2005-08-21 06:49:02 +00:00
< ? php
/* SVN FILE: $Id$ */
/**
2005-09-07 01:52:45 +00:00
* Access Control List factory class .
2006-01-12 02:10:47 +00:00
*
2005-09-07 01:52:45 +00:00
* Permissions system .
2005-08-21 06:49:02 +00:00
*
* PHP versions 4 and 5
*
2007-02-02 10:39:45 +00:00
* CakePHP ( tm ) : Rapid Development Framework < http :// www . cakephp . org />
* Copyright 2005 - 2007 , Cake Software Foundation , Inc .
2006-05-26 05:29:17 +00:00
* 1785 E . Sahara Avenue , Suite 490 - 204
* Las Vegas , Nevada 89104
2006-01-12 02:10:47 +00:00
*
2005-12-23 21:57:26 +00:00
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice .
2005-08-21 06:49:02 +00:00
*
2006-01-12 02:10:47 +00:00
* @ filesource
2007-02-02 10:39:45 +00:00
* @ copyright Copyright 2005 - 2007 , Cake Software Foundation , Inc .
* @ link http :// www . cakefoundation . org / projects / info / cakephp CakePHP ( tm ) Project
2006-05-26 05:29:17 +00:00
* @ package cake
* @ subpackage cake . cake . libs . controller . components
2007-02-02 10:39:45 +00:00
* @ since CakePHP ( tm ) v 0.10 . 0.1076
2006-05-26 05:29:17 +00:00
* @ version $Revision $
* @ modifiedby $LastChangedBy $
* @ lastmodified $Date $
* @ license http :// www . opensource . org / licenses / mit - license . php The MIT License
2005-08-21 06:49:02 +00:00
*/
/**
* Access Control List factory class .
2006-01-12 02:10:47 +00:00
*
2005-08-21 06:49:02 +00:00
* Looks for ACL implementation class in core config , and returns an instance of that class .
*
2006-05-26 05:29:17 +00:00
* @ package cake
* @ subpackage cake . cake . libs . controller . components
2005-08-21 06:49:02 +00:00
*/
2006-06-14 18:02:37 +00:00
class AclComponent extends Object {
2007-10-22 06:58:51 +00:00
/**
* Instance of an ACL class
*
* @ var object
* @ access protected
*/
var $_Instance = null ;
2005-12-22 01:07:28 +00:00
/**
2006-02-07 02:19:53 +00:00
* Constructor . Will return an instance of the correct ACL class .
2005-12-22 01:07:28 +00:00
*
*/
2007-10-14 01:09:21 +00:00
function __construct () {
$name = Configure :: read ( 'Acl.classname' );
if ( ! class_exists ( $name )) {
if ( loadComponent ( $name )) {
if ( strpos ( $name , '.' ) !== false ) {
list ( $plugin , $name ) = explode ( '.' , $name );
}
$name .= 'Component' ;
} else {
trigger_error ( sprintf ( __ ( 'Could not find %s.' , true ), $name ), E_USER_WARNING );
}
}
2007-10-22 06:58:51 +00:00
$this -> _Instance =& new $name ();
$this -> _Instance -> initialize ( $this );
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
2007-10-22 06:58:51 +00:00
* Startup is not used
2005-12-22 01:07:28 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param object $controller Controller using this component
* @ return boolean Proceed with component usage ( true ), or fail ( false )
* @ access public
2005-12-22 01:07:28 +00:00
*/
2007-10-14 01:09:21 +00:00
function startup ( & $controller ) {
return true ;
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
2006-02-07 02:19:53 +00:00
* Empty class defintion , to be overridden in subclasses .
2005-12-22 01:07:28 +00:00
*
2007-10-22 06:58:51 +00:00
* @ access protected
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function _initACL () {
}
2005-12-22 01:07:28 +00:00
/**
* Pass - thru function for ACL check instance .
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $action Action ( defaults to * )
* @ return bool Success
* @ access public
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function check ( $aro , $aco , $action = " * " ) {
2007-10-22 06:58:51 +00:00
return $this -> _Instance -> check ( $aro , $aco , $action );
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
* Pass - thru function for ACL allow instance .
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $action Action ( defaults to * )
* @ return bool Success
* @ access public
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function allow ( $aro , $aco , $action = " * " ) {
2007-10-22 06:58:51 +00:00
return $this -> _Instance -> allow ( $aro , $aco , $action );
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
* Pass - thru function for ACL deny instance .
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $action Action ( defaults to * )
* @ return bool Success
* @ access public
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function deny ( $aro , $aco , $action = " * " ) {
2007-10-22 06:58:51 +00:00
return $this -> _Instance -> deny ( $aro , $aco , $action );
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
* Pass - thru function for ACL inherit instance .
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $action Action ( defaults to * )
* @ return bool Success
* @ access public
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function inherit ( $aro , $aco , $action = " * " ) {
2007-10-22 06:58:51 +00:00
return $this -> _Instance -> inherit ( $aro , $aco , $action );
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
* Pass - thru function for ACL grant instance .
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $action Action ( defaults to * )
* @ return bool Success
* @ access public
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function grant ( $aro , $aco , $action = " * " ) {
2007-10-22 06:58:51 +00:00
return $this -> _Instance -> grant ( $aro , $aco , $action );
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
* Pass - thru function for ACL grant instance .
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $action Action ( defaults to * )
* @ return bool Success
* @ access public
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function revoke ( $aro , $aco , $action = " * " ) {
2007-10-22 06:58:51 +00:00
return $this -> _Instance -> revoke ( $aro , $aco , $action );
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
2006-11-24 17:27:11 +00:00
* Sets the current ARO instance to object from getAro
*
2007-10-22 06:58:51 +00:00
* @ param string $id ID of ARO
* @ return bool Success
* @ access public
2006-11-24 17:27:11 +00:00
*/
function setAro ( $id ) {
2007-10-22 06:58:51 +00:00
return $this -> Aro = $this -> _Instance -> getAro ( $id );
2006-11-24 17:27:11 +00:00
}
/**
* Sets the current ACO instance to object from getAco
*
2007-10-22 06:58:51 +00:00
* @ param string $id ID of ACO
* @ return bool Success
* @ access public
2006-11-24 17:27:11 +00:00
*/
function setAco ( $id ) {
2007-10-22 06:58:51 +00:00
return $this -> Aco = $this -> _Instance -> getAco ( $id );
2006-11-24 17:27:11 +00:00
}
/**
* Pass - thru function for ACL getAro instance
* that gets an ARO object from the given id or alias
2005-12-22 01:07:28 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $id ARO id
* @ return object ARO
* @ access public
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function getAro ( $id ) {
2007-10-22 06:58:51 +00:00
return $this -> _Instance -> getAro ( $id );
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
* Pass - thru function for ACL getAco instance .
2006-11-24 17:27:11 +00:00
* that gets an ACO object from the given id or alias
2005-12-22 01:07:28 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $id ACO id
* @ return object ACO
* @ access public
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function getAco ( $id ) {
2007-10-22 06:58:51 +00:00
return $this -> _Instance -> getAco ( $id );
2006-06-14 18:02:37 +00:00
}
2005-08-21 06:49:02 +00:00
}
2007-05-01 01:23:21 +00:00
/**
* Access Control List abstract class . Not to be instantiated .
* Subclasses of this class are used by AclComponent to perform ACL checks in Cake .
*
* @ package cake
* @ subpackage cake . cake . libs . controller . components
2007-05-20 04:44:18 +00:00
* @ abstract
2007-05-01 01:23:21 +00:00
*/
2007-05-20 04:44:18 +00:00
class AclBase extends Object {
2007-05-01 01:23:21 +00:00
/**
* This class should never be instantiated , just subclassed .
*
*/
2007-05-21 04:24:58 +00:00
function __construct () {
2007-05-01 01:23:21 +00:00
if ( strcasecmp ( get_class ( $this ), " AclBase " ) == 0 || ! is_subclass_of ( $this , " AclBase " )) {
trigger_error ( __ ( " [acl_base] The AclBase class constructor has been called, or the class was instantiated. This class must remain abstract. Please refer to the Cake docs for ACL configuration. " , true ), E_USER_ERROR );
return NULL ;
}
}
/**
* Empty method to be overridden in subclasses
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $action Action ( defaults to * )
* @ access public
2007-05-01 01:23:21 +00:00
*/
function check ( $aro , $aco , $action = " * " ) {
}
2007-05-15 20:01:44 +00:00
/**
* Empty method to be overridden in subclasses
*
2007-10-22 06:58:51 +00:00
* @ param object $component Component
* @ access public
2007-05-15 20:01:44 +00:00
*/
function initialize ( & $component ) {
}
2007-05-01 01:23:21 +00:00
}
2007-05-23 18:12:05 +00:00
/**
* In this file you can extend the AclBase .
*
* @ package cake
* @ subpackage cake . cake . libs . model
*/
class DB_ACL extends AclBase {
/**
2007-10-15 16:34:24 +00:00
* Constructor
2007-05-23 18:12:05 +00:00
*
*/
function __construct () {
parent :: __construct ();
2007-10-15 16:34:24 +00:00
uses ( 'model' . DS . 'db_acl' );
2007-05-23 18:12:05 +00:00
$this -> Aro =& new Aro ();
$this -> Aco =& new Aco ();
}
/**
* Enter description here ...
*
2007-10-15 16:34:24 +00:00
* @ param object $component
2007-10-22 06:58:51 +00:00
* @ access public
2007-05-23 18:12:05 +00:00
*/
function initialize ( & $component ) {
2007-10-15 16:34:24 +00:00
$component -> Aro = $this -> Aro ;
$component -> Aco = $this -> Aco ;
2007-05-23 18:12:05 +00:00
}
/**
2007-10-22 06:58:51 +00:00
* Checks if the given $aro has access to action $action in $aco
2007-05-23 18:12:05 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $action Action ( defaults to * )
* @ return boolean Success ( true if ARO has access to action in ACO , false otherwise )
* @ access public
2007-05-23 18:12:05 +00:00
*/
function check ( $aro , $aco , $action = " * " ) {
if ( $aro == null || $aco == null ) {
return false ;
}
$permKeys = $this -> _getAcoKeys ( $this -> Aro -> Permission -> loadInfo ());
$aroPath = $this -> Aro -> node ( $aro );
$acoPath = new Set ( $this -> Aco -> node ( $aco ));
if ( empty ( $aroPath ) || empty ( $acoPath )) {
trigger_error ( " DB_ACL::check() - Failed ARO/ACO node lookup in permissions check. Node references: \n Aro: " . print_r ( $aro , true ) . " \n Aco: " . print_r ( $aco , true ), E_USER_WARNING );
return false ;
}
if ( $acoPath -> get () == null || $acoPath -> get () == array ()) {
trigger_error ( " DB_ACL::check() - Failed ACO node lookup in permissions check. Node references: \n Aro: " . print_r ( $aro , true ) . " \n Aco: " . print_r ( $aco , true ), E_USER_WARNING );
return false ;
}
$aroNode = $aroPath [ 0 ];
$acoNode = $acoPath -> get ();
$acoNode = $acoNode [ 0 ];
if ( $action != '*' && ! in_array ( '_' . $action , $permKeys )) {
trigger_error ( sprintf ( __ ( " ACO permissions key %s does not exist in DB_ACL::check() " , true ), $action ), E_USER_NOTICE );
return false ;
}
Fixes #2902, DB_ACL::allow allowing all when $actions is not an array.
Fixes #2988, AclComponent check() does not inherit permissions.
Fixes #3022, Inconsistent table alias quoting crashes Acl node lookup with PostgreSQL.
Fixes #3129, Console ACL Shell ACO View Broken
Fixes #3176, Problems with ACL support on Microsoft SQL Server.
Closes #3311 as invalid, DboSourceTest::testArrayConditionsParsing tests added
Fixes #3312, DB_ACL::check() fail returning right permission
Fixes #3344, Model->field adds incorrect condition under certain circumstances.
Fixes #3400, Cookie Component: When reading a non-existing key it throws a notice.
Fixes #3407, Since [5768] CookieComponent throws warning when used in beforeFilter().
Closes #3401, Added form test to ensure $Form->fields array is what the security component requires.
Updated AclComponentTest
Merged changes in app/ to cake/console/libs/templates/skel
Fixed generated link to Run More Test after running Group > All tests
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5776 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-10-17 12:51:17 +00:00
$inherited = array ();
for ( $i = 0 ; $i < count ( $aroPath ); $i ++ ) {
$perms = $this -> Aro -> Permission -> findAll ( array (
$this -> Aro -> Permission -> name . '.aro_id' => $aroPath [ $i ][ $this -> Aro -> name ][ 'id' ],
$this -> Aro -> Permission -> name . '.aco_id' => $acoPath -> extract ( '{n}.' . $this -> Aco -> name . '.id' )),
null , array ( $this -> Aco -> name . '.lft' => 'desc' ), null , null , 0 );
2007-05-23 18:12:05 +00:00
if ( empty ( $perms )) {
continue ;
} else {
2007-08-18 16:42:38 +00:00
foreach ( Set :: extract ( $perms , '{n}.' . $this -> Aro -> Permission -> name ) as $perm ) {
2007-05-23 18:12:05 +00:00
if ( $action == '*' ) {
Fixes #2902, DB_ACL::allow allowing all when $actions is not an array.
Fixes #2988, AclComponent check() does not inherit permissions.
Fixes #3022, Inconsistent table alias quoting crashes Acl node lookup with PostgreSQL.
Fixes #3129, Console ACL Shell ACO View Broken
Fixes #3176, Problems with ACL support on Microsoft SQL Server.
Closes #3311 as invalid, DboSourceTest::testArrayConditionsParsing tests added
Fixes #3312, DB_ACL::check() fail returning right permission
Fixes #3344, Model->field adds incorrect condition under certain circumstances.
Fixes #3400, Cookie Component: When reading a non-existing key it throws a notice.
Fixes #3407, Since [5768] CookieComponent throws warning when used in beforeFilter().
Closes #3401, Added form test to ensure $Form->fields array is what the security component requires.
Updated AclComponentTest
Merged changes in app/ to cake/console/libs/templates/skel
Fixed generated link to Run More Test after running Group > All tests
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5776 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-10-17 12:51:17 +00:00
2007-06-20 06:15:35 +00:00
foreach ( $permKeys as $key ) {
2007-05-23 18:12:05 +00:00
if ( ! empty ( $perm )) {
Fixes #2902, DB_ACL::allow allowing all when $actions is not an array.
Fixes #2988, AclComponent check() does not inherit permissions.
Fixes #3022, Inconsistent table alias quoting crashes Acl node lookup with PostgreSQL.
Fixes #3129, Console ACL Shell ACO View Broken
Fixes #3176, Problems with ACL support on Microsoft SQL Server.
Closes #3311 as invalid, DboSourceTest::testArrayConditionsParsing tests added
Fixes #3312, DB_ACL::check() fail returning right permission
Fixes #3344, Model->field adds incorrect condition under certain circumstances.
Fixes #3400, Cookie Component: When reading a non-existing key it throws a notice.
Fixes #3407, Since [5768] CookieComponent throws warning when used in beforeFilter().
Closes #3401, Added form test to ensure $Form->fields array is what the security component requires.
Updated AclComponentTest
Merged changes in app/ to cake/console/libs/templates/skel
Fixed generated link to Run More Test after running Group > All tests
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5776 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-10-17 12:51:17 +00:00
if ( $perm [ $key ] == - 1 ) {
2007-05-23 18:12:05 +00:00
return false ;
Fixes #2902, DB_ACL::allow allowing all when $actions is not an array.
Fixes #2988, AclComponent check() does not inherit permissions.
Fixes #3022, Inconsistent table alias quoting crashes Acl node lookup with PostgreSQL.
Fixes #3129, Console ACL Shell ACO View Broken
Fixes #3176, Problems with ACL support on Microsoft SQL Server.
Closes #3311 as invalid, DboSourceTest::testArrayConditionsParsing tests added
Fixes #3312, DB_ACL::check() fail returning right permission
Fixes #3344, Model->field adds incorrect condition under certain circumstances.
Fixes #3400, Cookie Component: When reading a non-existing key it throws a notice.
Fixes #3407, Since [5768] CookieComponent throws warning when used in beforeFilter().
Closes #3401, Added form test to ensure $Form->fields array is what the security component requires.
Updated AclComponentTest
Merged changes in app/ to cake/console/libs/templates/skel
Fixed generated link to Run More Test after running Group > All tests
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5776 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-10-17 12:51:17 +00:00
} elseif ( $perm [ $key ] == 1 ) {
$inherited [ $key ] = 1 ;
2007-05-23 18:12:05 +00:00
}
}
}
Fixes #2902, DB_ACL::allow allowing all when $actions is not an array.
Fixes #2988, AclComponent check() does not inherit permissions.
Fixes #3022, Inconsistent table alias quoting crashes Acl node lookup with PostgreSQL.
Fixes #3129, Console ACL Shell ACO View Broken
Fixes #3176, Problems with ACL support on Microsoft SQL Server.
Closes #3311 as invalid, DboSourceTest::testArrayConditionsParsing tests added
Fixes #3312, DB_ACL::check() fail returning right permission
Fixes #3344, Model->field adds incorrect condition under certain circumstances.
Fixes #3400, Cookie Component: When reading a non-existing key it throws a notice.
Fixes #3407, Since [5768] CookieComponent throws warning when used in beforeFilter().
Closes #3401, Added form test to ensure $Form->fields array is what the security component requires.
Updated AclComponentTest
Merged changes in app/ to cake/console/libs/templates/skel
Fixed generated link to Run More Test after running Group > All tests
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5776 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-10-17 12:51:17 +00:00
if ( count ( $inherited ) === count ( $permKeys )) {
return true ;
}
2007-05-23 18:12:05 +00:00
} else {
switch ( $perm [ '_' . $action ]) {
case - 1 :
return false ;
case 0 :
continue ;
break ;
case 1 :
return true ;
break ;
}
}
}
}
}
return false ;
}
/**
2007-10-22 06:58:51 +00:00
* Allow $aro to have access to action $actions in $aco
2007-05-23 18:12:05 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $actions Action ( defaults to * )
* @ param int $value Value to indicate access type ( 1 to give access , - 1 to deny , 0 to inherit )
* @ return boolean Success
* @ access public
2007-05-23 18:12:05 +00:00
*/
2007-06-10 17:43:37 +00:00
function allow ( $aro , $aco , $actions = " * " , $value = 1 ) {
2007-05-23 18:12:05 +00:00
$perms = $this -> getAclLink ( $aro , $aco );
$permKeys = $this -> _getAcoKeys ( $this -> Aro -> Permission -> loadInfo ());
$save = array ();
if ( $perms == false ) {
trigger_error ( __ ( 'DB_ACL::allow() - Invalid node' , true ), E_USER_WARNING );
return false ;
}
if ( isset ( $perms [ 0 ])) {
2007-08-18 16:42:38 +00:00
$save = $perms [ 0 ][ $this -> Aro -> Permission -> name ];
2007-05-23 18:12:05 +00:00
}
2007-06-10 17:43:37 +00:00
if ( $actions == " * " ) {
2007-05-23 18:12:05 +00:00
$permKeys = $this -> _getAcoKeys ( $this -> Aro -> Permission -> loadInfo ());
2007-06-20 06:15:35 +00:00
foreach ( $permKeys as $key ) {
2007-05-23 18:12:05 +00:00
$save [ $key ] = $value ;
}
} else {
2007-06-20 06:15:35 +00:00
if ( ! is_array ( $actions )) {
2007-06-17 07:58:48 +00:00
$actions = array ( '_' . $actions );
2007-06-10 17:43:37 +00:00
}
2007-06-20 06:15:35 +00:00
if ( is_array ( $actions )) {
foreach ( $actions as $action ) {
2007-06-10 17:43:37 +00:00
if ( $action { 0 } != '_' ) {
$action = '_' . $action ;
}
if ( in_array ( $action , $permKeys )) {
$save [ $action ] = $value ;
2007-07-08 21:01:31 +00:00
}
2007-06-10 17:43:37 +00:00
}
2007-05-23 18:12:05 +00:00
}
}
2007-07-08 21:01:31 +00:00
2007-05-23 18:12:05 +00:00
$save [ 'aro_id' ] = $perms [ 'aro' ];
$save [ 'aco_id' ] = $perms [ 'aco' ];
if ( $perms [ 'link' ] != null && count ( $perms [ 'link' ]) > 0 ) {
2007-08-18 16:42:38 +00:00
$save [ 'id' ] = $perms [ 'link' ][ 0 ][ $this -> Aro -> Permission -> name ][ 'id' ];
2007-05-23 18:12:05 +00:00
}
2007-06-10 17:43:37 +00:00
$this -> Aro -> Permission -> create ( $save );
return $this -> Aro -> Permission -> save ();
2007-05-23 18:12:05 +00:00
}
/**
2007-10-22 06:58:51 +00:00
* Deny access for $aro to action $action in $aco
2007-05-23 18:12:05 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $actions Action ( defaults to * )
* @ return boolean Success
* @ access public
2007-05-23 18:12:05 +00:00
*/
function deny ( $aro , $aco , $action = " * " ) {
return $this -> allow ( $aro , $aco , $action , - 1 );
}
/**
2007-10-22 06:58:51 +00:00
* Let access for $aro to action $action in $aco be inherited
2007-05-23 18:12:05 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $actions Action ( defaults to * )
* @ return boolean Success
* @ access public
2007-05-23 18:12:05 +00:00
*/
function inherit ( $aro , $aco , $action = " * " ) {
return $this -> allow ( $aro , $aco , $action , 0 );
}
/**
2007-10-22 06:58:51 +00:00
* Allow $aro to have access to action $actions in $aco
2007-05-23 18:12:05 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $actions Action ( defaults to * )
* @ return boolean Success
* @ see allow ()
* @ access public
2007-05-23 18:12:05 +00:00
*/
function grant ( $aro , $aco , $action = " * " ) {
return $this -> allow ( $aro , $aco , $action );
}
/**
2007-10-22 06:58:51 +00:00
* Deny access for $aro to action $action in $aco
2007-05-23 18:12:05 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $actions Action ( defaults to * )
* @ return boolean Success
* @ see deny ()
* @ access public
2007-05-23 18:12:05 +00:00
*/
function revoke ( $aro , $aco , $action = " * " ) {
return $this -> deny ( $aro , $aco , $action );
}
/**
* Get an array of access - control links between the given Aro and Aco
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ return array Indexed array with : 'aro' , 'aco' and 'link'
* @ access public
2007-05-23 18:12:05 +00:00
*/
function getAclLink ( $aro , $aco ) {
$obj = array ();
$obj [ 'Aro' ] = $this -> Aro -> node ( $aro );
$obj [ 'Aco' ] = $this -> Aco -> node ( $aco );
if ( empty ( $obj [ 'Aro' ]) || empty ( $obj [ 'Aco' ])) {
return false ;
}
return array (
2007-08-18 16:42:38 +00:00
'aro' => Set :: extract ( $obj , 'Aro.0.' . $this -> Aro -> name . '.id' ),
'aco' => Set :: extract ( $obj , 'Aco.0.' . $this -> Aco -> name . '.id' ),
2007-05-23 18:12:05 +00:00
'link' => $this -> Aro -> Permission -> findAll ( array (
2007-08-18 16:42:38 +00:00
$this -> Aro -> Permission -> name . '.aro_id' => Set :: extract ( $obj , 'Aro.0.' . $this -> Aro -> name . '.id' ),
$this -> Aro -> Permission -> name . '.aco_id' => Set :: extract ( $obj , 'Aco.0.' . $this -> Aco -> name . '.id' )
2007-05-23 18:12:05 +00:00
))
);
}
/**
2007-10-22 06:58:51 +00:00
* Get the keys used in an ACO
2007-05-23 18:12:05 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param array $keys Permission model info
* @ return array ACO keys
* @ access protected
2007-05-23 18:12:05 +00:00
*/
function _getAcoKeys ( $keys ) {
$newKeys = array ();
$keys = $keys -> extract ( '{n}.name' );
2007-06-20 06:15:35 +00:00
foreach ( $keys as $key ) {
2007-05-23 18:12:05 +00:00
if ( ! in_array ( $key , array ( 'id' , 'aro_id' , 'aco_id' ))) {
$newKeys [] = $key ;
}
}
return $newKeys ;
}
}
/**
* In this file you can extend the AclBase .
*
* @ package cake
* @ subpackage cake . cake . libs . model . iniacl
*/
class INI_ACL extends AclBase {
/**
* Array with configuration , parsed from ini file
2007-10-22 06:58:51 +00:00
*
* @ var array
* @ access public
2007-05-23 18:12:05 +00:00
*/
var $config = null ;
/**
* The constructor must be overridden , as AclBase is abstract .
*
*/
function __construct () {
}
/**
* Main ACL check function . Checks to see if the ARO ( access request object ) has access to the ACO ( access control object ) .
2007-07-08 21:01:31 +00:00
* Looks at the acl . ini . php file for permissions ( see instructions in / config / acl . ini . php ) .
2007-05-23 18:12:05 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $aco_action Action
* @ return bool Success
* @ access public
2007-05-23 18:12:05 +00:00
*/
function check ( $aro , $aco , $aco_action = null ) {
if ( $this -> config == null ) {
$this -> config = $this -> readConfigFile ( CONFIGS . 'acl.ini.php' );
}
$aclConfig = $this -> config ;
if ( isset ( $aclConfig [ $aro ][ 'deny' ])) {
$userDenies = $this -> arrayTrim ( explode ( " , " , $aclConfig [ $aro ][ 'deny' ]));
if ( array_search ( $aco , $userDenies )) {
return false ;
}
}
if ( isset ( $aclConfig [ $aro ][ 'allow' ])) {
$userAllows = $this -> arrayTrim ( explode ( " , " , $aclConfig [ $aro ][ 'allow' ]));
if ( array_search ( $aco , $userAllows )) {
return true ;
}
}
if ( isset ( $aclConfig [ $aro ][ 'groups' ])) {
$userGroups = $this -> arrayTrim ( explode ( " , " , $aclConfig [ $aro ][ 'groups' ]));
2007-06-20 06:15:35 +00:00
foreach ( $userGroups as $group ) {
2007-05-23 18:12:05 +00:00
if ( array_key_exists ( $group , $aclConfig )) {
if ( isset ( $aclConfig [ $group ][ 'deny' ])) {
$groupDenies = $this -> arrayTrim ( explode ( " , " , $aclConfig [ $group ][ 'deny' ]));
if ( array_search ( $aco , $groupDenies )) {
return false ;
}
}
if ( isset ( $aclConfig [ $group ][ 'allow' ])) {
$groupAllows = $this -> arrayTrim ( explode ( " , " , $aclConfig [ $group ][ 'allow' ]));
if ( array_search ( $aco , $groupAllows )) {
return true ;
}
}
}
}
}
return false ;
}
/**
* Parses an INI file and returns an array that reflects the INI file ' s section structure . Double - quote friendly .
*
2007-10-22 06:58:51 +00:00
* @ param string $fileName File
* @ return array INI section structure
* @ access public
2007-05-23 18:12:05 +00:00
*/
function readConfigFile ( $fileName ) {
$fileLineArray = file ( $fileName );
2007-06-20 06:15:35 +00:00
foreach ( $fileLineArray as $fileLine ) {
2007-07-08 21:01:31 +00:00
$dataLine = trim ( $fileLine );
$firstChar = substr ( $dataLine , 0 , 1 );
2007-05-23 18:12:05 +00:00
2007-07-08 21:01:31 +00:00
if ( $firstChar != ';' && $dataLine != '' ) {
if ( $firstChar == '[' && substr ( $dataLine , - 1 , 1 ) == ']' ) {
$sectionName = preg_replace ( '/[\[\]]/' , '' , $dataLine );
} else {
$delimiter = strpos ( $dataLine , '=' );
2007-05-23 18:12:05 +00:00
2007-07-08 21:01:31 +00:00
if ( $delimiter > 0 ) {
$key = strtolower ( trim ( substr ( $dataLine , 0 , $delimiter )));
$value = trim ( substr ( $dataLine , $delimiter + 1 ));
2007-05-23 18:12:05 +00:00
2007-07-08 21:01:31 +00:00
if ( substr ( $value , 0 , 1 ) == '"' && substr ( $value , - 1 ) == '"' ) {
$value = substr ( $value , 1 , - 1 );
}
2007-05-23 18:12:05 +00:00
2007-07-08 21:01:31 +00:00
$iniSetting [ $sectionName ][ $key ] = stripcslashes ( $value );
} else {
if ( ! isset ( $sectionName )) {
$sectionName = '' ;
2007-05-23 18:12:05 +00:00
}
2007-07-08 21:01:31 +00:00
$iniSetting [ $sectionName ][ strtolower ( trim ( $dataLine ))] = '' ;
2007-05-23 18:12:05 +00:00
}
}
2007-07-08 21:01:31 +00:00
}
2007-05-23 18:12:05 +00:00
}
return $iniSetting ;
}
/**
* Removes trailing spaces on all array elements ( to prepare for searching )
*
2007-10-22 06:58:51 +00:00
* @ param array $array Array to trim
* @ return array Trimmed array
* @ access public
2007-05-23 18:12:05 +00:00
*/
function arrayTrim ( $array ) {
2007-07-24 13:55:25 +00:00
foreach ( $array as $key => $value ) {
$array [ $key ] = trim ( $value );
2007-05-23 18:12:05 +00:00
}
array_unshift ( $array , " " );
return $array ;
}
}
2007-10-22 06:58:51 +00:00
?>