1: <?php
2: /**
3: *
4: *
5: * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
6: * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
7: *
8: * Licensed under The MIT License
9: * For full copyright and license information, please see the LICENSE.txt
10: * Redistributions of files must retain the above copyright notice.
11: *
12: * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
13: * @link http://cakephp.org CakePHP(tm) Project
14: * @license http://www.opensource.org/licenses/mit-license.php MIT License
15: */
16:
17: App::uses('BaseAuthorize', 'Controller/Component/Auth');
18: App::uses('Router', 'Routing');
19:
20: /**
21: * An authorization adapter for AuthComponent. Provides the ability to authorize using CRUD mappings.
22: * CRUD mappings allow you to translate controller actions into *C*reate *R*ead *U*pdate *D*elete actions.
23: * This is then checked in the AclComponent as specific permissions.
24: *
25: * For example, taking `/posts/index` as the current request. The default mapping for `index`, is a `read` permission
26: * check. The Acl check would then be for the `posts` controller with the `read` permission. This allows you
27: * to create permission systems that focus more on what is being done to resources, rather than the specific actions
28: * being visited.
29: *
30: * @package Cake.Controller.Component.Auth
31: * @since 2.0
32: * @see AuthComponent::$authenticate
33: * @see AclComponent::check()
34: */
35: class CrudAuthorize extends BaseAuthorize {
36:
37: /**
38: * Sets up additional actionMap values that match the configured `Routing.prefixes`.
39: *
40: * @param ComponentCollection $collection The component collection from the controller.
41: * @param string $settings An array of settings. This class does not use any settings.
42: */
43: public function __construct(ComponentCollection $collection, $settings = array()) {
44: parent::__construct($collection, $settings);
45: $this->_setPrefixMappings();
46: }
47:
48: /**
49: * sets the crud mappings for prefix routes.
50: *
51: * @return void
52: */
53: protected function _setPrefixMappings() {
54: $crud = array('create', 'read', 'update', 'delete');
55: $map = array_combine($crud, $crud);
56:
57: $prefixes = Router::prefixes();
58: if (!empty($prefixes)) {
59: foreach ($prefixes as $prefix) {
60: $map = array_merge($map, array(
61: $prefix . '_index' => 'read',
62: $prefix . '_add' => 'create',
63: $prefix . '_edit' => 'update',
64: $prefix . '_view' => 'read',
65: $prefix . '_remove' => 'delete',
66: $prefix . '_create' => 'create',
67: $prefix . '_read' => 'read',
68: $prefix . '_update' => 'update',
69: $prefix . '_delete' => 'delete'
70: ));
71: }
72: }
73: $this->mapActions($map);
74: }
75:
76: /**
77: * Authorize a user using the mapped actions and the AclComponent.
78: *
79: * @param array $user The user to authorize
80: * @param CakeRequest $request The request needing authorization.
81: * @return boolean
82: */
83: public function authorize($user, CakeRequest $request) {
84: if (!isset($this->settings['actionMap'][$request->params['action']])) {
85: trigger_error(__d('cake_dev',
86: 'CrudAuthorize::authorize() - Attempted access of un-mapped action "%1$s" in controller "%2$s"',
87: $request->action,
88: $request->controller
89: ),
90: E_USER_WARNING
91: );
92: return false;
93: }
94: $user = array($this->settings['userModel'] => $user);
95: $Acl = $this->_Collection->load('Acl');
96: return $Acl->check(
97: $user,
98: $this->action($request, ':controller'),
99: $this->settings['actionMap'][$request->params['action']]
100: );
101: }
102:
103: }
104: