1: <?php
  2: /**
  3:  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
  4:  * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
  5:  *
  6:  * Licensed under The MIT License
  7:  * For full copyright and license information, please see the LICENSE.txt
  8:  * Redistributions of files must retain the above copyright notice.
  9:  *
 10:  * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
 11:  * @link          http://cakephp.org CakePHP(tm) Project
 12:  * @package       Cake.Controller.Component
 13:  * @since         CakePHP(tm) v 0.10.0.1076
 14:  * @license       http://www.opensource.org/licenses/mit-license.php MIT License
 15:  */
 16: 
 17: App::uses('Component', 'Controller');
 18: App::uses('AclInterface', 'Controller/Component/Acl');
 19: 
 20: /**
 21:  * Access Control List factory class.
 22:  *
 23:  * Uses a strategy pattern to allow custom ACL implementations to be used with the same component interface.
 24:  * You can define by changing `Configure::write('Acl.classname', 'DbAcl');` in your core.php. The adapter
 25:  * you specify must implement `AclInterface`
 26:  *
 27:  * @package       Cake.Controller.Component
 28:  * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html
 29:  */
 30: class AclComponent extends Component {
 31: 
 32: /**
 33:  * Instance of an ACL class
 34:  *
 35:  * @var AclInterface
 36:  */
 37:     protected $_Instance = null;
 38: 
 39: /**
 40:  * Aro object.
 41:  *
 42:  * @var string
 43:  */
 44:     public $Aro;
 45: 
 46: /**
 47:  * Aco object
 48:  *
 49:  * @var string
 50:  */
 51:     public $Aco;
 52: 
 53: /**
 54:  * Constructor. Will return an instance of the correct ACL class as defined in `Configure::read('Acl.classname')`
 55:  *
 56:  * @param ComponentCollection $collection Collection instance.
 57:  * @param array $settings Settings list.
 58:  * @throws CakeException when Acl.classname could not be loaded.
 59:  */
 60:     public function __construct(ComponentCollection $collection, $settings = array()) {
 61:         parent::__construct($collection, $settings);
 62:         $name = Configure::read('Acl.classname');
 63:         if (!class_exists($name)) {
 64:             list($plugin, $name) = pluginSplit($name, true);
 65:             App::uses($name, $plugin . 'Controller/Component/Acl');
 66:             if (!class_exists($name)) {
 67:                 throw new CakeException(__d('cake_dev', 'Could not find %s.', $name));
 68:             }
 69:         }
 70:         $this->adapter($name);
 71:     }
 72: 
 73: /**
 74:  * Sets or gets the Adapter object currently in the AclComponent.
 75:  *
 76:  * `$this->Acl->adapter();` will get the current adapter class while
 77:  * `$this->Acl->adapter($obj);` will set the adapter class
 78:  *
 79:  * Will call the initialize method on the adapter if setting a new one.
 80:  *
 81:  * @param AclInterface|string $adapter Instance of AclInterface or a string name of the class to use. (optional)
 82:  * @return AclInterface|null Either null, or the adapter implementation.
 83:  * @throws CakeException when the given class is not an instance of AclInterface
 84:  */
 85:     public function adapter($adapter = null) {
 86:         if ($adapter) {
 87:             if (is_string($adapter)) {
 88:                 $adapter = new $adapter();
 89:             }
 90:             if (!$adapter instanceof AclInterface) {
 91:                 throw new CakeException(__d('cake_dev', 'AclComponent adapters must implement AclInterface'));
 92:             }
 93:             $this->_Instance = $adapter;
 94:             $this->_Instance->initialize($this);
 95:             return null;
 96:         }
 97:         return $this->_Instance;
 98:     }
 99: 
100: /**
101:  * Pass-thru function for ACL check instance. Check methods
102:  * are used to check whether or not an ARO can access an ACO
103:  *
104:  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
105:  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
106:  * @param string $action Action (defaults to *)
107:  * @return bool Success
108:  */
109:     public function check($aro, $aco, $action = "*") {
110:         return $this->_Instance->check($aro, $aco, $action);
111:     }
112: 
113: /**
114:  * Pass-thru function for ACL allow instance. Allow methods
115:  * are used to grant an ARO access to an ACO.
116:  *
117:  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
118:  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
119:  * @param string $action Action (defaults to *)
120:  * @return bool Success
121:  */
122:     public function allow($aro, $aco, $action = "*") {
123:         return $this->_Instance->allow($aro, $aco, $action);
124:     }
125: 
126: /**
127:  * Pass-thru function for ACL deny instance. Deny methods
128:  * are used to remove permission from an ARO to access an ACO.
129:  *
130:  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
131:  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
132:  * @param string $action Action (defaults to *)
133:  * @return bool Success
134:  */
135:     public function deny($aro, $aco, $action = "*") {
136:         return $this->_Instance->deny($aro, $aco, $action);
137:     }
138: 
139: /**
140:  * Pass-thru function for ACL inherit instance. Inherit methods
141:  * modify the permission for an ARO to be that of its parent object.
142:  *
143:  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
144:  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
145:  * @param string $action Action (defaults to *)
146:  * @return bool Success
147:  */
148:     public function inherit($aro, $aco, $action = "*") {
149:         return $this->_Instance->inherit($aro, $aco, $action);
150:     }
151: 
152: /**
153:  * Pass-thru function for ACL grant instance. An alias for AclComponent::allow()
154:  *
155:  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
156:  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
157:  * @param string $action Action (defaults to *)
158:  * @return bool Success
159:  * @deprecated 3.0.0 Will be removed in 3.0.
160:  */
161:     public function grant($aro, $aco, $action = "*") {
162:         trigger_error(__d('cake_dev', '%s is deprecated, use %s instead', 'AclComponent::grant()', 'allow()'), E_USER_WARNING);
163:         return $this->_Instance->allow($aro, $aco, $action);
164:     }
165: 
166: /**
167:  * Pass-thru function for ACL grant instance. An alias for AclComponent::deny()
168:  *
169:  * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
170:  * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
171:  * @param string $action Action (defaults to *)
172:  * @return bool Success
173:  * @deprecated 3.0.0 Will be removed in 3.0.
174:  */
175:     public function revoke($aro, $aco, $action = "*") {
176:         trigger_error(__d('cake_dev', '%s is deprecated, use %s instead', 'AclComponent::revoke()', 'deny()'), E_USER_WARNING);
177:         return $this->_Instance->deny($aro, $aco, $action);
178:     }
179: 
180: }
181: