1: <?php
  2: /**
  3:  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
  4:  * Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
  5:  *
  6:  * Licensed under The MIT License
  7:  * Redistributions of files must retain the above copyright notice.
  8:  *
  9:  * @copyright     Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
 10:  * @link          http://cakephp.org CakePHP(tm) Project
 11:  * @package       Cake.Controller.Component
 12:  * @since         CakePHP(tm) v 0.10.0.1076
 13:  * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
 14:  */
 15: App::uses('Component', 'Controller');
 16: App::uses('AclInterface', 'Controller/Component/Acl');
 17: 
 18: /**
 19:  * Access Control List factory class.
 20:  *
 21:  * Uses a strategy pattern to allow custom ACL implementations to be used with the same component interface.
 22:  * You can define by changing `Configure::write('Acl.classname', 'DbAcl');` in your core.php. Concrete ACL
 23:  * implementations should extend `AclBase` and implement the methods it defines.
 24:  *
 25:  * @package       Cake.Controller.Component
 26:  * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html
 27:  */
 28: class AclComponent extends Component {
 29: 
 30: /**
 31:  * Instance of an ACL class
 32:  *
 33:  * @var AclInterface
 34:  */
 35:     protected $_Instance = null;
 36: 
 37: /**
 38:  * Aro object.
 39:  *
 40:  * @var string
 41:  */
 42:     public $Aro;
 43: 
 44: /**
 45:  * Aco object
 46:  *
 47:  * @var string
 48:  */
 49:     public $Aco;
 50: 
 51: /**
 52:  * Constructor. Will return an instance of the correct ACL class as defined in `Configure::read('Acl.classname')`
 53:  *
 54:  * @param ComponentCollection $collection
 55:  * @param array $settings
 56:  * @throws CakeException when Acl.classname could not be loaded.
 57:  */
 58:     public function __construct(ComponentCollection $collection, $settings = array()) {
 59:         parent::__construct($collection, $settings);
 60:         $name = Configure::read('Acl.classname');
 61:         if (!class_exists($name)) {
 62:             list($plugin, $name) = pluginSplit($name, true);
 63:             App::uses($name, $plugin . 'Controller/Component/Acl');
 64:             if (!class_exists($name)) {
 65:                 throw new CakeException(__d('cake_dev', 'Could not find %s.', $name));
 66:             }
 67:         }
 68:         $this->adapter($name);
 69:     }
 70: 
 71: /**
 72:  * Sets or gets the Adapter object currently in the AclComponent.
 73:  *
 74:  * `$this->Acl->adapter();` will get the current adapter class while
 75:  * `$this->Acl->adapter($obj);` will set the adapter class
 76:  *
 77:  * Will call the initialize method on the adapter if setting a new one.
 78:  *
 79:  * @param AclInterface|string $adapter Instance of AclInterface or a string name of the class to use. (optional)
 80:  * @return AclInterface|void either null, or the adapter implementation.
 81:  * @throws CakeException when the given class is not an instance of AclInterface
 82:  */
 83:     public function adapter($adapter = null) {
 84:         if ($adapter) {
 85:             if (is_string($adapter)) {
 86:                 $adapter = new $adapter();
 87:             }
 88:             if (!$adapter instanceof AclInterface) {
 89:                 throw new CakeException(__d('cake_dev', 'AclComponent adapters must implement AclInterface'));
 90:             }
 91:             $this->_Instance = $adapter;
 92:             $this->_Instance->initialize($this);
 93:             return;
 94:         }
 95:         return $this->_Instance;
 96:     }
 97: 
 98: /**
 99:  * Pass-thru function for ACL check instance.  Check methods
100:  * are used to check whether or not an ARO can access an ACO
101:  *
102:  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
103:  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
104:  * @param string $action Action (defaults to *)
105:  * @return boolean Success
106:  */
107:     public function check($aro, $aco, $action = "*") {
108:         return $this->_Instance->check($aro, $aco, $action);
109:     }
110: 
111: /**
112:  * Pass-thru function for ACL allow instance. Allow methods
113:  * are used to grant an ARO access to an ACO.
114:  *
115:  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
116:  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
117:  * @param string $action Action (defaults to *)
118:  * @return boolean Success
119:  */
120:     public function allow($aro, $aco, $action = "*") {
121:         return $this->_Instance->allow($aro, $aco, $action);
122:     }
123: 
124: /**
125:  * Pass-thru function for ACL deny instance. Deny methods
126:  * are used to remove permission from an ARO to access an ACO.
127:  *
128:  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
129:  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
130:  * @param string $action Action (defaults to *)
131:  * @return boolean Success
132:  */
133:     public function deny($aro, $aco, $action = "*") {
134:         return $this->_Instance->deny($aro, $aco, $action);
135:     }
136: 
137: /**
138:  * Pass-thru function for ACL inherit instance. Inherit methods
139:  * modify the permission for an ARO to be that of its parent object.
140:  *
141:  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
142:  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
143:  * @param string $action Action (defaults to *)
144:  * @return boolean Success
145:  */
146:     public function inherit($aro, $aco, $action = "*") {
147:         return $this->_Instance->inherit($aro, $aco, $action);
148:     }
149: 
150: /**
151:  * Pass-thru function for ACL grant instance. An alias for AclComponent::allow()
152:  *
153:  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
154:  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
155:  * @param string $action Action (defaults to *)
156:  * @return boolean Success
157:  * @deprecated
158:  */
159:     public function grant($aro, $aco, $action = "*") {
160:         trigger_error(__d('cake_dev', 'AclComponent::grant() is deprecated, use allow() instead'), E_USER_WARNING);
161:         return $this->_Instance->allow($aro, $aco, $action);
162:     }
163: 
164: /**
165:  * Pass-thru function for ACL grant instance. An alias for AclComponent::deny()
166:  *
167:  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
168:  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
169:  * @param string $action Action (defaults to *)
170:  * @return boolean Success
171:  * @deprecated
172:  */
173:     public function revoke($aro, $aco, $action = "*") {
174:         trigger_error(__d('cake_dev', 'AclComponent::revoke() is deprecated, use deny() instead'), E_USER_WARNING);
175:         return $this->_Instance->deny($aro, $aco, $action);
176:     }
177: 
178: }
179: