1: <?php
2: /**
3: *
4: *
5: * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
6: * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
7: *
8: * Licensed under The MIT License
9: * For full copyright and license information, please see the LICENSE.txt
10: * Redistributions of files must retain the above copyright notice.
11: *
12: * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
13: * @link http://cakephp.org CakePHP(tm) Project
14: * @license http://www.opensource.org/licenses/mit-license.php MIT License
15: */
16:
17: App::uses('Hash', 'Utility');
18:
19: /**
20: * Abstract base authorization adapter for AuthComponent.
21: *
22: * @package Cake.Controller.Component.Auth
23: * @since 2.0
24: * @see AuthComponent::$authenticate
25: */
26: abstract class BaseAuthorize {
27:
28: /**
29: * Controller for the request.
30: *
31: * @var Controller
32: */
33: protected $_Controller = null;
34:
35: /**
36: * Component collection instance for getting more components.
37: *
38: * @var ComponentCollection
39: */
40: protected $_Collection;
41:
42: /**
43: * Settings for authorize objects.
44: *
45: * - `actionPath` - The path to ACO nodes that contains the nodes for controllers. Used as a prefix
46: * when calling $this->action();
47: * - `actionMap` - Action -> crud mappings. Used by authorization objects that want to map actions to CRUD roles.
48: * - `userModel` - Model name that ARO records can be found under. Defaults to 'User'.
49: *
50: * @var array
51: */
52: public $settings = array(
53: 'actionPath' => null,
54: 'actionMap' => array(
55: 'index' => 'read',
56: 'add' => 'create',
57: 'edit' => 'update',
58: 'view' => 'read',
59: 'delete' => 'delete',
60: 'remove' => 'delete'
61: ),
62: 'userModel' => 'User'
63: );
64:
65: /**
66: * Constructor
67: *
68: * @param ComponentCollection $collection The controller for this request.
69: * @param string $settings An array of settings. This class does not use any settings.
70: */
71: public function __construct(ComponentCollection $collection, $settings = array()) {
72: $this->_Collection = $collection;
73: $controller = $collection->getController();
74: $this->controller($controller);
75: $this->settings = Hash::merge($this->settings, $settings);
76: }
77:
78: /**
79: * Checks user authorization.
80: *
81: * @param array $user Active user data
82: * @param CakeRequest $request
83: * @return boolean
84: */
85: abstract public function authorize($user, CakeRequest $request);
86:
87: /**
88: * Accessor to the controller object.
89: *
90: * @param Controller $controller null to get, a controller to set.
91: * @return mixed
92: * @throws CakeException
93: */
94: public function controller(Controller $controller = null) {
95: if ($controller) {
96: if (!$controller instanceof Controller) {
97: throw new CakeException(__d('cake_dev', '$controller needs to be an instance of Controller'));
98: }
99: $this->_Controller = $controller;
100: return true;
101: }
102: return $this->_Controller;
103: }
104:
105: /**
106: * Get the action path for a given request. Primarily used by authorize objects
107: * that need to get information about the plugin, controller, and action being invoked.
108: *
109: * @param CakeRequest $request The request a path is needed for.
110: * @param string $path
111: * @return string the action path for the given request.
112: */
113: public function action(CakeRequest $request, $path = '/:plugin/:controller/:action') {
114: $plugin = empty($request['plugin']) ? null : Inflector::camelize($request['plugin']) . '/';
115: $path = str_replace(
116: array(':controller', ':action', ':plugin/'),
117: array(Inflector::camelize($request['controller']), $request['action'], $plugin),
118: $this->settings['actionPath'] . $path
119: );
120: $path = str_replace('//', '/', $path);
121: return trim($path, '/');
122: }
123:
124: /**
125: * Maps crud actions to actual action names. Used to modify or get the current mapped actions.
126: *
127: * Create additional mappings for a standard CRUD operation:
128: *
129: * {{{
130: * $this->Auth->mapActions(array('create' => array('add', 'register'));
131: * }}}
132: *
133: * Or equivalently:
134: *
135: * {{{
136: * $this->Auth->mapActions(array('register' => 'create', 'add' => 'create'));
137: * }}}
138: *
139: * Create mappings for custom CRUD operations:
140: *
141: * {{{
142: * $this->Auth->mapActions(array('range' => 'search'));
143: * }}}
144: *
145: * You can use the custom CRUD operations to create additional generic permissions
146: * that behave like CRUD operations. Doing this will require additional columns on the
147: * permissions lookup. For example if one wanted an additional search CRUD operation
148: * one would create and additional column '_search' in the aros_acos table. One could
149: * create a custom admin CRUD operation for administration functions similarly if needed.
150: *
151: * @param array $map Either an array of mappings, or undefined to get current values.
152: * @return mixed Either the current mappings or null when setting.
153: * @see AuthComponent::mapActions()
154: */
155: public function mapActions($map = array()) {
156: if (empty($map)) {
157: return $this->settings['actionMap'];
158: }
159: foreach ($map as $action => $type) {
160: if (is_array($type)) {
161: foreach ($type as $typedAction) {
162: $this->settings['actionMap'][$typedAction] = $action;
163: }
164: } else {
165: $this->settings['actionMap'][$action] = $type;
166: }
167: }
168: }
169:
170: }
171: