| 16591 |
anikendra |
1 |
<?php
|
|
|
2 |
/**
|
|
|
3 |
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
|
|
|
4 |
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
|
|
5 |
*
|
|
|
6 |
* Licensed under The MIT License
|
|
|
7 |
* For full copyright and license information, please see the LICENSE.txt
|
|
|
8 |
* Redistributions of files must retain the above copyright notice.
|
|
|
9 |
*
|
|
|
10 |
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
|
|
11 |
* @link http://cakephp.org CakePHP(tm) Project
|
|
|
12 |
* @package Cake.Controller.Component
|
|
|
13 |
* @since CakePHP(tm) v 0.10.0.1076
|
|
|
14 |
* @license http://www.opensource.org/licenses/mit-license.php MIT License
|
|
|
15 |
*/
|
|
|
16 |
|
|
|
17 |
App::uses('Component', 'Controller');
|
|
|
18 |
App::uses('AclInterface', 'Controller/Component/Acl');
|
|
|
19 |
|
|
|
20 |
/**
|
|
|
21 |
* Access Control List factory class.
|
|
|
22 |
*
|
|
|
23 |
* Uses a strategy pattern to allow custom ACL implementations to be used with the same component interface.
|
|
|
24 |
* You can define by changing `Configure::write('Acl.classname', 'DbAcl');` in your core.php. The adapter
|
|
|
25 |
* you specify must implement `AclInterface`
|
|
|
26 |
*
|
|
|
27 |
* @package Cake.Controller.Component
|
|
|
28 |
* @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html
|
|
|
29 |
*/
|
|
|
30 |
class AclComponent extends Component {
|
|
|
31 |
|
|
|
32 |
/**
|
|
|
33 |
* Instance of an ACL class
|
|
|
34 |
*
|
|
|
35 |
* @var AclInterface
|
|
|
36 |
*/
|
|
|
37 |
protected $_Instance = null;
|
|
|
38 |
|
|
|
39 |
/**
|
|
|
40 |
* Aro object.
|
|
|
41 |
*
|
|
|
42 |
* @var string
|
|
|
43 |
*/
|
|
|
44 |
public $Aro;
|
|
|
45 |
|
|
|
46 |
/**
|
|
|
47 |
* Aco object
|
|
|
48 |
*
|
|
|
49 |
* @var string
|
|
|
50 |
*/
|
|
|
51 |
public $Aco;
|
|
|
52 |
|
|
|
53 |
/**
|
|
|
54 |
* Constructor. Will return an instance of the correct ACL class as defined in `Configure::read('Acl.classname')`
|
|
|
55 |
*
|
|
|
56 |
* @param ComponentCollection $collection Collection instance.
|
|
|
57 |
* @param array $settings Settings list.
|
|
|
58 |
* @throws CakeException when Acl.classname could not be loaded.
|
|
|
59 |
*/
|
|
|
60 |
public function __construct(ComponentCollection $collection, $settings = array()) {
|
|
|
61 |
parent::__construct($collection, $settings);
|
|
|
62 |
$name = Configure::read('Acl.classname');
|
|
|
63 |
if (!class_exists($name)) {
|
|
|
64 |
list($plugin, $name) = pluginSplit($name, true);
|
|
|
65 |
App::uses($name, $plugin . 'Controller/Component/Acl');
|
|
|
66 |
if (!class_exists($name)) {
|
|
|
67 |
throw new CakeException(__d('cake_dev', 'Could not find %s.', $name));
|
|
|
68 |
}
|
|
|
69 |
}
|
|
|
70 |
$this->adapter($name);
|
|
|
71 |
}
|
|
|
72 |
|
|
|
73 |
/**
|
|
|
74 |
* Sets or gets the Adapter object currently in the AclComponent.
|
|
|
75 |
*
|
|
|
76 |
* `$this->Acl->adapter();` will get the current adapter class while
|
|
|
77 |
* `$this->Acl->adapter($obj);` will set the adapter class
|
|
|
78 |
*
|
|
|
79 |
* Will call the initialize method on the adapter if setting a new one.
|
|
|
80 |
*
|
|
|
81 |
* @param AclInterface|string $adapter Instance of AclInterface or a string name of the class to use. (optional)
|
|
|
82 |
* @return AclInterface|void either null, or the adapter implementation.
|
|
|
83 |
* @throws CakeException when the given class is not an instance of AclInterface
|
|
|
84 |
*/
|
|
|
85 |
public function adapter($adapter = null) {
|
|
|
86 |
if ($adapter) {
|
|
|
87 |
if (is_string($adapter)) {
|
|
|
88 |
$adapter = new $adapter();
|
|
|
89 |
}
|
|
|
90 |
if (!$adapter instanceof AclInterface) {
|
|
|
91 |
throw new CakeException(__d('cake_dev', 'AclComponent adapters must implement AclInterface'));
|
|
|
92 |
}
|
|
|
93 |
$this->_Instance = $adapter;
|
|
|
94 |
$this->_Instance->initialize($this);
|
|
|
95 |
return;
|
|
|
96 |
}
|
|
|
97 |
return $this->_Instance;
|
|
|
98 |
}
|
|
|
99 |
|
|
|
100 |
/**
|
|
|
101 |
* Pass-thru function for ACL check instance. Check methods
|
|
|
102 |
* are used to check whether or not an ARO can access an ACO
|
|
|
103 |
*
|
|
|
104 |
* @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
|
|
|
105 |
* @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
|
|
|
106 |
* @param string $action Action (defaults to *)
|
|
|
107 |
* @return bool Success
|
|
|
108 |
*/
|
|
|
109 |
public function check($aro, $aco, $action = "*") {
|
|
|
110 |
return $this->_Instance->check($aro, $aco, $action);
|
|
|
111 |
}
|
|
|
112 |
|
|
|
113 |
/**
|
|
|
114 |
* Pass-thru function for ACL allow instance. Allow methods
|
|
|
115 |
* are used to grant an ARO access to an ACO.
|
|
|
116 |
*
|
|
|
117 |
* @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
|
|
|
118 |
* @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
|
|
|
119 |
* @param string $action Action (defaults to *)
|
|
|
120 |
* @return bool Success
|
|
|
121 |
*/
|
|
|
122 |
public function allow($aro, $aco, $action = "*") {
|
|
|
123 |
return $this->_Instance->allow($aro, $aco, $action);
|
|
|
124 |
}
|
|
|
125 |
|
|
|
126 |
/**
|
|
|
127 |
* Pass-thru function for ACL deny instance. Deny methods
|
|
|
128 |
* are used to remove permission from an ARO to access an ACO.
|
|
|
129 |
*
|
|
|
130 |
* @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
|
|
|
131 |
* @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
|
|
|
132 |
* @param string $action Action (defaults to *)
|
|
|
133 |
* @return bool Success
|
|
|
134 |
*/
|
|
|
135 |
public function deny($aro, $aco, $action = "*") {
|
|
|
136 |
return $this->_Instance->deny($aro, $aco, $action);
|
|
|
137 |
}
|
|
|
138 |
|
|
|
139 |
/**
|
|
|
140 |
* Pass-thru function for ACL inherit instance. Inherit methods
|
|
|
141 |
* modify the permission for an ARO to be that of its parent object.
|
|
|
142 |
*
|
|
|
143 |
* @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
|
|
|
144 |
* @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
|
|
|
145 |
* @param string $action Action (defaults to *)
|
|
|
146 |
* @return bool Success
|
|
|
147 |
*/
|
|
|
148 |
public function inherit($aro, $aco, $action = "*") {
|
|
|
149 |
return $this->_Instance->inherit($aro, $aco, $action);
|
|
|
150 |
}
|
|
|
151 |
|
|
|
152 |
/**
|
|
|
153 |
* Pass-thru function for ACL grant instance. An alias for AclComponent::allow()
|
|
|
154 |
*
|
|
|
155 |
* @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
|
|
|
156 |
* @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
|
|
|
157 |
* @param string $action Action (defaults to *)
|
|
|
158 |
* @return bool Success
|
|
|
159 |
* @deprecated 3.0.0 Will be removed in 3.0.
|
|
|
160 |
*/
|
|
|
161 |
public function grant($aro, $aco, $action = "*") {
|
|
|
162 |
trigger_error(__d('cake_dev', '%s is deprecated, use %s instead', 'AclComponent::grant()', 'allow()'), E_USER_WARNING);
|
|
|
163 |
return $this->_Instance->allow($aro, $aco, $action);
|
|
|
164 |
}
|
|
|
165 |
|
|
|
166 |
/**
|
|
|
167 |
* Pass-thru function for ACL grant instance. An alias for AclComponent::deny()
|
|
|
168 |
*
|
|
|
169 |
* @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
|
|
|
170 |
* @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
|
|
|
171 |
* @param string $action Action (defaults to *)
|
|
|
172 |
* @return bool Success
|
|
|
173 |
* @deprecated 3.0.0 Will be removed in 3.0.
|
|
|
174 |
*/
|
|
|
175 |
public function revoke($aro, $aco, $action = "*") {
|
|
|
176 |
trigger_error(__d('cake_dev', '%s is deprecated, use %s instead', 'AclComponent::revoke()', 'deny()'), E_USER_WARNING);
|
|
|
177 |
return $this->_Instance->deny($aro, $aco, $action);
|
|
|
178 |
}
|
|
|
179 |
|
|
|
180 |
}
|