/lib/Cake/Controller/Component/AclComponent.php

https://github.com/kunit/cakephp · PHP · 180 lines · 54 code · 14 blank · 112 comment · 5 complexity · e4abd4ad2e5c59fe30553993ada14f1f MD5 · raw file 

    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
    4. 

  4.  * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
    5. 

  5.  *
    6. 

  6.  * Licensed under The MIT License
    7. 

  7.  * For full copyright and license information, please see the LICENSE.txt
    8. 

  8.  * Redistributions of files must retain the above copyright notice.
    9. 

  9.  *
    10. 

  10.  * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
    11. 

  11.  * @link          http://cakephp.org CakePHP(tm) Project
    12. 

  12.  * @package       Cake.Controller.Component
    13. 

  13.  * @since         CakePHP(tm) v 0.10.0.1076
    14. 

  14.  * @license       http://www.opensource.org/licenses/mit-license.php MIT License
    15. 

  15.  */
    16. 

  16. 

  17. App::uses('Component', 'Controller');
    18. 

  18. App::uses('AclInterface', 'Controller/Component/Acl');
    19. 

  19. 

  20. /**
    21. 

  21.  * Access Control List factory class.
    22. 

  22.  *
    23. 

  23.  * Uses a strategy pattern to allow custom ACL implementations to be used with the same component interface.
    24. 

  24.  * You can define by changing `Configure::write('Acl.classname', 'DbAcl');` in your core.php. Concrete ACL
    25. 

  25.  * implementations should extend `AclBase` and implement the methods it defines.
    26. 

  26.  *
    27. 

  27.  * @package       Cake.Controller.Component
    28. 

  28.  * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html
    29. 

  29.  */
    30. 

  30. class AclComponent extends Component {
    31. 

  31. 

  32. /**
    33. 

  33.  * Instance of an ACL class
    34. 

  34.  *
    35. 

  35.  * @var AclInterface
    36. 

  36.  */
    37. 

  37. 	protected $_Instance = null;
    38. 

  38. 

  39. /**
    40. 

  40.  * Aro object.
    41. 

  41.  *
    42. 

  42.  * @var string
    43. 

  43.  */
    44. 

  44. 	public $Aro;
    45. 

  45. 

  46. /**
    47. 

  47.  * Aco object
    48. 

  48.  *
    49. 

  49.  * @var string
    50. 

  50.  */
    51. 

  51. 	public $Aco;
    52. 

  52. 

  53. /**
    54. 

  54.  * Constructor. Will return an instance of the correct ACL class as defined in `Configure::read('Acl.classname')`
    55. 

  55.  *
    56. 

  56.  * @param ComponentCollection $collection
    57. 

  57.  * @param array $settings
    58. 

  58.  * @throws CakeException when Acl.classname could not be loaded.
    59. 

  59.  */
    60. 

  60. 	public function __construct(ComponentCollection $collection, $settings = array()) {
    61. 

  61. 		parent::__construct($collection, $settings);
    62. 

  62. 		$name = Configure::read('Acl.classname');
    63. 

  63. 		if (!class_exists($name)) {
    64. 

  64. 			list($plugin, $name) = pluginSplit($name, true);
    65. 

  65. 			App::uses($name, $plugin . 'Controller/Component/Acl');
    66. 

  66. 			if (!class_exists($name)) {
    67. 

  67. 				throw new CakeException(__d('cake_dev', 'Could not find %s.', $name));
    68. 

  68. 			}
    69. 

  69. 		}
    70. 

  70. 		$this->adapter($name);
    71. 

  71. 	}
    72. 

  72. 

  73. /**
    74. 

  74.  * Sets or gets the Adapter object currently in the AclComponent.
    75. 

  75.  *
    76. 

  76.  * `$this->Acl->adapter();` will get the current adapter class while
    77. 

  77.  * `$this->Acl->adapter($obj);` will set the adapter class
    78. 

  78.  *
    79. 

  79.  * Will call the initialize method on the adapter if setting a new one.
    80. 

  80.  *
    81. 

  81.  * @param AclInterface|string $adapter Instance of AclInterface or a string name of the class to use. (optional)
    82. 

  82.  * @return AclInterface|void either null, or the adapter implementation.
    83. 

  83.  * @throws CakeException when the given class is not an instance of AclInterface
    84. 

  84.  */
    85. 

  85. 	public function adapter($adapter = null) {
    86. 

  86. 		if ($adapter) {
    87. 

  87. 			if (is_string($adapter)) {
    88. 

  88. 				$adapter = new $adapter();
    89. 

  89. 			}
    90. 

  90. 			if (!$adapter instanceof AclInterface) {
    91. 

  91. 				throw new CakeException(__d('cake_dev', 'AclComponent adapters must implement AclInterface'));
    92. 

  92. 			}
    93. 

  93. 			$this->_Instance = $adapter;
    94. 

  94. 			$this->_Instance->initialize($this);
    95. 

  95. 			return;
    96. 

  96. 		}
    97. 

  97. 		return $this->_Instance;
    98. 

  98. 	}
    99. 

  99. 

  100. /**
    101. 

  101.  * Pass-thru function for ACL check instance. Check methods
    102. 

  102.  * are used to check whether or not an ARO can access an ACO
    103. 

  103.  *
    104. 

  104.  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
    105. 

  105.  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
    106. 

  106.  * @param string $action Action (defaults to *)
    107. 

  107.  * @return boolean Success
    108. 

  108.  */
    109. 

  109. 	public function check($aro, $aco, $action = "*") {
    110. 

  110. 		return $this->_Instance->check($aro, $aco, $action);
    111. 

  111. 	}
    112. 

  112. 

  113. /**
    114. 

  114.  * Pass-thru function for ACL allow instance. Allow methods
    115. 

  115.  * are used to grant an ARO access to an ACO.
    116. 

  116.  *
    117. 

  117.  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
    118. 

  118.  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
    119. 

  119.  * @param string $action Action (defaults to *)
    120. 

  120.  * @return boolean Success
    121. 

  121.  */
    122. 

  122. 	public function allow($aro, $aco, $action = "*") {
    123. 

  123. 		return $this->_Instance->allow($aro, $aco, $action);
    124. 

  124. 	}
    125. 

  125. 

  126. /**
    127. 

  127.  * Pass-thru function for ACL deny instance. Deny methods
    128. 

  128.  * are used to remove permission from an ARO to access an ACO.
    129. 

  129.  *
    130. 

  130.  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
    131. 

  131.  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
    132. 

  132.  * @param string $action Action (defaults to *)
    133. 

  133.  * @return boolean Success
    134. 

  134.  */
    135. 

  135. 	public function deny($aro, $aco, $action = "*") {
    136. 

  136. 		return $this->_Instance->deny($aro, $aco, $action);
    137. 

  137. 	}
    138. 

  138. 

  139. /**
    140. 

  140.  * Pass-thru function for ACL inherit instance. Inherit methods
    141. 

  141.  * modify the permission for an ARO to be that of its parent object.
    142. 

  142.  *
    143. 

  143.  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
    144. 

  144.  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
    145. 

  145.  * @param string $action Action (defaults to *)
    146. 

  146.  * @return boolean Success
    147. 

  147.  */
    148. 

  148. 	public function inherit($aro, $aco, $action = "*") {
    149. 

  149. 		return $this->_Instance->inherit($aro, $aco, $action);
    150. 

  150. 	}
    151. 

  151. 

  152. /**
    153. 

  153.  * Pass-thru function for ACL grant instance. An alias for AclComponent::allow()
    154. 

  154.  *
    155. 

  155.  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
    156. 

  156.  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
    157. 

  157.  * @param string $action Action (defaults to *)
    158. 

  158.  * @return boolean Success
    159. 

  159.  * @deprecated
    160. 

  160.  */
    161. 

  161. 	public function grant($aro, $aco, $action = "*") {
    162. 

  162. 		trigger_error(__d('cake_dev', 'AclComponent::grant() is deprecated, use allow() instead'), E_USER_WARNING);
    163. 

  163. 		return $this->_Instance->allow($aro, $aco, $action);
    164. 

  164. 	}
    165. 

  165. 

  166. /**
    167. 

  167.  * Pass-thru function for ACL grant instance. An alias for AclComponent::deny()
    168. 

  168.  *
    169. 

  169.  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
    170. 

  170.  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
    171. 

  171.  * @param string $action Action (defaults to *)
    172. 

  172.  * @return boolean Success
    173. 

  173.  * @deprecated
    174. 

  174.  */
    175. 

  175. 	public function revoke($aro, $aco, $action = "*") {
    176. 

  176. 		trigger_error(__d('cake_dev', 'AclComponent::revoke() is deprecated, use deny() instead'), E_USER_WARNING);
    177. 

  177. 		return $this->_Instance->deny($aro, $aco, $action);
    178. 

  178. 	}
    179. 

  179. 

  180. }
    181.