1: <?php
  2: /**
  3:  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
  4:  * Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
  5:  *
  6:  * Licensed under The MIT License
  7:  * Redistributions of files must retain the above copyright notice.
  8:  *
  9:  * @copyright     Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
 10:  * @link          http://cakephp.org CakePHP(tm) Project
 11:  * @package       Cake.Controller.Component
 12:  * @since         CakePHP(tm) v 0.10.0.1076
 13:  * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
 14:  */
 15: App::uses('AclInterface', 'Controller/Component/Acl');
 16: 
 17: /**
 18:  * IniAcl implements an access control system using an INI file.  An example
 19:  * of the ini file used can be found in /config/acl.ini.php.
 20:  *
 21:  * @package       Cake.Controller.Component
 22:  */
 23: class IniAcl extends Object implements AclInterface {
 24: 
 25: /**
 26:  * Array with configuration, parsed from ini file
 27:  *
 28:  * @var array
 29:  */
 30:     public $config = null;
 31: 
 32: /**
 33:  * The Set::classicExtract() path to the user/aro identifier in the
 34:  * acl.ini file.  This path will be used to extract the string
 35:  * representation of a user used in the ini file.
 36:  *
 37:  * @var string
 38:  */
 39:     public $userPath = 'User.username';
 40: 
 41: /**
 42:  * Initialize method
 43:  *
 44:  * @param AclBase $component
 45:  * @return void
 46:  */
 47:     public function initialize(Component $component) {
 48:     }
 49: 
 50: /**
 51:  * No op method, allow cannot be done with IniAcl
 52:  *
 53:  * @param string $aro ARO The requesting object identifier.
 54:  * @param string $aco ACO The controlled object identifier.
 55:  * @param string $action Action (defaults to *)
 56:  * @return boolean Success
 57:  */
 58:     public function allow($aro, $aco, $action = "*") {
 59:     }
 60: 
 61: /**
 62:  * No op method, deny cannot be done with IniAcl
 63:  *
 64:  * @param string $aro ARO The requesting object identifier.
 65:  * @param string $aco ACO The controlled object identifier.
 66:  * @param string $action Action (defaults to *)
 67:  * @return boolean Success
 68:  */
 69:     public function deny($aro, $aco, $action = "*") {
 70:     }
 71: 
 72: /**
 73:  * No op method, inherit cannot be done with IniAcl
 74:  *
 75:  * @param string $aro ARO The requesting object identifier.
 76:  * @param string $aco ACO The controlled object identifier.
 77:  * @param string $action Action (defaults to *)
 78:  * @return boolean Success
 79:  */
 80:     public function inherit($aro, $aco, $action = "*") {
 81:     }
 82: 
 83: /**
 84:  * Main ACL check function. Checks to see if the ARO (access request object) has access to the
 85:  * ACO (access control object).Looks at the acl.ini.php file for permissions
 86:  * (see instructions in /config/acl.ini.php).
 87:  *
 88:  * @param string $aro ARO
 89:  * @param string $aco ACO
 90:  * @param string $action Action
 91:  * @return boolean Success
 92:  */
 93:     public function check($aro, $aco, $action = null) {
 94:         if ($this->config == null) {
 95:             $this->config = $this->readConfigFile(APP . 'Config' . DS . 'acl.ini.php');
 96:         }
 97:         $aclConfig = $this->config;
 98: 
 99:         if (is_array($aro)) {
100:             $aro = Set::classicExtract($aro, $this->userPath);
101:         }
102: 
103:         if (isset($aclConfig[$aro]['deny'])) {
104:             $userDenies = $this->arrayTrim(explode(",", $aclConfig[$aro]['deny']));
105: 
106:             if (array_search($aco, $userDenies)) {
107:                 return false;
108:             }
109:         }
110: 
111:         if (isset($aclConfig[$aro]['allow'])) {
112:             $userAllows = $this->arrayTrim(explode(",", $aclConfig[$aro]['allow']));
113: 
114:             if (array_search($aco, $userAllows)) {
115:                 return true;
116:             }
117:         }
118: 
119:         if (isset($aclConfig[$aro]['groups'])) {
120:             $userGroups = $this->arrayTrim(explode(",", $aclConfig[$aro]['groups']));
121: 
122:             foreach ($userGroups as $group) {
123:                 if (array_key_exists($group, $aclConfig)) {
124:                     if (isset($aclConfig[$group]['deny'])) {
125:                         $groupDenies = $this->arrayTrim(explode(",", $aclConfig[$group]['deny']));
126: 
127:                         if (array_search($aco, $groupDenies)) {
128:                             return false;
129:                         }
130:                     }
131: 
132:                     if (isset($aclConfig[$group]['allow'])) {
133:                         $groupAllows = $this->arrayTrim(explode(",", $aclConfig[$group]['allow']));
134: 
135:                         if (array_search($aco, $groupAllows)) {
136:                             return true;
137:                         }
138:                     }
139:                 }
140:             }
141:         }
142:         return false;
143:     }
144: 
145: /**
146:  * Parses an INI file and returns an array that reflects the 
147:  * INI file's section structure. Double-quote friendly.
148:  *
149:  * @param string $filename File
150:  * @return array INI section structure
151:  */
152:     public function readConfigFile($filename) {
153:         App::uses('IniReader', 'Configure');
154:         $iniFile = new IniReader(dirname($filename) . DS);
155:         return $iniFile->read(basename($filename));
156:     }
157: 
158: /**
159:  * Removes trailing spaces on all array elements (to prepare for searching)
160:  *
161:  * @param array $array Array to trim
162:  * @return array Trimmed array
163:  */
164:     public function arrayTrim($array) {
165:         foreach ($array as $key => $value) {
166:             $array[$key] = trim($value);
167:         }
168:         array_unshift($array, "");
169:         return $array;
170:     }
171: 
172: }
173: