Cake/Controller/Component/AclComponent.php
| 1 | <?php |
|---|---|
| 2 | /** |
| 3 | * CakePHP(tm) : Rapid Development Framework (http://cakephp.org) |
| 4 | * Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org) |
| 5 | * |
| 6 | * Licensed under The MIT License |
| 7 | * Redistributions of files must retain the above copyright notice. |
| 8 | * |
| 9 | * @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org) |
| 10 | * @link http://cakephp.org CakePHP(tm) Project |
| 11 | * @package Cake.Controller.Component |
| 12 | * @since CakePHP(tm) v 0.10.0.1076 |
| 13 | * @license MIT License (http://www.opensource.org/licenses/mit-license.php) |
| 14 | */ |
| 15 | App::uses('Component', 'Controller'); |
| 16 | App::uses('AclInterface', 'Controller/Component/Acl'); |
| 17 | |
| 18 | /** |
| 19 | * Access Control List factory class. |
| 20 | * |
| 21 | * Uses a strategy pattern to allow custom ACL implementations to be used with the same component interface. |
| 22 | * You can define by changing `Configure::write('Acl.classname', 'DbAcl');` in your core.php. Concrete ACL |
| 23 | * implementations should extend `AclBase` and implement the methods it defines. |
| 24 | * |
| 25 | * @package Cake.Controller.Component |
| 26 | * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html |
| 27 | */ |
| 28 | class AclComponent extends Component { |
| 29 | |
| 30 | /** |
| 31 | * Instance of an ACL class |
| 32 | * |
| 33 | * @var AclInterface |
| 34 | */ |
| 35 | protected $_Instance = null; |
| 36 | |
| 37 | /** |
| 38 | * Aro object. |
| 39 | * |
| 40 | * @var string |
| 41 | */ |
| 42 | public $Aro; |
| 43 | |
| 44 | /** |
| 45 | * Aco object |
| 46 | * |
| 47 | * @var string |
| 48 | */ |
| 49 | public $Aco; |
| 50 | |
| 51 | /** |
| 52 | * Constructor. Will return an instance of the correct ACL class as defined in `Configure::read('Acl.classname')` |
| 53 | * |
| 54 | * @param ComponentCollection $collection |
| 55 | * @param array $settings |
| 56 | * @throws CakeException when Acl.classname could not be loaded. |
| 57 | */ |
| 58 | public function __construct(ComponentCollection $collection, $settings = array()) { |
| 59 | parent::__construct($collection, $settings); |
| 60 | $name = Configure::read('Acl.classname'); |
| 61 | if (!class_exists($name)) { |
| 62 | list($plugin, $name) = pluginSplit($name, true); |
| 63 | App::uses($name . 'Component', $plugin . 'Controller/Component'); |
| 64 | App::uses($name, 'Controller/Component/Acl'); |
| 65 | if (class_exists($name . 'Component')) { |
| 66 | $name .= 'Component'; |
| 67 | } elseif (!class_exists($name)) { |
| 68 | throw new CakeException(__d('cake_dev', 'Could not find %s.', $name)); |
| 69 | } |
| 70 | } |
| 71 | $this->adapter($name); |
| 72 | } |
| 73 | |
| 74 | /** |
| 75 | * Sets or gets the Adapter object currently in the AclComponent. |
| 76 | * |
| 77 | * `$this->Acl->adapter();` will get the current adapter class while |
| 78 | * `$this->Acl->adapter($obj);` will set the adapter class |
| 79 | * |
| 80 | * Will call the initialize method on the adapter if setting a new one. |
| 81 | * |
| 82 | * @param mixed $adapter Instance of AclInterface or a string name of the class to use. (optional) |
| 83 | * @return mixed either null, or the adapter implementation. |
| 84 | * @throws CakeException when the given class is not an instance of AclInterface |
| 85 | */ |
| 86 | public function adapter($adapter = null) { |
| 87 | if ($adapter) { |
| 88 | if (is_string($adapter)) { |
| 89 | $adapter = new $adapter(); |
| 90 | } |
| 91 | if (!$adapter instanceof AclInterface) { |
| 92 | throw new CakeException(__d('cake_dev', 'AclComponent adapters must implement AclInterface')); |
| 93 | } |
| 94 | $this->_Instance = $adapter; |
| 95 | $this->_Instance->initialize($this); |
| 96 | return; |
| 97 | } |
| 98 | return $this->_Instance; |
| 99 | } |
| 100 | |
| 101 | /** |
| 102 | * Pass-thru function for ACL check instance. Check methods |
| 103 | * are used to check whether or not an ARO can access an ACO |
| 104 | * |
| 105 | * @param mixed $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats |
| 106 | * @param mixed $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats |
| 107 | * @param string $action Action (defaults to *) |
| 108 | * @return boolean Success |
| 109 | */ |
| 110 | public function check($aro, $aco, $action = "*") { |
| 111 | return $this->_Instance->check($aro, $aco, $action); |
| 112 | } |
| 113 | |
| 114 | /** |
| 115 | * Pass-thru function for ACL allow instance. Allow methods |
| 116 | * are used to grant an ARO access to an ACO. |
| 117 | * |
| 118 | * @param mixed $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats |
| 119 | * @param mixed $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats |
| 120 | * @param string $action Action (defaults to *) |
| 121 | * @return boolean Success |
| 122 | */ |
| 123 | public function allow($aro, $aco, $action = "*") { |
| 124 | return $this->_Instance->allow($aro, $aco, $action); |
| 125 | } |
| 126 | |
| 127 | /** |
| 128 | * Pass-thru function for ACL deny instance. Deny methods |
| 129 | * are used to remove permission from an ARO to access an ACO. |
| 130 | * |
| 131 | * @param mixed $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats |
| 132 | * @param mixed $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats |
| 133 | * @param string $action Action (defaults to *) |
| 134 | * @return boolean Success |
| 135 | */ |
| 136 | public function deny($aro, $aco, $action = "*") { |
| 137 | return $this->_Instance->deny($aro, $aco, $action); |
| 138 | } |
| 139 | |
| 140 | /** |
| 141 | * Pass-thru function for ACL inherit instance. Inherit methods |
| 142 | * modify the permission for an ARO to be that of its parent object. |
| 143 | * |
| 144 | * @param mixed $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats |
| 145 | * @param mixed $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats |
| 146 | * @param string $action Action (defaults to *) |
| 147 | * @return boolean Success |
| 148 | */ |
| 149 | public function inherit($aro, $aco, $action = "*") { |
| 150 | return $this->_Instance->inherit($aro, $aco, $action); |
| 151 | } |
| 152 | |
| 153 | /** |
| 154 | * Pass-thru function for ACL grant instance. An alias for AclComponent::allow() |
| 155 | * |
| 156 | * @param mixed $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats |
| 157 | * @param mixed $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats |
| 158 | * @param string $action Action (defaults to *) |
| 159 | * @return boolean Success |
| 160 | * @deprecated |
| 161 | */ |
| 162 | public function grant($aro, $aco, $action = "*") { |
| 163 | trigger_error(__d('cake_dev', 'AclComponent::grant() is deprecated, use allow() instead'), E_USER_WARNING); |
| 164 | return $this->_Instance->allow($aro, $aco, $action); |
| 165 | } |
| 166 | |
| 167 | /** |
| 168 | * Pass-thru function for ACL grant instance. An alias for AclComponent::deny() |
| 169 | * |
| 170 | * @param mixed $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats |
| 171 | * @param mixed $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats |
| 172 | * @param string $action Action (defaults to *) |
| 173 | * @return boolean Success |
| 174 | * @deprecated |
| 175 | */ |
| 176 | public function revoke($aro, $aco, $action = "*") { |
| 177 | trigger_error(__d('cake_dev', 'AclComponent::revoke() is deprecated, use deny() instead'), E_USER_WARNING); |
| 178 | return $this->_Instance->deny($aro, $aco, $action); |
| 179 | } |
| 180 | |
| 181 | } |
| 182 | |
| 183 |