| 16591 |
anikendra |
1 |
<?php
|
|
|
2 |
/**
|
|
|
3 |
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
|
|
|
4 |
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
|
|
5 |
*
|
|
|
6 |
* Licensed under The MIT License
|
|
|
7 |
* For full copyright and license information, please see the LICENSE.txt
|
|
|
8 |
* Redistributions of files must retain the above copyright notice.
|
|
|
9 |
*
|
|
|
10 |
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
|
|
11 |
* @link http://cakephp.org CakePHP(tm) Project
|
|
|
12 |
* @license http://www.opensource.org/licenses/mit-license.php MIT License
|
|
|
13 |
*/
|
|
|
14 |
|
|
|
15 |
App::uses('Hash', 'Utility');
|
|
|
16 |
|
|
|
17 |
/**
|
|
|
18 |
* Abstract base authorization adapter for AuthComponent.
|
|
|
19 |
*
|
|
|
20 |
* @package Cake.Controller.Component.Auth
|
|
|
21 |
* @since 2.0
|
|
|
22 |
* @see AuthComponent::$authenticate
|
|
|
23 |
*/
|
|
|
24 |
abstract class BaseAuthorize {
|
|
|
25 |
|
|
|
26 |
/**
|
|
|
27 |
* Controller for the request.
|
|
|
28 |
*
|
|
|
29 |
* @var Controller
|
|
|
30 |
*/
|
|
|
31 |
protected $_Controller = null;
|
|
|
32 |
|
|
|
33 |
/**
|
|
|
34 |
* Component collection instance for getting more components.
|
|
|
35 |
*
|
|
|
36 |
* @var ComponentCollection
|
|
|
37 |
*/
|
|
|
38 |
protected $_Collection;
|
|
|
39 |
|
|
|
40 |
/**
|
|
|
41 |
* Settings for authorize objects.
|
|
|
42 |
*
|
|
|
43 |
* - `actionPath` - The path to ACO nodes that contains the nodes for controllers. Used as a prefix
|
|
|
44 |
* when calling $this->action();
|
|
|
45 |
* - `actionMap` - Action -> crud mappings. Used by authorization objects that want to map actions to CRUD roles.
|
|
|
46 |
* - `userModel` - Model name that ARO records can be found under. Defaults to 'User'.
|
|
|
47 |
*
|
|
|
48 |
* @var array
|
|
|
49 |
*/
|
|
|
50 |
public $settings = array(
|
|
|
51 |
'actionPath' => null,
|
|
|
52 |
'actionMap' => array(
|
|
|
53 |
'index' => 'read',
|
|
|
54 |
'add' => 'create',
|
|
|
55 |
'edit' => 'update',
|
|
|
56 |
'view' => 'read',
|
|
|
57 |
'delete' => 'delete',
|
|
|
58 |
'remove' => 'delete'
|
|
|
59 |
),
|
|
|
60 |
'userModel' => 'User'
|
|
|
61 |
);
|
|
|
62 |
|
|
|
63 |
/**
|
|
|
64 |
* Constructor
|
|
|
65 |
*
|
|
|
66 |
* @param ComponentCollection $collection The controller for this request.
|
|
|
67 |
* @param string $settings An array of settings. This class does not use any settings.
|
|
|
68 |
*/
|
|
|
69 |
public function __construct(ComponentCollection $collection, $settings = array()) {
|
|
|
70 |
$this->_Collection = $collection;
|
|
|
71 |
$controller = $collection->getController();
|
|
|
72 |
$this->controller($controller);
|
|
|
73 |
$this->settings = Hash::merge($this->settings, $settings);
|
|
|
74 |
}
|
|
|
75 |
|
|
|
76 |
/**
|
|
|
77 |
* Checks user authorization.
|
|
|
78 |
*
|
|
|
79 |
* @param array $user Active user data
|
|
|
80 |
* @param CakeRequest $request Request instance.
|
|
|
81 |
* @return bool
|
|
|
82 |
*/
|
|
|
83 |
abstract public function authorize($user, CakeRequest $request);
|
|
|
84 |
|
|
|
85 |
/**
|
|
|
86 |
* Accessor to the controller object.
|
|
|
87 |
*
|
|
|
88 |
* @param Controller $controller null to get, a controller to set.
|
|
|
89 |
* @return mixed
|
|
|
90 |
* @throws CakeException
|
|
|
91 |
*/
|
|
|
92 |
public function controller(Controller $controller = null) {
|
|
|
93 |
if ($controller) {
|
|
|
94 |
if (!$controller instanceof Controller) {
|
|
|
95 |
throw new CakeException(__d('cake_dev', '$controller needs to be an instance of Controller'));
|
|
|
96 |
}
|
|
|
97 |
$this->_Controller = $controller;
|
|
|
98 |
return true;
|
|
|
99 |
}
|
|
|
100 |
return $this->_Controller;
|
|
|
101 |
}
|
|
|
102 |
|
|
|
103 |
/**
|
|
|
104 |
* Get the action path for a given request. Primarily used by authorize objects
|
|
|
105 |
* that need to get information about the plugin, controller, and action being invoked.
|
|
|
106 |
*
|
|
|
107 |
* @param CakeRequest $request The request a path is needed for.
|
|
|
108 |
* @param string $path Path format.
|
|
|
109 |
* @return string the action path for the given request.
|
|
|
110 |
*/
|
|
|
111 |
public function action(CakeRequest $request, $path = '/:plugin/:controller/:action') {
|
|
|
112 |
$plugin = empty($request['plugin']) ? null : Inflector::camelize($request['plugin']) . '/';
|
|
|
113 |
$path = str_replace(
|
|
|
114 |
array(':controller', ':action', ':plugin/'),
|
|
|
115 |
array(Inflector::camelize($request['controller']), $request['action'], $plugin),
|
|
|
116 |
$this->settings['actionPath'] . $path
|
|
|
117 |
);
|
|
|
118 |
$path = str_replace('//', '/', $path);
|
|
|
119 |
return trim($path, '/');
|
|
|
120 |
}
|
|
|
121 |
|
|
|
122 |
/**
|
|
|
123 |
* Maps crud actions to actual action names. Used to modify or get the current mapped actions.
|
|
|
124 |
*
|
|
|
125 |
* Create additional mappings for a standard CRUD operation:
|
|
|
126 |
*
|
|
|
127 |
* ```
|
|
|
128 |
* $this->Auth->mapActions(array('create' => array('add', 'register'));
|
|
|
129 |
* ```
|
|
|
130 |
*
|
|
|
131 |
* Or equivalently:
|
|
|
132 |
*
|
|
|
133 |
* ```
|
|
|
134 |
* $this->Auth->mapActions(array('register' => 'create', 'add' => 'create'));
|
|
|
135 |
* ```
|
|
|
136 |
*
|
|
|
137 |
* Create mappings for custom CRUD operations:
|
|
|
138 |
*
|
|
|
139 |
* ```
|
|
|
140 |
* $this->Auth->mapActions(array('range' => 'search'));
|
|
|
141 |
* ```
|
|
|
142 |
*
|
|
|
143 |
* You can use the custom CRUD operations to create additional generic permissions
|
|
|
144 |
* that behave like CRUD operations. Doing this will require additional columns on the
|
|
|
145 |
* permissions lookup. For example if one wanted an additional search CRUD operation
|
|
|
146 |
* one would create and additional column '_search' in the aros_acos table. One could
|
|
|
147 |
* create a custom admin CRUD operation for administration functions similarly if needed.
|
|
|
148 |
*
|
|
|
149 |
* @param array $map Either an array of mappings, or undefined to get current values.
|
|
|
150 |
* @return mixed Either the current mappings or null when setting.
|
|
|
151 |
* @see AuthComponent::mapActions()
|
|
|
152 |
*/
|
|
|
153 |
public function mapActions($map = array()) {
|
|
|
154 |
if (empty($map)) {
|
|
|
155 |
return $this->settings['actionMap'];
|
|
|
156 |
}
|
|
|
157 |
foreach ($map as $action => $type) {
|
|
|
158 |
if (is_array($type)) {
|
|
|
159 |
foreach ($type as $typedAction) {
|
|
|
160 |
$this->settings['actionMap'][$typedAction] = $action;
|
|
|
161 |
}
|
|
|
162 |
} else {
|
|
|
163 |
$this->settings['actionMap'][$action] = $type;
|
|
|
164 |
}
|
|
|
165 |
}
|
|
|
166 |
}
|
|
|
167 |
|
|
|
168 |
}
|