1: <?php
  2: /**
  3:  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
  4:  * Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
  5:  *
  6:  * Licensed under The MIT License
  7:  * Redistributions of files must retain the above copyright notice.
  8:  *
  9:  * @copyright     Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
 10:  * @link          http://cakephp.org CakePHP(tm) Project
 11:  * @package       Cake.Controller.Component
 12:  * @since         CakePHP(tm) v 0.10.0.1076
 13:  * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
 14:  */
 15: App::uses('Component', 'Controller');
 16: App::uses('AclInterface', 'Controller/Component/Acl');
 17: 
 18: /**
 19:  * Access Control List factory class.
 20:  *
 21:  * Uses a strategy pattern to allow custom ACL implementations to be used with the same component interface.
 22:  * You can define by changing `Configure::write('Acl.classname', 'DbAcl');` in your core.php. Concrete ACL
 23:  * implementations should extend `AclBase` and implement the methods it defines.
 24:  *
 25:  * @package       Cake.Controller.Component
 26:  * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html
 27:  */
 28: class AclComponent extends Component {
 29: 
 30: /**
 31:  * Instance of an ACL class
 32:  *
 33:  * @var AclInterface
 34:  */
 35:     protected $_Instance = null;
 36: 
 37: /**
 38:  * Aro object.
 39:  *
 40:  * @var string
 41:  */
 42:     public $Aro;
 43: 
 44: /**
 45:  * Aco object
 46:  *
 47:  * @var string
 48:  */
 49:     public $Aco;
 50: 
 51: /**
 52:  * Constructor. Will return an instance of the correct ACL class as defined in `Configure::read('Acl.classname')`
 53:  *
 54:  * @param ComponentCollection $collection
 55:  * @param array $settings
 56:  * @throws CakeException when Acl.classname could not be loaded.
 57:  */
 58:     public function __construct(ComponentCollection $collection, $settings = array()) {
 59:         parent::__construct($collection, $settings);
 60:         $name = Configure::read('Acl.classname');
 61:         if (!class_exists($name)) {
 62:             list($plugin, $name) = pluginSplit($name, true);
 63:             App::uses($name . 'Component', $plugin . 'Controller/Component');
 64:             App::uses($name, 'Controller/Component/Acl');
 65:             if (class_exists($name . 'Component')) {
 66:                 $name .= 'Component';
 67:             } elseif (!class_exists($name)) {
 68:                 throw new CakeException(__d('cake_dev', 'Could not find %s.', $name));
 69:             }
 70:         }
 71:         $this->adapter($name);
 72:     }
 73: 
 74: /**
 75:  * Sets or gets the Adapter object currently in the AclComponent.
 76:  *
 77:  * `$this->Acl->adapter();` will get the current adapter class while
 78:  * `$this->Acl->adapter($obj);` will set the adapter class
 79:  *
 80:  * Will call the initialize method on the adapter if setting a new one.
 81:  *
 82:  * @param mixed $adapter Instance of AclInterface or a string name of the class to use. (optional)
 83:  * @return mixed either null, or the adapter implementation.
 84:  * @throws CakeException when the given class is not an instance of AclInterface
 85:  */
 86:     public function adapter($adapter = null) {
 87:         if ($adapter) {
 88:             if (is_string($adapter)) {
 89:                 $adapter = new $adapter();
 90:             }
 91:             if (!$adapter instanceof AclInterface) {
 92:                 throw new CakeException(__d('cake_dev', 'AclComponent adapters must implement AclInterface'));
 93:             }
 94:             $this->_Instance = $adapter;
 95:             $this->_Instance->initialize($this);
 96:             return;
 97:         }
 98:         return $this->_Instance;
 99:     }
100: 
101: /**
102:  * Pass-thru function for ACL check instance.  Check methods
103:  * are used to check whether or not an ARO can access an ACO
104:  *
105:  * @param mixed $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
106:  * @param mixed $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
107:  * @param string $action Action (defaults to *)
108:  * @return boolean Success
109:  */
110:     public function check($aro, $aco, $action = "*") {
111:         return $this->_Instance->check($aro, $aco, $action);
112:     }
113: 
114: /**
115:  * Pass-thru function for ACL allow instance. Allow methods
116:  * are used to grant an ARO access to an ACO.
117:  *
118:  * @param mixed $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
119:  * @param mixed $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
120:  * @param string $action Action (defaults to *)
121:  * @return boolean Success
122:  */
123:     public function allow($aro, $aco, $action = "*") {
124:         return $this->_Instance->allow($aro, $aco, $action);
125:     }
126: 
127: /**
128:  * Pass-thru function for ACL deny instance. Deny methods
129:  * are used to remove permission from an ARO to access an ACO.
130:  *
131:  * @param mixed $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
132:  * @param mixed $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
133:  * @param string $action Action (defaults to *)
134:  * @return boolean Success
135:  */
136:     public function deny($aro, $aco, $action = "*") {
137:         return $this->_Instance->deny($aro, $aco, $action);
138:     }
139: 
140: /**
141:  * Pass-thru function for ACL inherit instance. Inherit methods
142:  * modify the permission for an ARO to be that of its parent object.
143:  *
144:  * @param mixed $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
145:  * @param mixed $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
146:  * @param string $action Action (defaults to *)
147:  * @return boolean Success
148:  */
149:     public function inherit($aro, $aco, $action = "*") {
150:         return $this->_Instance->inherit($aro, $aco, $action);
151:     }
152: 
153: /**
154:  * Pass-thru function for ACL grant instance. An alias for AclComponent::allow()
155:  *
156:  * @param mixed $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
157:  * @param mixed $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
158:  * @param string $action Action (defaults to *)
159:  * @return boolean Success
160:  * @deprecated
161:  */
162:     public function grant($aro, $aco, $action = "*") {
163:         trigger_error(__d('cake_dev', 'AclComponent::grant() is deprecated, use allow() instead'), E_USER_WARNING);
164:         return $this->_Instance->allow($aro, $aco, $action);
165:     }
166: 
167: /**
168:  * Pass-thru function for ACL grant instance. An alias for AclComponent::deny()
169:  *
170:  * @param mixed $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
171:  * @param mixed $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
172:  * @param string $action Action (defaults to *)
173:  * @return boolean Success
174:  * @deprecated
175:  */
176:     public function revoke($aro, $aco, $action = "*") {
177:         trigger_error(__d('cake_dev', 'AclComponent::revoke() is deprecated, use deny() instead'), E_USER_WARNING);
178:         return $this->_Instance->deny($aro, $aco, $action);
179:     }
180: 
181: }
182: