1: <?php
2: /**
3: * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
4: * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
5: *
6: * Licensed under The MIT License
7: * For full copyright and license information, please see the LICENSE.txt
8: * Redistributions of files must retain the above copyright notice.
9: *
10: * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
11: * @link http://cakephp.org CakePHP(tm) Project
12: * @package Cake.Controller.Component.Acl
13: * @since CakePHP(tm) v 0.10.0.1076
14: * @license http://www.opensource.org/licenses/mit-license.php MIT License
15: */
16:
17: App::uses('AclInterface', 'Controller/Component/Acl');
18: App::uses('Hash', 'Utility');
19: App::uses('ClassRegistry', 'Utility');
20:
21: /**
22: * DbAcl implements an ACL control system in the database. ARO's and ACO's are
23: * structured into trees and a linking table is used to define permissions. You
24: * can install the schema for DbAcl with the Schema Shell.
25: *
26: * `$aco` and `$aro` parameters can be slash delimited paths to tree nodes.
27: *
28: * eg. `controllers/Users/edit`
29: *
30: * Would point to a tree structure like
31: *
32: * ```
33: * controllers
34: * Users
35: * edit
36: * ```
37: *
38: * @package Cake.Controller.Component.Acl
39: */
40: class DbAcl extends CakeObject implements AclInterface {
41:
42: /**
43: * Constructor
44: */
45: public function __construct() {
46: parent::__construct();
47: $this->Permission = ClassRegistry::init(array('class' => 'Permission', 'alias' => 'Permission'));
48: $this->Aro = $this->Permission->Aro;
49: $this->Aco = $this->Permission->Aco;
50: }
51:
52: /**
53: * Initializes the containing component and sets the Aro/Aco objects to it.
54: *
55: * @param AclComponent $component The AclComponent instance.
56: * @return void
57: */
58: public function initialize(Component $component) {
59: $component->Aro = $this->Aro;
60: $component->Aco = $this->Aco;
61: }
62:
63: /**
64: * Checks if the given $aro has access to action $action in $aco
65: *
66: * @param string $aro ARO The requesting object identifier.
67: * @param string $aco ACO The controlled object identifier.
68: * @param string $action Action (defaults to *)
69: * @return bool Success (true if ARO has access to action in ACO, false otherwise)
70: * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html#checking-permissions-the-acl-component
71: */
72: public function check($aro, $aco, $action = "*") {
73: return $this->Permission->check($aro, $aco, $action);
74: }
75:
76: /**
77: * Allow $aro to have access to action $actions in $aco
78: *
79: * @param string $aro ARO The requesting object identifier.
80: * @param string $aco ACO The controlled object identifier.
81: * @param string $actions Action (defaults to *)
82: * @param int $value Value to indicate access type (1 to give access, -1 to deny, 0 to inherit)
83: * @return bool Success
84: * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html#assigning-permissions
85: */
86: public function allow($aro, $aco, $actions = "*", $value = 1) {
87: return $this->Permission->allow($aro, $aco, $actions, $value);
88: }
89:
90: /**
91: * Deny access for $aro to action $action in $aco
92: *
93: * @param string $aro ARO The requesting object identifier.
94: * @param string $aco ACO The controlled object identifier.
95: * @param string $action Action (defaults to *)
96: * @return bool Success
97: * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html#assigning-permissions
98: */
99: public function deny($aro, $aco, $action = "*") {
100: return $this->allow($aro, $aco, $action, -1);
101: }
102:
103: /**
104: * Let access for $aro to action $action in $aco be inherited
105: *
106: * @param string $aro ARO The requesting object identifier.
107: * @param string $aco ACO The controlled object identifier.
108: * @param string $action Action (defaults to *)
109: * @return bool Success
110: */
111: public function inherit($aro, $aco, $action = "*") {
112: return $this->allow($aro, $aco, $action, 0);
113: }
114:
115: /**
116: * Allow $aro to have access to action $actions in $aco
117: *
118: * @param string $aro ARO The requesting object identifier.
119: * @param string $aco ACO The controlled object identifier.
120: * @param string $action Action (defaults to *)
121: * @return bool Success
122: * @see allow()
123: */
124: public function grant($aro, $aco, $action = "*") {
125: return $this->allow($aro, $aco, $action);
126: }
127:
128: /**
129: * Deny access for $aro to action $action in $aco
130: *
131: * @param string $aro ARO The requesting object identifier.
132: * @param string $aco ACO The controlled object identifier.
133: * @param string $action Action (defaults to *)
134: * @return bool Success
135: * @see deny()
136: */
137: public function revoke($aro, $aco, $action = "*") {
138: return $this->deny($aro, $aco, $action);
139: }
140:
141: /**
142: * Get an array of access-control links between the given Aro and Aco
143: *
144: * @param string $aro ARO The requesting object identifier.
145: * @param string $aco ACO The controlled object identifier.
146: * @return array Indexed array with: 'aro', 'aco' and 'link'
147: */
148: public function getAclLink($aro, $aco) {
149: return $this->Permission->getAclLink($aro, $aco);
150: }
151:
152: /**
153: * Get the keys used in an ACO
154: *
155: * @param array $keys Permission model info
156: * @return array ACO keys
157: */
158: protected function _getAcoKeys($keys) {
159: return $this->Permission->getAcoKeys($keys);
160: }
161:
162: }
163: