1: <?php
2: /**
3: * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
4: * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
5: *
6: * Licensed under The MIT License
7: * For full copyright and license information, please see the LICENSE.txt
8: * Redistributions of files must retain the above copyright notice.
9: *
10: * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
11: * @link http://cakephp.org CakePHP(tm) Project
12: * @package Cake.Controller.Component.Acl
13: * @since CakePHP(tm) v 0.10.0.1076
14: * @license http://www.opensource.org/licenses/mit-license.php MIT License
15: */
16:
17: App::uses('AclInterface', 'Controller/Component/Acl');
18: App::uses('Hash', 'Utility');
19: App::uses('ClassRegistry', 'Utility');
20:
21: /**
22: * DbAcl implements an ACL control system in the database. ARO's and ACO's are
23: * structured into trees and a linking table is used to define permissions. You
24: * can install the schema for DbAcl with the Schema Shell.
25: *
26: * `$aco` and `$aro` parameters can be slash delimited paths to tree nodes.
27: *
28: * eg. `controllers/Users/edit`
29: *
30: * Would point to a tree structure like
31: *
32: * {{{
33: * controllers
34: * Users
35: * edit
36: * }}}
37: *
38: * @package Cake.Controller.Component.Acl
39: */
40: class DbAcl extends Object implements AclInterface {
41:
42: /**
43: * Constructor
44: *
45: */
46: public function __construct() {
47: parent::__construct();
48: $this->Permission = ClassRegistry::init(array('class' => 'Permission', 'alias' => 'Permission'));
49: $this->Aro = $this->Permission->Aro;
50: $this->Aco = $this->Permission->Aco;
51: }
52:
53: /**
54: * Initializes the containing component and sets the Aro/Aco objects to it.
55: *
56: * @param AclComponent $component The AclComponent instance.
57: * @return void
58: */
59: public function initialize(Component $component) {
60: $component->Aro = $this->Aro;
61: $component->Aco = $this->Aco;
62: }
63:
64: /**
65: * Checks if the given $aro has access to action $action in $aco
66: *
67: * @param string $aro ARO The requesting object identifier.
68: * @param string $aco ACO The controlled object identifier.
69: * @param string $action Action (defaults to *)
70: * @return bool Success (true if ARO has access to action in ACO, false otherwise)
71: * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html#checking-permissions-the-acl-component
72: */
73: public function check($aro, $aco, $action = "*") {
74: return $this->Permission->check($aro, $aco, $action);
75: }
76:
77: /**
78: * Allow $aro to have access to action $actions in $aco
79: *
80: * @param string $aro ARO The requesting object identifier.
81: * @param string $aco ACO The controlled object identifier.
82: * @param string $actions Action (defaults to *)
83: * @param int $value Value to indicate access type (1 to give access, -1 to deny, 0 to inherit)
84: * @return bool Success
85: * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html#assigning-permissions
86: */
87: public function allow($aro, $aco, $actions = "*", $value = 1) {
88: return $this->Permission->allow($aro, $aco, $actions, $value);
89: }
90:
91: /**
92: * Deny access for $aro to action $action in $aco
93: *
94: * @param string $aro ARO The requesting object identifier.
95: * @param string $aco ACO The controlled object identifier.
96: * @param string $action Action (defaults to *)
97: * @return bool Success
98: * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html#assigning-permissions
99: */
100: public function deny($aro, $aco, $action = "*") {
101: return $this->allow($aro, $aco, $action, -1);
102: }
103:
104: /**
105: * Let access for $aro to action $action in $aco be inherited
106: *
107: * @param string $aro ARO The requesting object identifier.
108: * @param string $aco ACO The controlled object identifier.
109: * @param string $action Action (defaults to *)
110: * @return bool Success
111: */
112: public function inherit($aro, $aco, $action = "*") {
113: return $this->allow($aro, $aco, $action, 0);
114: }
115:
116: /**
117: * Allow $aro to have access to action $actions in $aco
118: *
119: * @param string $aro ARO The requesting object identifier.
120: * @param string $aco ACO The controlled object identifier.
121: * @param string $action Action (defaults to *)
122: * @return bool Success
123: * @see allow()
124: */
125: public function grant($aro, $aco, $action = "*") {
126: return $this->allow($aro, $aco, $action);
127: }
128:
129: /**
130: * Deny access for $aro to action $action in $aco
131: *
132: * @param string $aro ARO The requesting object identifier.
133: * @param string $aco ACO The controlled object identifier.
134: * @param string $action Action (defaults to *)
135: * @return bool Success
136: * @see deny()
137: */
138: public function revoke($aro, $aco, $action = "*") {
139: return $this->deny($aro, $aco, $action);
140: }
141:
142: /**
143: * Get an array of access-control links between the given Aro and Aco
144: *
145: * @param string $aro ARO The requesting object identifier.
146: * @param string $aco ACO The controlled object identifier.
147: * @return array Indexed array with: 'aro', 'aco' and 'link'
148: */
149: public function getAclLink($aro, $aco) {
150: return $this->Permission->getAclLink($aro, $aco);
151: }
152:
153: /**
154: * Get the keys used in an ACO
155: *
156: * @param array $keys Permission model info
157: * @return array ACO keys
158: */
159: protected function _getAcoKeys($keys) {
160: return $this->Permission->getAcoKeys($keys);
161: }
162:
163: }
164: