PHP Class Nette\Security\Permission

This solution is mostly based on Zend_Acl (c) Zend Technologies USA Inc. (http://www.zend.com), new BSD license
Author: David Grudl
Inheritance: extends Nette\Object, implements Nette\Security\IAuthorizator
显示文件 Open project: nette/security Class Usage Examples

Public Methods

Method Description
addResource ( $resource, $parent = NULL ) : self Adds a Resource having an identifier unique to the list.
addRole ( $role, $parents = NULL ) : self Adds a Role to the list. The most recently added parent takes precedence over parents that were previously added.
allow ( $roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL ) : self Allows one or more Roles access to [certain $privileges upon] the specified Resource(s).
deny ( $roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL ) : self Denies one or more Roles access to [certain $privileges upon] the specified Resource(s).
getQueriedResource ( ) : mixed Returns real currently queried Resource. Use by assertion.
getQueriedRole ( ) : mixed Returns real currently queried Role. Use by assertion.
getResources ( ) : array Returns all Resources.
getRoleParents ( $role ) : array Returns existing Role's parents ordered by ascending priority.
getRoles ( ) : array Returns all Roles.
hasResource ( $resource ) : boolean Returns TRUE if the Resource exists in the list.
hasRole ( $role ) : boolean Returns TRUE if the Role exists in the list.
isAllowed ( $role = self::ALL, $resource = self::ALL, $privilege = self::ALL ) : boolean Returns TRUE if and only if the Role has access to [certain $privileges upon] the Resource.
removeAllResources ( ) : self Removes all Resources.
removeAllRoles ( ) : self Removes all Roles from the list.
removeAllow ( $roles = self::ALL, $resources = self::ALL, $privileges = self::ALL ) : self Removes "allow" permissions from the list in the context of the given Roles, Resources, and privileges.
removeDeny ( $roles = self::ALL, $resources = self::ALL, $privileges = self::ALL ) : self Removes "deny" restrictions from the list in the context of the given Roles, Resources, and privileges.
removeResource ( $resource ) : self Removes a Resource and all of its children.
removeRole ( $role ) : self Removes the Role from the list.
resourceInheritsFrom ( $resource, $inherit, $onlyParent = FALSE ) : boolean Returns TRUE if $resource inherits from $inherit. If $onlyParents is TRUE, then $resource must inherit directly from $inherit.
roleInheritsFrom ( $role, $inherit, $onlyParents = FALSE ) : boolean Returns TRUE if $role inherits from $inherit. If $onlyParents is TRUE, then $role must inherit directly from $inherit.

Protected Methods

Method Description
setRule ( $toAdd, $type, $roles, $resources, $privileges, $assertion = NULL ) : self Performs operations on Access Control List rules.

Private Methods

Method Description
checkResource ( $resource, $need = TRUE ) : void Checks whether Resource is valid and exists in the list.
checkRole ( $role, $need = TRUE ) : void Checks whether Role is valid and exists in the list.
getRuleType ( $resource, $role, $privilege ) : mixed Returns the rule type associated with the specified Resource, Role, and privilege.
getRules ( $resource, $role, $create = FALSE ) : array | null Returns the rules associated with a Resource and a Role, or NULL if no such rules exist.
searchRolePrivileges ( $all, $role, $resource, $privilege ) : mixed Performs a depth-first search of the Role DAG, starting at $role, in order to find a rule allowing/denying $role access to a/all $privilege upon $resource.

Method Details

addResource() public method

Adds a Resource having an identifier unique to the list.
public addResource ( $resource, $parent = NULL ) : self
return self

addRole() public method

Adds a Role to the list. The most recently added parent takes precedence over parents that were previously added.
public addRole ( $role, $parents = NULL ) : self
return self

allow() public method

If $assertion is provided, then it must return TRUE in order for rule to apply.
public allow ( $roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL ) : self
return self

deny() public method

If $assertion is provided, then it must return TRUE in order for rule to apply.
public deny ( $roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL ) : self
return self

getQueriedResource() public method

Returns real currently queried Resource. Use by assertion.
public getQueriedResource ( ) : mixed
return mixed

getQueriedRole() public method

Returns real currently queried Role. Use by assertion.
public getQueriedRole ( ) : mixed
return mixed

getResources() public method

Returns all Resources.
public getResources ( ) : array
return array

getRoleParents() public method

Returns existing Role's parents ordered by ascending priority.
public getRoleParents ( $role ) : array
return array

getRoles() public method

Returns all Roles.
public getRoles ( ) : array
return array

hasResource() public method

Returns TRUE if the Resource exists in the list.
public hasResource ( $resource ) : boolean
return boolean

hasRole() public method

Returns TRUE if the Role exists in the list.
public hasRole ( $role ) : boolean
return boolean

isAllowed() public method

This method checks Role inheritance using a depth-first traversal of the Role list. The highest priority parent (i.e., the parent most recently added) is checked first, and its respective parents are checked similarly before the lower-priority parents of the Role are checked.
public isAllowed ( $role = self::ALL, $resource = self::ALL, $privilege = self::ALL ) : boolean
return boolean

removeAllResources() public method

Removes all Resources.
public removeAllResources ( ) : self
return self

removeAllRoles() public method

Removes all Roles from the list.
public removeAllRoles ( ) : self
return self

removeAllow() public method

Removes "allow" permissions from the list in the context of the given Roles, Resources, and privileges.
public removeAllow ( $roles = self::ALL, $resources = self::ALL, $privileges = self::ALL ) : self
return self

removeDeny() public method

Removes "deny" restrictions from the list in the context of the given Roles, Resources, and privileges.
public removeDeny ( $roles = self::ALL, $resources = self::ALL, $privileges = self::ALL ) : self
return self

removeResource() public method

Removes a Resource and all of its children.
public removeResource ( $resource ) : self
return self

removeRole() public method

Removes the Role from the list.
public removeRole ( $role ) : self
return self

resourceInheritsFrom() public method

Returns TRUE if $resource inherits from $inherit. If $onlyParents is TRUE, then $resource must inherit directly from $inherit.
public resourceInheritsFrom ( $resource, $inherit, $onlyParent = FALSE ) : boolean
return boolean

roleInheritsFrom() public method

Returns TRUE if $role inherits from $inherit. If $onlyParents is TRUE, then $role must inherit directly from $inherit.
public roleInheritsFrom ( $role, $inherit, $onlyParents = FALSE ) : boolean
return boolean

setRule() protected method

Performs operations on Access Control List rules.
protected setRule ( $toAdd, $type, $roles, $resources, $privileges, $assertion = NULL ) : self
return self