1: <?php
  2: /**
  3:  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
  4:  * Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
  5:  *
  6:  * Licensed under The MIT License
  7:  * Redistributions of files must retain the above copyright notice.
  8:  *
  9:  * @copyright     Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
 10:  * @link          http://cakephp.org CakePHP(tm) Project
 11:  * @package       Cake.Controller.Component.Acl
 12:  * @since         CakePHP(tm) v 0.10.0.1076
 13:  * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
 14:  */
 15: App::uses('AclInterface', 'Controller/Component/Acl');
 16: App::uses('Hash', 'Utility');
 17: 
 18: /**
 19:  * DbAcl implements an ACL control system in the database.  ARO's and ACO's are
 20:  * structured into trees and a linking table is used to define permissions.  You
 21:  * can install the schema for DbAcl with the Schema Shell.
 22:  *
 23:  * `$aco` and `$aro` parameters can be slash delimited paths to tree nodes.
 24:  *
 25:  * eg. `controllers/Users/edit`
 26:  *
 27:  * Would point to a tree structure like
 28:  *
 29:  * {{{
 30:  *  controllers
 31:  *      Users
 32:  *          edit
 33:  * }}}
 34:  *
 35:  * @package       Cake.Controller.Component.Acl
 36:  */
 37: class DbAcl extends Object implements AclInterface {
 38: 
 39: /**
 40:  * Constructor
 41:  *
 42:  */
 43:     public function __construct() {
 44:         parent::__construct();
 45:         $this->Permission = ClassRegistry::init(array('class' => 'Permission', 'alias' => 'Permission'));
 46:         $this->Aro = $this->Permission->Aro;
 47:         $this->Aco = $this->Permission->Aco;
 48:     }
 49: 
 50: /**
 51:  * Initializes the containing component and sets the Aro/Aco objects to it.
 52:  *
 53:  * @param AclComponent $component
 54:  * @return void
 55:  */
 56:     public function initialize(Component $component) {
 57:         $component->Aro = $this->Aro;
 58:         $component->Aco = $this->Aco;
 59:     }
 60: 
 61: /**
 62:  * Checks if the given $aro has access to action $action in $aco
 63:  *
 64:  * @param string $aro ARO The requesting object identifier.
 65:  * @param string $aco ACO The controlled object identifier.
 66:  * @param string $action Action (defaults to *)
 67:  * @return boolean Success (true if ARO has access to action in ACO, false otherwise)
 68:  * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html#checking-permissions-the-acl-component
 69:  */
 70:     public function check($aro, $aco, $action = "*") {
 71:         return $this->Permission->check($aro, $aco, $action);
 72:     }
 73: 
 74: /**
 75:  * Allow $aro to have access to action $actions in $aco
 76:  *
 77:  * @param string $aro ARO The requesting object identifier.
 78:  * @param string $aco ACO The controlled object identifier.
 79:  * @param string $actions Action (defaults to *)
 80:  * @param integer $value Value to indicate access type (1 to give access, -1 to deny, 0 to inherit)
 81:  * @return boolean Success
 82:  * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html#assigning-permissions
 83:  */
 84:     public function allow($aro, $aco, $actions = "*", $value = 1) {
 85:         return $this->Permission->allow($aro, $aco, $actions, $value);
 86:     }
 87: 
 88: /**
 89:  * Deny access for $aro to action $action in $aco
 90:  *
 91:  * @param string $aro ARO The requesting object identifier.
 92:  * @param string $aco ACO The controlled object identifier.
 93:  * @param string $action Action (defaults to *)
 94:  * @return boolean Success
 95:  * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html#assigning-permissions
 96:  */
 97:     public function deny($aro, $aco, $action = "*") {
 98:         return $this->allow($aro, $aco, $action, -1);
 99:     }
100: 
101: /**
102:  * Let access for $aro to action $action in $aco be inherited
103:  *
104:  * @param string $aro ARO The requesting object identifier.
105:  * @param string $aco ACO The controlled object identifier.
106:  * @param string $action Action (defaults to *)
107:  * @return boolean Success
108:  */
109:     public function inherit($aro, $aco, $action = "*") {
110:         return $this->allow($aro, $aco, $action, 0);
111:     }
112: 
113: /**
114:  * Allow $aro to have access to action $actions in $aco
115:  *
116:  * @param string $aro ARO The requesting object identifier.
117:  * @param string $aco ACO The controlled object identifier.
118:  * @param string $action Action (defaults to *)
119:  * @return boolean Success
120:  * @see allow()
121:  */
122:     public function grant($aro, $aco, $action = "*") {
123:         return $this->allow($aro, $aco, $action);
124:     }
125: 
126: /**
127:  * Deny access for $aro to action $action in $aco
128:  *
129:  * @param string $aro ARO The requesting object identifier.
130:  * @param string $aco ACO The controlled object identifier.
131:  * @param string $action Action (defaults to *)
132:  * @return boolean Success
133:  * @see deny()
134:  */
135:     public function revoke($aro, $aco, $action = "*") {
136:         return $this->deny($aro, $aco, $action);
137:     }
138: 
139: /**
140:  * Get an array of access-control links between the given Aro and Aco
141:  *
142:  * @param string $aro ARO The requesting object identifier.
143:  * @param string $aco ACO The controlled object identifier.
144:  * @return array Indexed array with: 'aro', 'aco' and 'link'
145:  */
146:     public function getAclLink($aro, $aco) {
147:         return $this->Permission->getAclLink($aro, $aco);
148:     }
149: 
150: /**
151:  * Get the keys used in an ACO
152:  *
153:  * @param array $keys Permission model info
154:  * @return array ACO keys
155:  */
156:     protected function _getAcoKeys($keys) {
157:         return $this->Permission->getAcoKeys($keys);
158:     }
159: 
160: }
161: