1: <?php
2: /**
3: * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
4: * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
5: *
6: * Licensed under The MIT License
7: * For full copyright and license information, please see the LICENSE.txt
8: * Redistributions of files must retain the above copyright notice.
9: *
10: * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
11: * @link http://cakephp.org CakePHP(tm) Project
12: * @license http://www.opensource.org/licenses/mit-license.php MIT License
13: */
14:
15: App::uses('BaseAuthorize', 'Controller/Component/Auth');
16: App::uses('Router', 'Routing');
17:
18: /**
19: * An authorization adapter for AuthComponent. Provides the ability to authorize using CRUD mappings.
20: * CRUD mappings allow you to translate controller actions into *C*reate *R*ead *U*pdate *D*elete actions.
21: * This is then checked in the AclComponent as specific permissions.
22: *
23: * For example, taking `/posts/index` as the current request. The default mapping for `index`, is a `read` permission
24: * check. The Acl check would then be for the `posts` controller with the `read` permission. This allows you
25: * to create permission systems that focus more on what is being done to resources, rather than the specific actions
26: * being visited.
27: *
28: * @package Cake.Controller.Component.Auth
29: * @since 2.0
30: * @see AuthComponent::$authenticate
31: * @see AclComponent::check()
32: */
33: class CrudAuthorize extends BaseAuthorize {
34:
35: /**
36: * Sets up additional actionMap values that match the configured `Routing.prefixes`.
37: *
38: * @param ComponentCollection $collection The component collection from the controller.
39: * @param string $settings An array of settings. This class does not use any settings.
40: */
41: public function __construct(ComponentCollection $collection, $settings = array()) {
42: parent::__construct($collection, $settings);
43: $this->_setPrefixMappings();
44: }
45:
46: /**
47: * sets the crud mappings for prefix routes.
48: *
49: * @return void
50: */
51: protected function _setPrefixMappings() {
52: $crud = array('create', 'read', 'update', 'delete');
53: $map = array_combine($crud, $crud);
54:
55: $prefixes = Router::prefixes();
56: if (!empty($prefixes)) {
57: foreach ($prefixes as $prefix) {
58: $map = array_merge($map, array(
59: $prefix . '_index' => 'read',
60: $prefix . '_add' => 'create',
61: $prefix . '_edit' => 'update',
62: $prefix . '_view' => 'read',
63: $prefix . '_remove' => 'delete',
64: $prefix . '_create' => 'create',
65: $prefix . '_read' => 'read',
66: $prefix . '_update' => 'update',
67: $prefix . '_delete' => 'delete'
68: ));
69: }
70: }
71: $this->mapActions($map);
72: }
73:
74: /**
75: * Authorize a user using the mapped actions and the AclComponent.
76: *
77: * @param array $user The user to authorize
78: * @param CakeRequest $request The request needing authorization.
79: * @return bool
80: */
81: public function authorize($user, CakeRequest $request) {
82: if (!isset($this->settings['actionMap'][$request->params['action']])) {
83: trigger_error(__d('cake_dev',
84: 'CrudAuthorize::authorize() - Attempted access of un-mapped action "%1$s" in controller "%2$s"',
85: $request->action,
86: $request->controller
87: ),
88: E_USER_WARNING
89: );
90: return false;
91: }
92: $user = array($this->settings['userModel'] => $user);
93: $Acl = $this->_Collection->load('Acl');
94: return $Acl->check(
95: $user,
96: $this->action($request, ':controller'),
97: $this->settings['actionMap'][$request->params['action']]
98: );
99: }
100:
101: }
102: