1.1.x.x » cake » libs » controller » components » dbacl
db_acl.php

00001 <?php
00002 /* SVN FILE: $Id: db__acl_8php-source.html 675 2008-12-26 00:27:14Z gwoo $ */
00003 /**
00004  * This is core configuration file.
00005  *
00006  * Use it to configure core behaviour ofCake.
00007  *
00008  * PHP versions 4 and 5
00009  *
00010  * CakePHP(tm) :  Rapid Development Framework <http://www.cakephp.org/>
00011  * Copyright 2005-2008, Cake Software Foundation, Inc.
00012  *                              1785 E. Sahara Avenue, Suite 490-204
00013  *                              Las Vegas, Nevada 89104
00014  *
00015  * Licensed under The MIT License
00016  * Redistributions of files must retain the above copyright notice.
00017  *
00018  * @filesource
00019  * @copyright       Copyright 2005-2008, Cake Software Foundation, Inc.
00020  * @link                http://www.cakefoundation.org/projects/info/cakephp CakePHP(tm) Project
00021  * @package         cake
00022  * @subpackage      cake.cake.libs.controller.componenets.dbacl
00023  * @since           CakePHP(tm) v 0.2.9
00024  * @version         $Revision: 675 $
00025  * @modifiedby      $LastChangedBy: gwoo $
00026  * @lastmodified    $Date: 2008-12-25 16:27:14 -0800 (Thu, 25 Dec 2008) $
00027  * @license         http://www.opensource.org/licenses/mit-license.php The MIT License
00028  */
00029 if (!defined('ACL_DATABASE')) {
00030     define('ACL_DATABASE', 'default');
00031 }
00032 uses('controller' . DS . 'components' . DS . 'acl_base');
00033 uses('controller' . DS . 'components' . DS . 'dbacl' . DS . 'models' . DS . 'aclnode');
00034 uses('controller' . DS . 'components' . DS . 'dbacl' . DS . 'models' . DS . 'aco');
00035 uses('controller' . DS . 'components' . DS . 'dbacl' . DS . 'models' . DS . 'acoaction');
00036 uses('controller' . DS . 'components' . DS . 'dbacl' . DS . 'models' . DS . 'aro');
00037 uses('controller' . DS . 'components' . DS . 'dbacl' . DS . 'models' . DS . 'aros_aco');
00038 /**
00039  * In this file you can extend the AclBase.
00040  *
00041  * @package     cake
00042  * @subpackage  cake.cake.libs.controller.components.dbacl
00043  */
00044 class DB_ACL extends AclBase {
00045 /**
00046  * Enter description here...
00047  *
00048  */
00049     function __construct() {
00050     }
00051 /**
00052  * Enter description here...
00053  *
00054  * @param string $aro
00055  * @param string $aco
00056  * @param string $action
00057  * @return boolean
00058  * @access public
00059  */
00060     function check($aro, $aco, $action = "*") {
00061         $Perms = new ArosAco();
00062         $Aro = new Aro();
00063         $Aco = new Aco();
00064 
00065         if ($aro == null || $aco == null) {
00066             return false;
00067         }
00068 
00069         $permKeys = $this->_getAcoKeys($Perms->loadInfo());
00070         $aroPath = $Aro->getPath($aro);
00071         $tmpAcoPath = $Aco->getPath($aco);
00072 
00073         if ($tmpAcoPath === null) {
00074             return false;
00075         }
00076         $tmpAcoPath = array_reverse($tmpAcoPath);
00077         $acoPath = array();
00078 
00079         if ($action != '*' && !in_array('_' . $action, $permKeys)) {
00080             trigger_error('ACO permissions key "' . $action . '" does not exist in DB_ACL::check()', E_USER_NOTICE);
00081             return false;
00082         }
00083 
00084         foreach ($tmpAcoPath as $a) {
00085             $acoPath[] = $a['Aco']['id'];
00086         }
00087 
00088         for ($i = count($aroPath) - 1; $i >= 0; $i--) {
00089             $perms = $Perms->findAll(array('ArosAco.aro_id' => $aroPath[$i]['Aro']['id'],
00090                                                         'ArosAco.aco_id' => $acoPath), null,
00091                                                         'Aco.lft desc');
00092             if ($perms == null || count($perms) == 0) {
00093                 continue;
00094             } else {
00095                 foreach ($perms as $perm) {
00096                     if ($action == '*') {
00097                         // ARO must be cleared for ALL ACO actions
00098                         foreach ($permKeys as $key) {
00099                             if (isset($perm['ArosAco'])) {
00100                                 if ($perm['ArosAco'][$key] != 1) {
00101                                         return false;
00102                                 }
00103                             }
00104                         }
00105                         return true;
00106 
00107                     } else {
00108                         switch($perm['ArosAco']['_' . $action]) {
00109                             case -1:
00110                                 return false;
00111                             case 0:
00112                                 continue;
00113                             break;
00114                             case 1:
00115                                 return true;
00116                             break;
00117                         }
00118                     }
00119                 }
00120             }
00121         }
00122         return false;
00123     }
00124 /**
00125  * Enter description here...
00126  *
00127  * @param string $aro
00128  * @param string $aco
00129  * @param string $action
00130  * @param integer $value
00131  * @return boolean
00132  * @access public
00133  */
00134     function allow($aro, $aco, $action = "*", $value = 1) {
00135         $Perms = new ArosAco();
00136         $perms = $this->getAclLink($aro, $aco);
00137         $permKeys = $this->_getAcoKeys($Perms->loadInfo());
00138         $save = array();
00139 
00140         if ($perms == false) {
00141             trigger_error('DB_ACL::allow() - Invalid node', E_USER_WARNING);
00142             return false;
00143         }
00144 
00145         if (isset($perms[0])) {
00146             $save = $perms[0]['ArosAco'];
00147         }
00148 
00149         if ($action == "*") {
00150             $permKeys = $this->_getAcoKeys($Perms->loadInfo());
00151 
00152             foreach ($permKeys as $key) {
00153                 $save[$key] = $value;
00154             }
00155         } else {
00156             if (in_array('_' . $action, $permKeys)) {
00157                 $save['_' . $action] = $value;
00158             } else {
00159                 trigger_error('DB_ACL::allow() - Invalid ACO action', E_USER_WARNING);
00160                 return false;
00161             }
00162         }
00163 
00164         $save['aro_id'] = $perms['aro'];
00165         $save['aco_id'] = $perms['aco'];
00166 
00167         if ($perms['link'] != null && count($perms['link']) > 0) {
00168             $save['id'] = $perms['link'][0]['ArosAco']['id'];
00169         }
00170         return $Perms->save(array('ArosAco' => $save));
00171     }
00172 /**
00173  * Enter description here...
00174  *
00175  * @param string $aro
00176  * @param string $aco
00177  * @param string $action
00178  * @return boolean
00179  * @access public
00180  */
00181     function deny($aro, $aco, $action = "*") {
00182         return $this->allow($aro, $aco, $action, -1);
00183     }
00184 /**
00185  * Enter description here...
00186  *
00187  * @param string $aro
00188  * @param string $aco
00189  * @param string $action
00190  * @return boolean
00191  * @access public
00192  */
00193     function inherit($aro, $aco, $action = "*") {
00194         return $this->allow($aro, $aco, $action, 0);
00195     }
00196 /**
00197  * Enter description here...
00198  *
00199  * @param string $aro
00200  * @param string $aco
00201  * @param string $action
00202  * @return boolean
00203  * @access public
00204  */
00205     function grant($aro, $aco, $action = "*") {
00206         return $this->allow($aro, $aco, $action);
00207     }
00208 /**
00209  * Enter description here...
00210  *
00211  * @param string $aro
00212  * @param string $aco
00213  * @param string $action
00214  * @return boolean
00215  * @access public
00216  */
00217     function revoke($aro, $aco, $action = "*") {
00218         return $this->deny($aro, $aco, $action);
00219     }
00220 /**
00221  * Get an ARO object from the given id or alias
00222  *
00223  * @param mixed $id
00224  * @return object Aro
00225  * @access public
00226  */
00227     function getAro($id = null) {
00228         return $this->__getObject($id, 'Aro');
00229     }
00230 /**
00231  * Get an ACO object from the given id or alias
00232  *
00233  * @param mixed $id
00234  * @return object Aco
00235  * @access public
00236  */
00237     function getAco($id = null) {
00238         return $this->__getObject($id, 'Aco');
00239     }
00240     function __getObject($id = null, $object) {
00241         if ($id == null) {
00242             trigger_error('Null id provided in DB_ACL::get' . $object, E_USER_WARNING);
00243             return null;
00244         }
00245 
00246         $obj = new $object;
00247 
00248         if (is_numeric($id)) {
00249             $key = 'foreign_key';
00250             if ($object == 'Aco') {
00251                 $key = 'object_id';
00252             }
00253 
00254             $conditions = array($object . '.' . $key => $id);
00255         } else {
00256             $conditions = array($object . '.alias' => $id);
00257         }
00258 
00259         $tmp = $obj->find($conditions);
00260         $obj->id = $tmp[$object]['id'];
00261         return $obj;
00262     }
00263 /**
00264  * Get an array of access-control links between the given Aro and Aco
00265  *
00266  * @param mixed $aro
00267  * @param mixed $aco
00268  * @return array
00269  * @access public
00270  */
00271     function getAclLink($aro, $aco) {
00272         $Aro = new Aro();
00273         $Aco = new Aco();
00274         $Link = new ArosAco();
00275 
00276         $obj = array();
00277         $obj['Aro'] = $Aro->find($Aro->_resolveID($aro));
00278         $obj['Aco'] = $Aco->find($Aco->_resolveID($aco));
00279         $obj['Aro'] = $obj['Aro']['Aro'];
00280         $obj['Aco'] = $obj['Aco']['Aco'];
00281 
00282         if ($obj['Aro'] == null || count($obj['Aro']) == 0 || $obj['Aco'] == null || count($obj['Aco']) == 0) {
00283             return false;
00284         }
00285         return array('aro' => $obj['Aro']['id'],
00286                             'aco'  => $obj['Aco']['id'],
00287                             'link' => $Link->findAll(array(
00288                             'ArosAco.aro_id' => $obj['Aro']['id'],
00289                             'ArosAco.aco_id' => $obj['Aco']['id'])));
00290     }
00291 /**
00292  * Enter description here...
00293  *
00294  * @param object $keys
00295  * @return array
00296  * @access protected
00297  */
00298     function _getAcoKeys($keys) {
00299         $newKeys = array();
00300         $keys = $keys->value;
00301 
00302         foreach ($keys as $key) {
00303             if ($key['name'] != 'id' && $key['name'] != 'aro_id' && $key['name'] != 'aco_id') {
00304                 $newKeys[] = $key['name'];
00305             }
00306         }
00307         return $newKeys;
00308     }
00309 }
00310 ?>
The API for CakePHP 1.1.20.7692

db_acl.php
