1: <?php
2: /**
3: * PHP 5
4: *
5: * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
6: * Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org)
7: *
8: * Licensed under The MIT License
9: * Redistributions of files must retain the above copyright notice.
10: *
11: * @copyright Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org)
12: * @link http://cakephp.org CakePHP(tm) Project
13: * @license MIT License (http://www.opensource.org/licenses/mit-license.php)
14: */
15:
16: App::uses('BaseAuthorize', 'Controller/Component/Auth');
17: App::uses('Router', 'Routing');
18:
19: /**
20: * An authorization adapter for AuthComponent. Provides the ability to authorize using CRUD mappings.
21: * CRUD mappings allow you to translate controller actions into *C*reate *R*ead *U*pdate *D*elete actions.
22: * This is then checked in the AclComponent as specific permissions.
23: *
24: * For example, taking `/posts/index` as the current request. The default mapping for `index`, is a `read` permission
25: * check. The Acl check would then be for the `posts` controller with the `read` permission. This allows you
26: * to create permission systems that focus more on what is being done to resources, rather than the specific actions
27: * being visited.
28: *
29: * @package Cake.Controller.Component.Auth
30: * @since 2.0
31: * @see AuthComponent::$authenticate
32: * @see AclComponent::check()
33: */
34: class CrudAuthorize extends BaseAuthorize {
35:
36: /**
37: * Sets up additional actionMap values that match the configured `Routing.prefixes`.
38: *
39: * @param ComponentCollection $collection The component collection from the controller.
40: * @param string $settings An array of settings. This class does not use any settings.
41: */
42: public function __construct(ComponentCollection $collection, $settings = array()) {
43: parent::__construct($collection, $settings);
44: $this->_setPrefixMappings();
45: }
46:
47: /**
48: * sets the crud mappings for prefix routes.
49: *
50: * @return void
51: */
52: protected function _setPrefixMappings() {
53: $crud = array('create', 'read', 'update', 'delete');
54: $map = array_combine($crud, $crud);
55:
56: $prefixes = Router::prefixes();
57: if (!empty($prefixes)) {
58: foreach ($prefixes as $prefix) {
59: $map = array_merge($map, array(
60: $prefix . '_index' => 'read',
61: $prefix . '_add' => 'create',
62: $prefix . '_edit' => 'update',
63: $prefix . '_view' => 'read',
64: $prefix . '_remove' => 'delete',
65: $prefix . '_create' => 'create',
66: $prefix . '_read' => 'read',
67: $prefix . '_update' => 'update',
68: $prefix . '_delete' => 'delete'
69: ));
70: }
71: }
72: $this->mapActions($map);
73: }
74:
75: /**
76: * Authorize a user using the mapped actions and the AclComponent.
77: *
78: * @param array $user The user to authorize
79: * @param CakeRequest $request The request needing authorization.
80: * @return boolean
81: */
82: public function authorize($user, CakeRequest $request) {
83: if (!isset($this->settings['actionMap'][$request->params['action']])) {
84: trigger_error(__d('cake_dev',
85: 'CrudAuthorize::authorize() - Attempted access of un-mapped action "%1$s" in controller "%2$s"',
86: $request->action,
87: $request->controller
88: ),
89: E_USER_WARNING
90: );
91: return false;
92: }
93: $user = array($this->settings['userModel'] => $user);
94: $Acl = $this->_Collection->load('Acl');
95: return $Acl->check(
96: $user,
97: $this->action($request, ':controller'),
98: $this->settings['actionMap'][$request->params['action']]
99: );
100: }
101: }
102: