/js/yii/web/auth/CAccessRule.js
JavaScript | 195 lines | 101 code | 0 blank | 94 comment | 36 complexity | 3d952c6d1be354ee351cd66a9355bb24 MD5 | raw file
1/*global Yii, php, $, jQuery, alert, clearInterval, clearTimeout, document, event, frames, history, Image, location, name, navigator, Option, parent, screen, setInterval, setTimeout, window, XMLHttpRequest */ 2/** 3 * CAccessRule represents an access rule that is managed by {@link CAccessControlFilter}. 4 * 5 * @originalAuthor Qiang Xue <qiang.xue@gmail.com> 6 * @version $Id: CAccessControlFilter.php 3001 2011-02-24 16:42:44Z alexander.makarow $ 7 * @package system.web.auth 8 * @since 1.0 9 * @author Charles Pick 10 * @class 11 * @extends Yii.CComponent 12 */ 13Yii.CAccessRule = function CAccessRule () { 14}; 15Yii.CAccessRule.prototype = new Yii.CComponent(); 16Yii.CAccessRule.prototype.constructor = Yii.CAccessRule; 17/** 18 * @var {Boolean} whether this is an 'allow' rule or 'deny' rule. 19 */ 20Yii.CAccessRule.prototype.allow = null; 21/** 22 * @var {Array} list of action IDs that this rule applies to. The comparison is case-insensitive. 23 */ 24Yii.CAccessRule.prototype.actions = null; 25/** 26 * @var {Array} list of controler IDs that this rule applies to. The comparison is case-insensitive. 27 * @since 1.0.4 28 */ 29Yii.CAccessRule.prototype.controllers = null; 30/** 31 * @var {Array} list of user names that this rule applies to. The comparison is case-insensitive. 32 */ 33Yii.CAccessRule.prototype.users = null; 34/** 35 * @var {Array} list of roles this rule applies to. For each role, the current user's 36 * {@link CWebUser::checkAccess} method will be invoked. If one of the invocations 37 * returns true, the rule will be applied. 38 * Note, you should mainly use roles in an "allow" rule because by definition, 39 * a role represents a permission collection. 40 * @see CAuthManager 41 */ 42Yii.CAccessRule.prototype.roles = null; 43/** 44 * @var {Array} IP patterns. 45 */ 46Yii.CAccessRule.prototype.ips = null; 47/** 48 * @var {Array} list of request types (e.g. GET, POST) that this rule applies to. 49 */ 50Yii.CAccessRule.prototype.verbs = null; 51/** 52 * @var {String} a PHP expression whose value indicates whether this rule should be applied. 53 * In this expression, you can use <code>$user</code> which refers to <code>Yii::app()->user</code>. 54 * Starting from version 1.0.11, the expression can also be a valid PHP callback, 55 * including class method name (array(ClassName/Object, MethodName)), 56 * or anonymous function (PHP 5.3.0+). The function/method signature should be as follows: 57 * <pre> 58 * function foo(user, rule) { +++ } 59 * </pre> 60 * where $user is the current application user object and $rule is this access rule. 61 * @since 1.0.3 62 */ 63Yii.CAccessRule.prototype.expression = null; 64/** 65 * @var {String} the error message to be displayed when authorization is denied by this rule. 66 * If not set, a default error message will be displayed. 67 * @since 1.1.1 68 */ 69Yii.CAccessRule.prototype.message = null; 70/** 71 * Checks whether the Web user is allowed to perform the specified action. 72 * @param {Yii.CWebUser} user the user object 73 * @param {Yii.CController} controller the controller currently being executed 74 * @param {Yii.CAction} action the action to be performed 75 * @param {String} ip the request IP address 76 * @param {String} verb the request verb (GET, POST, etc.) 77 * @returns {Integer} 1 if the user is allowed, -1 if the user is denied, 0 if the rule does not apply to the user 78 */ 79Yii.CAccessRule.prototype.isUserAllowed = function (user, controller, action, ip, verb) { 80 if(this.isActionMatched(action) 81 && this.isUserMatched(user) 82 && this.isRoleMatched(user) 83 && this.isIpMatched(ip) 84 && this.isVerbMatched(verb) 85 && this.isControllerMatched(controller) 86 && this.isExpressionMatched(user)) { 87 return this.allow ? 1 : -1; 88 } 89 else { 90 return 0; 91 } 92 }; 93/** 94 * @param {Yii.CAction} action the action 95 * @returns {Boolean} whether the rule applies to the action 96 */ 97Yii.CAccessRule.prototype.isActionMatched = function (action) { 98 return php.empty(this.actions) || php.in_array(action.getId().toLowerCase(),this.actions); 99 }; 100/** 101 * @param {Yii.CAction} controller the action 102 * @returns {Boolean} whether the rule applies to the action 103 */ 104Yii.CAccessRule.prototype.isControllerMatched = function (controller) { 105 return php.empty(this.controllers) || php.in_array(controller.getId().toLowerCase(),this.controllers); 106 }; 107/** 108 * @param {IWebUser} user the user 109 * @returns {Boolean} whether the rule applies to the user 110 */ 111Yii.CAccessRule.prototype.isUserMatched = function (user) { 112 var i, u; 113 if(php.empty(this.users)) { 114 return true; 115 } 116 for (i in this.users) 117 { 118 if (this.users.hasOwnProperty(i)) { 119 u = this.users[i]; 120 if(u==='*') { 121 return true; 122 } 123 else if(u==='?' && user.getIsGuest()) { 124 return true; 125 } 126 else if(u==='@' && !user.getIsGuest()) { 127 return true; 128 } 129 else if(!php.strcasecmp(u,user.getName())) { 130 return true; 131 } 132 } 133 } 134 return false; 135 }; 136/** 137 * @param {IWebUser} user the user object 138 * @returns {Boolean} whether the rule applies to the role 139 */ 140Yii.CAccessRule.prototype.isRoleMatched = function (user) { 141 var i, role; 142 if(php.empty(this.roles)) { 143 return true; 144 } 145 for (i in this.roles) 146 { 147 if (this.roles.hasOwnProperty(i)) { 148 role = this.roles[i]; 149 if(user.checkAccess(role)) { 150 return true; 151 } 152 } 153 } 154 return false; 155 }; 156/** 157 * @param {String} ip the IP address 158 * @returns {Boolean} whether the rule applies to the IP address 159 */ 160Yii.CAccessRule.prototype.isIpMatched = function (ip) { 161 var i, rule, pos; 162 if(php.empty(this.ips)) { 163 return true; 164 } 165 for (i in this.ips) 166 { 167 if (this.ips.hasOwnProperty(i)) { 168 rule = this.ips[i]; 169 if(rule==='*' || rule===ip || ((pos=php.strpos(rule,'*'))!==false && !php.strncmp(ip,rule,pos))) { 170 return true; 171 } 172 } 173 } 174 return false; 175 }; 176/** 177 * @param {String} verb the request method 178 * @returns {Boolean} whether the rule applies to the request 179 */ 180Yii.CAccessRule.prototype.isVerbMatched = function (verb) { 181 return php.empty(this.verbs) || php.in_array(verb.toLowerCase(),this.verbs); 182 }; 183/** 184 * @param {IWebUser} user the user 185 * @returns {Boolean} the expression value. True if the expression is not specified. 186 * @since 1.0.3 187 */ 188Yii.CAccessRule.prototype.isExpressionMatched = function (user) { 189 if(this.expression===null) { 190 return true; 191 } 192 else { 193 return this.evaluateExpression(this.expression, {'user':user}); 194 } 195 };