2008-05-30 11:40:08 +00:00
|
|
|
<?php
|
|
|
|
/**
|
2017-06-10 23:33:55 +02:00
|
|
|
* CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
|
2017-06-11 00:10:52 +02:00
|
|
|
* Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
|
2008-05-30 11:40:08 +00:00
|
|
|
*
|
|
|
|
* Licensed under The MIT License
|
2013-02-08 21:22:51 +09:00
|
|
|
* For full copyright and license information, please see the LICENSE.txt
|
2008-05-30 11:40:08 +00:00
|
|
|
* Redistributions of files must retain the above copyright notice.
|
|
|
|
*
|
2017-06-11 00:10:52 +02:00
|
|
|
* @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
|
2017-06-10 23:33:55 +02:00
|
|
|
* @link https://cakephp.org CakePHP(tm) Project
|
2011-07-26 01:46:14 -04:30
|
|
|
* @package Cake.Controller.Component
|
2008-10-30 17:30:26 +00:00
|
|
|
* @since CakePHP(tm) v 0.10.0.1076
|
2017-06-11 00:23:14 +02:00
|
|
|
* @license https://opensource.org/licenses/mit-license.php MIT License
|
2008-05-30 11:40:08 +00:00
|
|
|
*/
|
2013-05-31 00:11:14 +02:00
|
|
|
|
2010-12-22 00:05:46 -04:30
|
|
|
App::uses('Component', 'Controller');
|
2012-01-29 13:54:26 -05:00
|
|
|
App::uses('AclInterface', 'Controller/Component/Acl');
|
2010-12-22 00:05:46 -04:30
|
|
|
|
2008-05-30 11:40:08 +00:00
|
|
|
/**
|
|
|
|
* Access Control List factory class.
|
|
|
|
*
|
2010-03-28 12:17:53 -04:00
|
|
|
* Uses a strategy pattern to allow custom ACL implementations to be used with the same component interface.
|
2014-04-11 15:10:56 -04:00
|
|
|
* You can define by changing `Configure::write('Acl.classname', 'DbAcl');` in your core.php. The adapter
|
|
|
|
* you specify must implement `AclInterface`
|
2008-05-30 11:40:08 +00:00
|
|
|
*
|
2011-07-26 01:46:14 -04:30
|
|
|
* @package Cake.Controller.Component
|
2017-06-11 00:15:34 +02:00
|
|
|
* @link https://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html
|
2008-05-30 11:40:08 +00:00
|
|
|
*/
|
2010-07-04 15:12:42 -04:00
|
|
|
class AclComponent extends Component {
|
2009-07-24 21:18:37 +02:00
|
|
|
|
2008-05-30 11:40:08 +00:00
|
|
|
/**
|
|
|
|
* Instance of an ACL class
|
|
|
|
*
|
2011-07-31 22:57:17 -04:00
|
|
|
* @var AclInterface
|
2008-05-30 11:40:08 +00:00
|
|
|
*/
|
2010-04-04 16:36:12 +10:00
|
|
|
protected $_Instance = null;
|
2009-07-24 21:18:37 +02:00
|
|
|
|
2010-07-04 18:41:08 -04:00
|
|
|
/**
|
|
|
|
* Aro object.
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
public $Aro;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Aco object
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
public $Aco;
|
|
|
|
|
2008-05-30 11:40:08 +00:00
|
|
|
/**
|
2010-03-28 12:17:53 -04:00
|
|
|
* Constructor. Will return an instance of the correct ACL class as defined in `Configure::read('Acl.classname')`
|
2008-05-30 11:40:08 +00:00
|
|
|
*
|
2014-06-01 03:06:05 +05:30
|
|
|
* @param ComponentCollection $collection Collection instance.
|
|
|
|
* @param array $settings Settings list.
|
2010-12-11 19:01:07 -05:00
|
|
|
* @throws CakeException when Acl.classname could not be loaded.
|
2008-05-30 11:40:08 +00:00
|
|
|
*/
|
2010-07-04 17:09:44 -04:00
|
|
|
public function __construct(ComponentCollection $collection, $settings = array()) {
|
|
|
|
parent::__construct($collection, $settings);
|
2012-01-29 13:56:53 -05:00
|
|
|
$name = Configure::read('Acl.classname');
|
2008-05-30 11:40:08 +00:00
|
|
|
if (!class_exists($name)) {
|
2012-01-29 13:54:26 -05:00
|
|
|
list($plugin, $name) = pluginSplit($name, true);
|
2012-02-21 15:21:15 +01:00
|
|
|
App::uses($name, $plugin . 'Controller/Component/Acl');
|
|
|
|
if (!class_exists($name)) {
|
2011-03-20 16:35:43 +01:00
|
|
|
throw new CakeException(__d('cake_dev', 'Could not find %s.', $name));
|
2010-04-23 23:03:51 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
$this->adapter($name);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Sets or gets the Adapter object currently in the AclComponent.
|
|
|
|
*
|
|
|
|
* `$this->Acl->adapter();` will get the current adapter class while
|
|
|
|
* `$this->Acl->adapter($obj);` will set the adapter class
|
|
|
|
*
|
|
|
|
* Will call the initialize method on the adapter if setting a new one.
|
|
|
|
*
|
2012-05-13 01:43:31 +01:00
|
|
|
* @param AclInterface|string $adapter Instance of AclInterface or a string name of the class to use. (optional)
|
2015-09-25 17:11:20 +02:00
|
|
|
* @return AclInterface|null Either null, or the adapter implementation.
|
2012-03-13 21:04:56 -04:00
|
|
|
* @throws CakeException when the given class is not an instance of AclInterface
|
2010-04-23 23:03:51 -04:00
|
|
|
*/
|
|
|
|
public function adapter($adapter = null) {
|
|
|
|
if ($adapter) {
|
|
|
|
if (is_string($adapter)) {
|
|
|
|
$adapter = new $adapter();
|
|
|
|
}
|
2010-04-23 23:52:36 -04:00
|
|
|
if (!$adapter instanceof AclInterface) {
|
2011-03-20 16:35:43 +01:00
|
|
|
throw new CakeException(__d('cake_dev', 'AclComponent adapters must implement AclInterface'));
|
2008-05-30 11:40:08 +00:00
|
|
|
}
|
2010-04-23 23:03:51 -04:00
|
|
|
$this->_Instance = $adapter;
|
|
|
|
$this->_Instance->initialize($this);
|
2015-09-25 17:11:20 +02:00
|
|
|
return null;
|
2008-05-30 11:40:08 +00:00
|
|
|
}
|
2010-04-23 23:03:51 -04:00
|
|
|
return $this->_Instance;
|
2008-05-30 11:40:08 +00:00
|
|
|
}
|
2009-07-24 21:18:37 +02:00
|
|
|
|
2008-05-30 11:40:08 +00:00
|
|
|
/**
|
2012-12-22 23:48:15 +01:00
|
|
|
* Pass-thru function for ACL check instance. Check methods
|
2010-03-28 12:17:53 -04:00
|
|
|
* are used to check whether or not an ARO can access an ACO
|
2008-05-30 11:40:08 +00:00
|
|
|
*
|
2012-05-13 01:43:31 +01:00
|
|
|
* @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
|
|
|
|
* @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
|
2008-05-30 11:40:08 +00:00
|
|
|
* @param string $action Action (defaults to *)
|
2014-07-03 15:36:42 +02:00
|
|
|
* @return bool Success
|
2008-05-30 11:40:08 +00:00
|
|
|
*/
|
2010-04-05 13:19:38 +10:00
|
|
|
public function check($aro, $aco, $action = "*") {
|
2008-05-30 11:40:08 +00:00
|
|
|
return $this->_Instance->check($aro, $aco, $action);
|
|
|
|
}
|
2009-07-24 21:18:37 +02:00
|
|
|
|
2008-05-30 11:40:08 +00:00
|
|
|
/**
|
2010-03-28 12:17:53 -04:00
|
|
|
* Pass-thru function for ACL allow instance. Allow methods
|
|
|
|
* are used to grant an ARO access to an ACO.
|
2008-05-30 11:40:08 +00:00
|
|
|
*
|
2012-05-13 01:43:31 +01:00
|
|
|
* @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
|
|
|
|
* @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
|
2008-05-30 11:40:08 +00:00
|
|
|
* @param string $action Action (defaults to *)
|
2014-07-03 15:36:42 +02:00
|
|
|
* @return bool Success
|
2008-05-30 11:40:08 +00:00
|
|
|
*/
|
2010-04-05 13:19:38 +10:00
|
|
|
public function allow($aro, $aco, $action = "*") {
|
2008-05-30 11:40:08 +00:00
|
|
|
return $this->_Instance->allow($aro, $aco, $action);
|
|
|
|
}
|
2009-07-24 21:18:37 +02:00
|
|
|
|
2008-05-30 11:40:08 +00:00
|
|
|
/**
|
2010-03-28 12:17:53 -04:00
|
|
|
* Pass-thru function for ACL deny instance. Deny methods
|
|
|
|
* are used to remove permission from an ARO to access an ACO.
|
2008-05-30 11:40:08 +00:00
|
|
|
*
|
2012-05-13 01:43:31 +01:00
|
|
|
* @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
|
|
|
|
* @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
|
2008-05-30 11:40:08 +00:00
|
|
|
* @param string $action Action (defaults to *)
|
2014-07-03 15:36:42 +02:00
|
|
|
* @return bool Success
|
2008-05-30 11:40:08 +00:00
|
|
|
*/
|
2010-04-05 13:19:38 +10:00
|
|
|
public function deny($aro, $aco, $action = "*") {
|
2008-05-30 11:40:08 +00:00
|
|
|
return $this->_Instance->deny($aro, $aco, $action);
|
|
|
|
}
|
2009-07-24 21:18:37 +02:00
|
|
|
|
2008-05-30 11:40:08 +00:00
|
|
|
/**
|
2010-03-28 12:17:53 -04:00
|
|
|
* Pass-thru function for ACL inherit instance. Inherit methods
|
|
|
|
* modify the permission for an ARO to be that of its parent object.
|
2008-05-30 11:40:08 +00:00
|
|
|
*
|
2012-05-13 01:43:31 +01:00
|
|
|
* @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
|
|
|
|
* @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
|
2008-05-30 11:40:08 +00:00
|
|
|
* @param string $action Action (defaults to *)
|
2014-07-03 15:36:42 +02:00
|
|
|
* @return bool Success
|
2008-05-30 11:40:08 +00:00
|
|
|
*/
|
2010-04-05 13:19:38 +10:00
|
|
|
public function inherit($aro, $aco, $action = "*") {
|
2008-05-30 11:40:08 +00:00
|
|
|
return $this->_Instance->inherit($aro, $aco, $action);
|
|
|
|
}
|
2009-07-24 21:18:37 +02:00
|
|
|
|
2008-05-30 11:40:08 +00:00
|
|
|
/**
|
2010-03-28 12:17:53 -04:00
|
|
|
* Pass-thru function for ACL grant instance. An alias for AclComponent::allow()
|
2008-05-30 11:40:08 +00:00
|
|
|
*
|
2012-05-13 01:43:31 +01:00
|
|
|
* @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
|
|
|
|
* @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
|
2008-05-30 11:40:08 +00:00
|
|
|
* @param string $action Action (defaults to *)
|
2014-07-03 15:36:42 +02:00
|
|
|
* @return bool Success
|
2014-09-02 17:03:22 +02:00
|
|
|
* @deprecated 3.0.0 Will be removed in 3.0.
|
2008-05-30 11:40:08 +00:00
|
|
|
*/
|
2010-04-05 13:19:38 +10:00
|
|
|
public function grant($aro, $aco, $action = "*") {
|
2013-08-16 13:39:38 +04:00
|
|
|
trigger_error(__d('cake_dev', '%s is deprecated, use %s instead', 'AclComponent::grant()', 'allow()'), E_USER_WARNING);
|
2010-09-08 22:48:21 -04:00
|
|
|
return $this->_Instance->allow($aro, $aco, $action);
|
2008-05-30 11:40:08 +00:00
|
|
|
}
|
2009-07-24 21:18:37 +02:00
|
|
|
|
2008-05-30 11:40:08 +00:00
|
|
|
/**
|
2010-03-28 12:17:53 -04:00
|
|
|
* Pass-thru function for ACL grant instance. An alias for AclComponent::deny()
|
2008-05-30 11:40:08 +00:00
|
|
|
*
|
2012-05-13 01:43:31 +01:00
|
|
|
* @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats
|
|
|
|
* @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats
|
2008-05-30 11:40:08 +00:00
|
|
|
* @param string $action Action (defaults to *)
|
2014-07-03 15:36:42 +02:00
|
|
|
* @return bool Success
|
2014-09-02 17:03:22 +02:00
|
|
|
* @deprecated 3.0.0 Will be removed in 3.0.
|
2008-05-30 11:40:08 +00:00
|
|
|
*/
|
2010-04-05 13:19:38 +10:00
|
|
|
public function revoke($aro, $aco, $action = "*") {
|
2013-08-16 13:39:38 +04:00
|
|
|
trigger_error(__d('cake_dev', '%s is deprecated, use %s instead', 'AclComponent::revoke()', 'deny()'), E_USER_WARNING);
|
2010-09-08 22:48:21 -04:00
|
|
|
return $this->_Instance->deny($aro, $aco, $action);
|
2008-05-30 11:40:08 +00:00
|
|
|
}
|
2010-04-23 23:52:36 -04:00
|
|
|
|
2012-03-03 19:27:46 -05:00
|
|
|
}
|