1: <?php
2: /**
3: * CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
4: * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
5: *
6: * Licensed under The MIT License
7: * For full copyright and license information, please see the LICENSE.txt
8: * Redistributions of files must retain the above copyright notice.
9: *
10: * @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
11: * @link https://cakephp.org CakePHP(tm) Project
12: * @package Cake.Controller.Component.Acl
13: * @since CakePHP(tm) v 0.10.0.1076
14: * @license https://opensource.org/licenses/mit-license.php MIT License
15: */
16:
17: App::uses('AclInterface', 'Controller/Component/Acl');
18:
19: /**
20: * IniAcl implements an access control system using an INI file. An example
21: * of the ini file used can be found in /config/acl.ini.php.
22: *
23: * @package Cake.Controller.Component.Acl
24: */
25: class IniAcl extends CakeObject implements AclInterface {
26:
27: /**
28: * Array with configuration, parsed from ini file
29: *
30: * @var array
31: */
32: public $config = null;
33:
34: /**
35: * The Hash::extract() path to the user/aro identifier in the
36: * acl.ini file. This path will be used to extract the string
37: * representation of a user used in the ini file.
38: *
39: * @var string
40: */
41: public $userPath = 'User.username';
42:
43: /**
44: * Initialize method
45: *
46: * @param Component $component The AclComponent instance.
47: * @return void
48: */
49: public function initialize(Component $component) {
50: }
51:
52: /**
53: * No op method, allow cannot be done with IniAcl
54: *
55: * @param string $aro ARO The requesting object identifier.
56: * @param string $aco ACO The controlled object identifier.
57: * @param string $action Action (defaults to *)
58: * @return bool Success
59: */
60: public function allow($aro, $aco, $action = "*") {
61: }
62:
63: /**
64: * No op method, deny cannot be done with IniAcl
65: *
66: * @param string $aro ARO The requesting object identifier.
67: * @param string $aco ACO The controlled object identifier.
68: * @param string $action Action (defaults to *)
69: * @return bool Success
70: */
71: public function deny($aro, $aco, $action = "*") {
72: }
73:
74: /**
75: * No op method, inherit cannot be done with IniAcl
76: *
77: * @param string $aro ARO The requesting object identifier.
78: * @param string $aco ACO The controlled object identifier.
79: * @param string $action Action (defaults to *)
80: * @return bool Success
81: */
82: public function inherit($aro, $aco, $action = "*") {
83: }
84:
85: /**
86: * Main ACL check function. Checks to see if the ARO (access request object) has access to the
87: * ACO (access control object).Looks at the acl.ini.php file for permissions
88: * (see instructions in /config/acl.ini.php).
89: *
90: * @param string $aro ARO
91: * @param string $aco ACO
92: * @param string $action Action
93: * @return bool Success
94: */
95: public function check($aro, $aco, $action = null) {
96: if (!$this->config) {
97: $this->config = $this->readConfigFile(CONFIG . 'acl.ini.php');
98: }
99: $aclConfig = $this->config;
100:
101: if (is_array($aro)) {
102: $aro = Hash::get($aro, $this->userPath);
103: }
104:
105: if (isset($aclConfig[$aro]['deny'])) {
106: $userDenies = $this->arrayTrim(explode(",", $aclConfig[$aro]['deny']));
107:
108: if (array_search($aco, $userDenies)) {
109: return false;
110: }
111: }
112:
113: if (isset($aclConfig[$aro]['allow'])) {
114: $userAllows = $this->arrayTrim(explode(",", $aclConfig[$aro]['allow']));
115:
116: if (array_search($aco, $userAllows)) {
117: return true;
118: }
119: }
120:
121: if (isset($aclConfig[$aro]['groups'])) {
122: $userGroups = $this->arrayTrim(explode(",", $aclConfig[$aro]['groups']));
123:
124: foreach ($userGroups as $group) {
125: if (array_key_exists($group, $aclConfig)) {
126: if (isset($aclConfig[$group]['deny'])) {
127: $groupDenies = $this->arrayTrim(explode(",", $aclConfig[$group]['deny']));
128:
129: if (array_search($aco, $groupDenies)) {
130: return false;
131: }
132: }
133:
134: if (isset($aclConfig[$group]['allow'])) {
135: $groupAllows = $this->arrayTrim(explode(",", $aclConfig[$group]['allow']));
136:
137: if (array_search($aco, $groupAllows)) {
138: return true;
139: }
140: }
141: }
142: }
143: }
144: return false;
145: }
146:
147: /**
148: * Parses an INI file and returns an array that reflects the
149: * INI file's section structure. Double-quote friendly.
150: *
151: * @param string $filename File
152: * @return array INI section structure
153: */
154: public function readConfigFile($filename) {
155: App::uses('IniReader', 'Configure');
156: $iniFile = new IniReader(dirname($filename) . DS);
157: return $iniFile->read(basename($filename));
158: }
159:
160: /**
161: * Removes trailing spaces on all array elements (to prepare for searching)
162: *
163: * @param array $array Array to trim
164: * @return array Trimmed array
165: */
166: public function arrayTrim($array) {
167: foreach ($array as $key => $value) {
168: $array[$key] = trim($value);
169: }
170: array_unshift($array, "");
171: return $array;
172: }
173:
174: }
175: