1: <?php
 2: /**
 3:  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
 4:  * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
 5:  *
 6:  * Licensed under The MIT License
 7:  * For full copyright and license information, please see the LICENSE.txt
 8:  * Redistributions of files must retain the above copyright notice.
 9:  *
10:  * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
11:  * @link          http://cakephp.org CakePHP(tm) Project
12:  * @license       http://www.opensource.org/licenses/mit-license.php MIT License
13:  */
14: 
15: App::uses('BaseAuthorize', 'Controller/Component/Auth');
16: 
17: /**
18:  * An authorization adapter for AuthComponent. Provides the ability to authorize using a controller callback.
19:  * Your controller's isAuthorized() method should return a boolean to indicate whether or not the user is authorized.
20:  *
21:  * ```
22:  *  public function isAuthorized($user) {
23:  *      if (!empty($this->request->params['admin'])) {
24:  *          return $user['role'] === 'admin';
25:  *      }
26:  *      return !empty($user);
27:  *  }
28:  * ```
29:  *
30:  * the above is simple implementation that would only authorize users of the 'admin' role to access
31:  * admin routing.
32:  *
33:  * @package       Cake.Controller.Component.Auth
34:  * @since 2.0
35:  * @see AuthComponent::$authenticate
36:  */
37: class ControllerAuthorize extends BaseAuthorize {
38: 
39: /**
40:  * Get/set the controller this authorize object will be working with. Also checks that isAuthorized is implemented.
41:  *
42:  * @param Controller $controller null to get, a controller to set.
43:  * @return mixed
44:  * @throws CakeException
45:  */
46:     public function controller(Controller $controller = null) {
47:         if ($controller) {
48:             if (!method_exists($controller, 'isAuthorized')) {
49:                 throw new CakeException(__d('cake_dev', '$controller does not implement an %s method.', 'isAuthorized()'));
50:             }
51:         }
52:         return parent::controller($controller);
53:     }
54: 
55: /**
56:  * Checks user authorization using a controller callback.
57:  *
58:  * @param array $user Active user data
59:  * @param CakeRequest $request Request instance.
60:  * @return bool
61:  */
62:     public function authorize($user, CakeRequest $request) {
63:         return (bool)$this->_Controller->isAuthorized($user);
64:     }
65: 
66: }
67: