PageRenderTime 34ms CodeModel.GetById 1ms app.highlight 24ms RepoModel.GetById 2ms app.codeStats 0ms

/js/yii/web/auth/CAccessRule.js

http://github.com/phpnode/YiiJS
JavaScript | 195 lines | 101 code | 0 blank | 94 comment | 36 complexity | 3d952c6d1be354ee351cd66a9355bb24 MD5 | raw file
  1/*global Yii, php, $, jQuery, alert, clearInterval, clearTimeout, document, event, frames, history, Image, location, name, navigator, Option, parent, screen, setInterval, setTimeout, window, XMLHttpRequest */
  2/**
  3 * CAccessRule represents an access rule that is managed by {@link CAccessControlFilter}.
  4 * 
  5 * @originalAuthor Qiang Xue <qiang.xue@gmail.com>
  6 * @version $Id: CAccessControlFilter.php 3001 2011-02-24 16:42:44Z alexander.makarow $
  7 * @package system.web.auth
  8 * @since 1.0
  9 * @author Charles Pick
 10 * @class
 11 * @extends Yii.CComponent
 12 */
 13Yii.CAccessRule = function CAccessRule () {
 14};
 15Yii.CAccessRule.prototype = new Yii.CComponent();
 16Yii.CAccessRule.prototype.constructor =  Yii.CAccessRule;
 17/**
 18 * @var {Boolean} whether this is an 'allow' rule or 'deny' rule.
 19 */
 20Yii.CAccessRule.prototype.allow = null;
 21/**
 22 * @var {Array} list of action IDs that this rule applies to. The comparison is case-insensitive.
 23 */
 24Yii.CAccessRule.prototype.actions = null;
 25/**
 26 * @var {Array} list of controler IDs that this rule applies to. The comparison is case-insensitive.
 27 * @since 1.0.4
 28 */
 29Yii.CAccessRule.prototype.controllers = null;
 30/**
 31 * @var {Array} list of user names that this rule applies to. The comparison is case-insensitive.
 32 */
 33Yii.CAccessRule.prototype.users = null;
 34/**
 35 * @var {Array} list of roles this rule applies to. For each role, the current user's
 36 * {@link CWebUser::checkAccess} method will be invoked. If one of the invocations
 37 * returns true, the rule will be applied.
 38 * Note, you should mainly use roles in an "allow" rule because by definition,
 39 * a role represents a permission collection.
 40 * @see CAuthManager
 41 */
 42Yii.CAccessRule.prototype.roles = null;
 43/**
 44 * @var {Array} IP patterns.
 45 */
 46Yii.CAccessRule.prototype.ips = null;
 47/**
 48 * @var {Array} list of request types (e.g. GET, POST) that this rule applies to.
 49 */
 50Yii.CAccessRule.prototype.verbs = null;
 51/**
 52 * @var {String} a PHP expression whose value indicates whether this rule should be applied.
 53 * In this expression, you can use <code>$user</code> which refers to <code>Yii::app()->user</code>.
 54 * Starting from version 1.0.11, the expression can also be a valid PHP callback,
 55 * including class method name (array(ClassName/Object, MethodName)),
 56 * or anonymous function (PHP 5.3.0+). The function/method signature should be as follows:
 57 * <pre>
 58 * function foo(user, rule) { +++ }
 59 * </pre>
 60 * where $user is the current application user object and $rule is this access rule.
 61 * @since 1.0.3
 62 */
 63Yii.CAccessRule.prototype.expression = null;
 64/**
 65 * @var {String} the error message to be displayed when authorization is denied by this rule.
 66 * If not set, a default error message will be displayed.
 67 * @since 1.1.1
 68 */
 69Yii.CAccessRule.prototype.message = null;
 70/**
 71 * Checks whether the Web user is allowed to perform the specified action.
 72 * @param {Yii.CWebUser} user the user object
 73 * @param {Yii.CController} controller the controller currently being executed
 74 * @param {Yii.CAction} action the action to be performed
 75 * @param {String} ip the request IP address
 76 * @param {String} verb the request verb (GET, POST, etc.)
 77 * @returns {Integer} 1 if the user is allowed, -1 if the user is denied, 0 if the rule does not apply to the user
 78 */
 79Yii.CAccessRule.prototype.isUserAllowed = function (user, controller, action, ip, verb) {
 80		if(this.isActionMatched(action)
 81			&& this.isUserMatched(user)
 82			&& this.isRoleMatched(user)
 83			&& this.isIpMatched(ip)
 84			&& this.isVerbMatched(verb)
 85			&& this.isControllerMatched(controller)
 86			&& this.isExpressionMatched(user)) {
 87			return this.allow ? 1 : -1;
 88		}
 89		else {
 90			return 0;
 91		}
 92	};
 93/**
 94 * @param {Yii.CAction} action the action
 95 * @returns {Boolean} whether the rule applies to the action
 96 */
 97Yii.CAccessRule.prototype.isActionMatched = function (action) {
 98		return php.empty(this.actions) || php.in_array(action.getId().toLowerCase(),this.actions);
 99	};
100/**
101 * @param {Yii.CAction} controller the action
102 * @returns {Boolean} whether the rule applies to the action
103 */
104Yii.CAccessRule.prototype.isControllerMatched = function (controller) {
105		return php.empty(this.controllers) || php.in_array(controller.getId().toLowerCase(),this.controllers);
106	};
107/**
108 * @param {IWebUser} user the user
109 * @returns {Boolean} whether the rule applies to the user
110 */
111Yii.CAccessRule.prototype.isUserMatched = function (user) {
112		var i, u;
113		if(php.empty(this.users)) {
114			return true;
115		}
116		for (i in this.users)
117		{
118			if (this.users.hasOwnProperty(i)) {
119				u = this.users[i];
120			if(u==='*') {
121				return true;
122		}
123			else if(u==='?' && user.getIsGuest()) {
124				return true;
125		}
126			else if(u==='@' && !user.getIsGuest()) {
127				return true;
128		}
129			else if(!php.strcasecmp(u,user.getName())) {
130				return true;
131		}
132		}
133		}
134		return false;
135	};
136/**
137 * @param {IWebUser} user the user object
138 * @returns {Boolean} whether the rule applies to the role
139 */
140Yii.CAccessRule.prototype.isRoleMatched = function (user) {
141		var i, role;
142		if(php.empty(this.roles)) {
143			return true;
144		}
145		for (i in this.roles)
146		{
147			if (this.roles.hasOwnProperty(i)) {
148				role = this.roles[i];
149			if(user.checkAccess(role)) {
150				return true;
151		}
152		}
153		}
154		return false;
155	};
156/**
157 * @param {String} ip the IP address
158 * @returns {Boolean} whether the rule applies to the IP address
159 */
160Yii.CAccessRule.prototype.isIpMatched = function (ip) {
161		var i, rule, pos;
162		if(php.empty(this.ips)) {
163			return true;
164		}
165		for (i in this.ips)
166		{
167			if (this.ips.hasOwnProperty(i)) {
168				rule = this.ips[i];
169			if(rule==='*' || rule===ip || ((pos=php.strpos(rule,'*'))!==false && !php.strncmp(ip,rule,pos))) {
170				return true;
171		}
172		}
173		}
174		return false;
175	};
176/**
177 * @param {String} verb the request method
178 * @returns {Boolean} whether the rule applies to the request
179 */
180Yii.CAccessRule.prototype.isVerbMatched = function (verb) {
181		return php.empty(this.verbs) || php.in_array(verb.toLowerCase(),this.verbs);
182	};
183/**
184 * @param {IWebUser} user the user
185 * @returns {Boolean} the expression value. True if the expression is not specified.
186 * @since 1.0.3
187 */
188Yii.CAccessRule.prototype.isExpressionMatched = function (user) {
189		if(this.expression===null) {
190			return true;
191		}
192		else {
193			return this.evaluateExpression(this.expression, {'user':user});
194		}
195	};