integer $accountId, boolean $createIfNotExist = false ) : Scalr\Acl\Role\AccountRoleObject
$accountId	integer	The identifier of the client's account
$createIfNotExist	boolean	optional If true it will create full access role when it does not exist.
Résultat	Scalr\Acl\Role\AccountRoleObject	Returns AccountRoleObject

getGroups() public static méthode

Gets all ACl groups

public static getGroups ( ) : array
Résultat	array	Returns the list of the Groups looks like array(name => sortOrder)

getMissingRecords() public méthode

Gets missing records for predefined global ACL roles: Full Access and Everything forbidden.

public getMissingRecords ( ) : string
Résultat	string	Returns sql script output that adds missing records

getNoAccessAccountRole() public méthode

Gets no access account role

public getNoAccessAccountRole ( integer $accountId, boolean $createIfNotExist = false ) : Scalr\Acl\Role\AccountRoleObject
$accountId	integer	The identifier of the client's account
$createIfNotExist	boolean	optional If true it will create no access role when it does not exist.
Résultat	Scalr\Acl\Role\AccountRoleObject	Returns AccountRoleObject

getPermissionIdByMnemonic() public static méthode

Converts permission mnemonic to permissionId Method interprets $permissionMnemonic as PERM_$resourceMnemonic_$scope_$permissionMnemonic

public static getPermissionIdByMnemonic ( string $resourceMnemonic, string $permissionMnemonic, string $scope = null ) : string
$resourceMnemonic	string	Name of resource
$permissionMnemonic	string	Name of permission
$scope	string	optional
Résultat	string	permissionId

getResourceIdByMnemonic() public static méthode

Converts resource mnemonic to resourceId Method interprets $resourceMnemonic as RESOURCE_$resourceMnemonic_$scope,

public static getResourceIdByMnemonic ( string $resourceMnemonic, string $scope = null ) : integer
$resourceMnemonic	string	Name of resource
$scope	string	optional Name of permission
Résultat	integer	resourceId

getResources() public static méthode

Gets all global predefined resources

public static getResources ( $raw = false ) : ArrayObject
Résultat	ArrayObject	Returns the list of all global predefined resources

getResourcesMnemonic() public static méthode

This method excludes disabled resources.

public static getResourcesMnemonic ( ) : array
Résultat	array	Returns all resources looks like array(resourceId => mnemonicIndex)

getRole() public méthode

Gets role object for the specified ID

public getRole ( integer $roleId ) : RoleObject \| null
$roleId	integer	The ID of the ACL role.
Résultat	Scalr\Acl\Role\RoleObject \| null	Returns role object for the specified ID

getRoles() public méthode

Gets all global predefined roles

public getRoles ( ) : ArrayObject
Résultat	ArrayObject	Returns all global predefined roles

getRolesComputed() public méthode

This method guarantees that all resources with unique permissions will be returned.

public getRolesComputed ( ) : array
Résultat	array	Returns array of all base roles

getUserRoleIdsByTeam() public méthode

You cannot specify both userId and teamId with an array at the one call

public getUserRoleIdsByTeam ( integer \| array $userId, integer \| array $teamId, integer $accountId ) : array
$userId	integer \| array	The ID of the user
$teamId	integer \| array	The ID of the team
$accountId	integer	The ID of the client's account
Résultat	array	Returns the list of the identifiers

getUserRoles() public méthode

Gets account level roles superposition for the specified user

public getUserRoles ( $user ) : Scalr\Acl\Role\AccountRoleSuperposition
Résultat	Scalr\Acl\Role\AccountRoleSuperposition	Returns the list of the account level roles

getUserRolesByEnvironment() public méthode

Gets account roles superposition by specified ID of environment

public getUserRolesByEnvironment ( Scalr_Account_User \| integer $user, integer $envId, integer $accountId ) : Scalr\Acl\Role\AccountRoleSuperposition
$user	Scalr_Account_User \| integer	The user's object or ID of the user
$envId	integer	The ID of the client's environment
$accountId	integer	The ID of the client's account
Résultat	Scalr\Acl\Role\AccountRoleSuperposition	Returns the list of the roles of account level by specified environment

getUserRolesByTeam() public méthode

Gets account roles superposition by specified ID of team

public getUserRolesByTeam ( $user, integer $teamId, integer $accountId ) : Scalr\Acl\Role\AccountRoleSuperposition
$teamId	integer	The ID of the team
$accountId	integer	The ID of the client's account
Résultat	Scalr\Acl\Role\AccountRoleSuperposition	Returns the list of the roles of account level by specified team

getUsersHaveAccountRole() public méthode

Gets all users which belong to the specified account role.

public getUsersHaveAccountRole ( string $accountRoleId, integer $accountId ) : array
$accountRoleId	string	The identifier of the role of account level.
$accountId	integer	The identifier of the account
Résultat	array	Returns users array looks like array(userid => array( 'id' => identifier of the user, 'name' => full name, 'type' => user type, 'email' => user email, 'status'=> status, 'teams' => array(teamId => team name), ))

hasAccessTo() public méthode

Check whether the user has either READ or WRITE access to the specified object

public hasAccessTo ( object $object, User \| integer $user, Environment \| integer $enviroment = null, boolean $modify = null ) : boolean
$object	object	The object to check
$user	Scalr\Model\Entity\Account\User \| integer	Either the User Entity or its identifier
$enviroment	Scalr\Model\Entity\Account\Environment \| integer	optional Either the Environment Entity or its identifier
$modify	boolean	optional Whether it should check MODIFY permission. By default it checks READ permission.
Résultat	boolean	Returns TRUE if the user has access to the specified object

isUserAllowedByEnvironment() public méthode

Checks wheter access to ACL resource or unique permission is allowed.

public isUserAllowedByEnvironment ( Scalr_Account_User \| User $user, Scalr_Environment \| Environment $environment, integer $resourceId, string $permissionId = null ) : boolean
$user	Scalr_Account_User \| Scalr\Model\Entity\Account\User	The user
$environment	Scalr_Environment \| Scalr\Model\Entity\Account\Environment	The client's environment
$resourceId	integer	The ID of the ACL resource or its symbolic name without "RESOURCE_" prefix.
$permissionId	string	optional The ID of the uniqure permission which is related to specified resource.
Résultat	boolean	Returns TRUE if access is allowed

loadRolePermissions() protected méthode

Loads permissions into role object

protected loadRolePermissions ( RoleObject $role )
$role	Scalr\Acl\Role\RoleObject	A role object

setAccountRole() public méthode

Saves account role to database

public setAccountRole ( integer $accountId, integer $baseRoleId, string $name, integer $color, array $resources, string $accountRoleId = null ) : string
$accountId	integer	The ID of the account.
$baseRoleId	integer	The ID of the base role.
$name	string	The name of the account role.
$color	integer	The color specified as integer value
$resources	array	Array of the resources which looks like array( resource_id => array( 'granted' => [0\|1], #is granted 'permissions' => array( permissionId => [0\|1], #is granted ), mode => valueId \| null, # identifier of the Resource Mode value );
$accountRoleId	string	optional The ID of the ACL role of account level. NULL if the new role.
Résultat	string	Returns the ID of the created or modified account role on success

setAllRolesForTeam() public méthode

Set all relations between all users of this team and ACL roles

public setAllRolesForTeam ( integer $teamId, array $data = [], integer $accountId = null )
$teamId	integer	The ID of the team
$data	array	Roles array should look like array(user_id => array(account_role_id, ...))
$accountId	integer	optional Restricts queries to the specified account

setAllRolesForUser() public méthode

This method modifies resords of two tables account_team_users and account_team_user_acls. Attention! It expects full list of the ACL roles relations for user. All missing relations will be removed.

public setAllRolesForUser ( integer $userId, array $data = [], integer $accountId = null )
$userId	integer	The ID of the user
$data	array	ACL roles array which looks like array(teamId => array(accountRoleId1, accountRoleId2, ...))
$accountId	integer	optional The ID of the account. Restricts queries to the specified account.

setDb() public méthode

Sets database instance to object

public setDb ( ADODB_mysqli $db ) : Acl
$db	ADODB_mysqli	The Database instance
Résultat	Acl

setUserRoles() public méthode

Set roles for specified user for specified team.

public setUserRoles ( integer $teamId, integer $userId, array $accountRoles, integer $accountId = null )
$teamId	integer	The identifier of the team
$userId	integer	The identifier of the user
$accountRoles	array	The list of the identifiers of the roles of account level
$accountId	integer	optional The identifier of the account