PHP Class Prado\Security\TAuthorizationRule

TAuthorizationRule represents a single authorization rule. A rule is specified by an action (required), a list of users (optional), a list of roles (optional), a verb (optional), and a list of IP rules (optional). Action can be either 'allow' or 'deny'. Guest (anonymous, unauthenticated) users are represented by question mark '?'. All users (including guest users) are represented by asterisk '*'. Authenticated users are represented by '@'. Users/roles are case-insensitive. Different users/roles are separated by comma ','. Verb can be either 'get' or 'post'. If it is absent, it means both. IP rules are separated by comma ',' and can contain wild card in the rules (e.g. '192.132.23.33, 192.122.*.*')

Since: 3.0

Author: Qiang Xue ([email protected])

Inheritance: extends Prado\TComponent

显示文件 Open project: pradosoft/prado

Public Methods

Method	Description
__construct ( $action, $users, $roles, $verb = '', $ipRules = '' )	Constructor.
getAction ( ) : string
getAuthenticatedApplied ( ) : boolean
getEveryoneApplied ( ) : boolean
getGuestApplied ( ) : boolean
getIPRules ( ) : array
getRoles ( ) : array
getUsers ( ) : array
getVerb ( ) : string
isUserAllowed ( Prado\Security\IUser $user, $verb, $ip ) : integer

Private Methods

Method	Description
isIpMatched ( $ip )
isRoleMatched ( $user )
isUserMatched ( $user )
isVerbMatched ( $verb )

Method Details

__construct() public method

Constructor.

public __construct ( $action, $users, $roles, $verb = '', $ipRules = '' )

getAction() public method

public getAction ( ) : string
return	string	action, either 'allow' or 'deny'

getAuthenticatedApplied() public method

public getAuthenticatedApplied ( ) : boolean
return	boolean	if this rule applies to authenticated users

getEveryoneApplied() public method

public getEveryoneApplied ( ) : boolean
return	boolean	if this rule applies to everyone

getGuestApplied() public method

public getGuestApplied ( ) : boolean
return	boolean	if this rule applies to everyone

getIPRules() public method

Since: 3.1.1

public getIPRules ( ) : array
return	array	list of IP rules.

getRoles() public method

public getRoles ( ) : array
return	array	list of roles

getUsers() public method

public getUsers ( ) : array
return	array	list of user IDs

getVerb() public method

public getVerb ( ) : string
return	string	verb, may be empty, 'get', or 'post'.

isUserAllowed() public method

public isUserAllowed ( Prado\Security\IUser $user, $verb, $ip ) : integer
$user	Prado\Security\IUser
return	integer	1 if the user is allowed, -1 if the user is denied, 0 if the rule does not apply to the user