2005-08-21 06:49:02 +00:00
< ? php
/* SVN FILE: $Id$ */
/**
2005-09-07 01:52:45 +00:00
* Access Control List factory class .
2006-01-12 02:10:47 +00:00
*
2005-09-07 01:52:45 +00:00
* Permissions system .
2005-08-21 06:49:02 +00:00
*
* PHP versions 4 and 5
*
2007-02-02 10:39:45 +00:00
* CakePHP ( tm ) : Rapid Development Framework < http :// www . cakephp . org />
2008-01-01 22:18:17 +00:00
* Copyright 2005 - 2008 , Cake Software Foundation , Inc .
2006-05-26 05:29:17 +00:00
* 1785 E . Sahara Avenue , Suite 490 - 204
* Las Vegas , Nevada 89104
2006-01-12 02:10:47 +00:00
*
2005-12-23 21:57:26 +00:00
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice .
2005-08-21 06:49:02 +00:00
*
2006-01-12 02:10:47 +00:00
* @ filesource
2008-01-01 22:18:17 +00:00
* @ copyright Copyright 2005 - 2008 , Cake Software Foundation , Inc .
2007-02-02 10:39:45 +00:00
* @ link http :// www . cakefoundation . org / projects / info / cakephp CakePHP ( tm ) Project
2006-05-26 05:29:17 +00:00
* @ package cake
* @ subpackage cake . cake . libs . controller . components
2007-02-02 10:39:45 +00:00
* @ since CakePHP ( tm ) v 0.10 . 0.1076
2006-05-26 05:29:17 +00:00
* @ version $Revision $
* @ modifiedby $LastChangedBy $
* @ lastmodified $Date $
* @ license http :// www . opensource . org / licenses / mit - license . php The MIT License
2005-08-21 06:49:02 +00:00
*/
/**
* Access Control List factory class .
2006-01-12 02:10:47 +00:00
*
2005-08-21 06:49:02 +00:00
* Looks for ACL implementation class in core config , and returns an instance of that class .
*
2006-05-26 05:29:17 +00:00
* @ package cake
* @ subpackage cake . cake . libs . controller . components
2005-08-21 06:49:02 +00:00
*/
2006-06-14 18:02:37 +00:00
class AclComponent extends Object {
2007-10-22 06:58:51 +00:00
/**
* Instance of an ACL class
*
* @ var object
* @ access protected
*/
var $_Instance = null ;
2005-12-22 01:07:28 +00:00
/**
2006-02-07 02:19:53 +00:00
* Constructor . Will return an instance of the correct ACL class .
2005-12-22 01:07:28 +00:00
*
*/
2007-10-14 01:09:21 +00:00
function __construct () {
$name = Configure :: read ( 'Acl.classname' );
if ( ! class_exists ( $name )) {
2008-01-10 23:13:53 +00:00
if ( App :: import ( 'Component' , $name )) {
2007-10-14 01:09:21 +00:00
if ( strpos ( $name , '.' ) !== false ) {
list ( $plugin , $name ) = explode ( '.' , $name );
}
$name .= 'Component' ;
} else {
trigger_error ( sprintf ( __ ( 'Could not find %s.' , true ), $name ), E_USER_WARNING );
}
}
2007-10-22 06:58:51 +00:00
$this -> _Instance =& new $name ();
$this -> _Instance -> initialize ( $this );
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
2007-10-22 06:58:51 +00:00
* Startup is not used
2005-12-22 01:07:28 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param object $controller Controller using this component
* @ return boolean Proceed with component usage ( true ), or fail ( false )
* @ access public
2005-12-22 01:07:28 +00:00
*/
2007-10-14 01:09:21 +00:00
function startup ( & $controller ) {
return true ;
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
2006-02-07 02:19:53 +00:00
* Empty class defintion , to be overridden in subclasses .
2005-12-22 01:07:28 +00:00
*
2007-10-22 06:58:51 +00:00
* @ access protected
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function _initACL () {
}
2005-12-22 01:07:28 +00:00
/**
* Pass - thru function for ACL check instance .
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $action Action ( defaults to * )
2007-10-22 16:09:35 +00:00
* @ return boolean Success
2007-10-22 06:58:51 +00:00
* @ access public
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function check ( $aro , $aco , $action = " * " ) {
2007-10-22 06:58:51 +00:00
return $this -> _Instance -> check ( $aro , $aco , $action );
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
* Pass - thru function for ACL allow instance .
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $action Action ( defaults to * )
2007-10-22 16:09:35 +00:00
* @ return boolean Success
2007-10-22 06:58:51 +00:00
* @ access public
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function allow ( $aro , $aco , $action = " * " ) {
2007-10-22 06:58:51 +00:00
return $this -> _Instance -> allow ( $aro , $aco , $action );
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
* Pass - thru function for ACL deny instance .
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $action Action ( defaults to * )
2007-10-22 16:09:35 +00:00
* @ return boolean Success
2007-10-22 06:58:51 +00:00
* @ access public
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function deny ( $aro , $aco , $action = " * " ) {
2007-10-22 06:58:51 +00:00
return $this -> _Instance -> deny ( $aro , $aco , $action );
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
* Pass - thru function for ACL inherit instance .
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $action Action ( defaults to * )
2007-10-22 16:09:35 +00:00
* @ return boolean Success
2007-10-22 06:58:51 +00:00
* @ access public
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function inherit ( $aro , $aco , $action = " * " ) {
2007-10-22 06:58:51 +00:00
return $this -> _Instance -> inherit ( $aro , $aco , $action );
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
* Pass - thru function for ACL grant instance .
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $action Action ( defaults to * )
2007-10-22 16:09:35 +00:00
* @ return boolean Success
2007-10-22 06:58:51 +00:00
* @ access public
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function grant ( $aro , $aco , $action = " * " ) {
2007-10-22 06:58:51 +00:00
return $this -> _Instance -> grant ( $aro , $aco , $action );
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
* Pass - thru function for ACL grant instance .
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $action Action ( defaults to * )
2007-10-22 16:09:35 +00:00
* @ return boolean Success
2007-10-22 06:58:51 +00:00
* @ access public
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function revoke ( $aro , $aco , $action = " * " ) {
2007-10-22 06:58:51 +00:00
return $this -> _Instance -> revoke ( $aro , $aco , $action );
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
2006-11-24 17:27:11 +00:00
* Sets the current ARO instance to object from getAro
*
2007-10-22 06:58:51 +00:00
* @ param string $id ID of ARO
2007-10-22 16:09:35 +00:00
* @ return boolean Success
2007-10-22 06:58:51 +00:00
* @ access public
2006-11-24 17:27:11 +00:00
*/
function setAro ( $id ) {
2007-10-22 06:58:51 +00:00
return $this -> Aro = $this -> _Instance -> getAro ( $id );
2006-11-24 17:27:11 +00:00
}
/**
* Sets the current ACO instance to object from getAco
*
2007-10-22 06:58:51 +00:00
* @ param string $id ID of ACO
2007-10-22 16:09:35 +00:00
* @ return boolean Success
2007-10-22 06:58:51 +00:00
* @ access public
2006-11-24 17:27:11 +00:00
*/
function setAco ( $id ) {
2007-10-22 06:58:51 +00:00
return $this -> Aco = $this -> _Instance -> getAco ( $id );
2006-11-24 17:27:11 +00:00
}
/**
* Pass - thru function for ACL getAro instance
* that gets an ARO object from the given id or alias
2005-12-22 01:07:28 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $id ARO id
* @ return object ARO
* @ access public
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function getAro ( $id ) {
2007-10-22 06:58:51 +00:00
return $this -> _Instance -> getAro ( $id );
2006-06-14 18:02:37 +00:00
}
2005-12-22 01:07:28 +00:00
/**
* Pass - thru function for ACL getAco instance .
2006-11-24 17:27:11 +00:00
* that gets an ACO object from the given id or alias
2005-12-22 01:07:28 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $id ACO id
* @ return object ACO
* @ access public
2005-12-22 01:07:28 +00:00
*/
2006-06-14 18:02:37 +00:00
function getAco ( $id ) {
2007-10-22 06:58:51 +00:00
return $this -> _Instance -> getAco ( $id );
2006-06-14 18:02:37 +00:00
}
2005-08-21 06:49:02 +00:00
}
2007-05-01 01:23:21 +00:00
/**
* Access Control List abstract class . Not to be instantiated .
* Subclasses of this class are used by AclComponent to perform ACL checks in Cake .
*
* @ package cake
* @ subpackage cake . cake . libs . controller . components
2007-05-20 04:44:18 +00:00
* @ abstract
2007-05-01 01:23:21 +00:00
*/
2007-05-20 04:44:18 +00:00
class AclBase extends Object {
2007-05-01 01:23:21 +00:00
/**
* This class should never be instantiated , just subclassed .
*
*/
2007-05-21 04:24:58 +00:00
function __construct () {
2007-05-01 01:23:21 +00:00
if ( strcasecmp ( get_class ( $this ), " AclBase " ) == 0 || ! is_subclass_of ( $this , " AclBase " )) {
trigger_error ( __ ( " [acl_base] The AclBase class constructor has been called, or the class was instantiated. This class must remain abstract. Please refer to the Cake docs for ACL configuration. " , true ), E_USER_ERROR );
return NULL ;
}
}
/**
* Empty method to be overridden in subclasses
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $action Action ( defaults to * )
* @ access public
2007-05-01 01:23:21 +00:00
*/
function check ( $aro , $aco , $action = " * " ) {
}
2007-05-15 20:01:44 +00:00
/**
* Empty method to be overridden in subclasses
*
2007-10-22 06:58:51 +00:00
* @ param object $component Component
* @ access public
2007-05-15 20:01:44 +00:00
*/
function initialize ( & $component ) {
}
2007-05-01 01:23:21 +00:00
}
2007-05-23 18:12:05 +00:00
/**
* In this file you can extend the AclBase .
*
* @ package cake
* @ subpackage cake . cake . libs . model
*/
class DB_ACL extends AclBase {
/**
2007-10-15 16:34:24 +00:00
* Constructor
2007-05-23 18:12:05 +00:00
*
*/
function __construct () {
parent :: __construct ();
2007-10-15 16:34:24 +00:00
uses ( 'model' . DS . 'db_acl' );
Closes #2119 Only define clone() in PHP4 when it hasn't been already defined.
Closes #2213, Support multiple plugin paths.
Closes #2234, filepaths to behavior classes should be cached in class.paths.php also
Closes #2345, ability to group components into subfolders
Closes #2645, Improvement to basic.php for class loading.
Fixes #3526, Cache::write, when using just the config name, it fails.
Fixes #3559, loading plugin model as assoc don't work.
Closes #3567 Controller Folders (Note this does not need routing to work, but controller names can not conflict with others in the same application so naming must still be unique)
Fixes #3579, email.php component: Parse error with php 4.
Adding new class and file importer.
Updated most of the core to use the importer.
Added ClassRegsitry::init() that will create and instance of an object and store it in the registry.
Deprecated most of the load functions in basics.php
Plugin model loading now forces using the dot notation, to use models within a plugin, all the model associations must be in the PluginName.Model syntax, if this is not used, the plugin will look for the models in the main app/models directory first, if not found then it will search the plugin directories recursively until it finds a model.
var $belongsTo = array('SomeModel'); will look for some_model.php in the app/models
var $belongsTo = array('MyPlugin.SomeModel'); will look for some_model.php in my_plugin/models
var $belongsTo = array('MyPlugin.MyPlugin', 'SomeModel'); will used my_plugin/models/my_plugin.php and app/models/some_model.php
The controllers of the plugin will still look for the default models inside the plugin if var $uses is not set:
var $uses = array('SomeModel'); will look for some_model.php in the app/models
var $uses = array('MyPlugin.SomeModel'); will look for some_model.php in my_plugin/models
var $uses = array('MyPlugin.MyPlugin', 'SomeModel'); will used my_plugin/models/my_plugin.php and app/models/some_model.php
All of the above will work between plugins and main app
These changes also allow placing model and controllers is sub directories
Removed old class.paths.php file generation
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6001 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-11-16 09:35:19 +00:00
$this -> Aro =& ClassRegistry :: init ( array ( 'class' => 'Aro' , 'alias' => 'Aro' ));
$this -> Aco =& ClassRegistry :: init ( array ( 'class' => 'Aco' , 'alias' => 'Aco' ));
2007-05-23 18:12:05 +00:00
}
/**
* Enter description here ...
*
2007-10-15 16:34:24 +00:00
* @ param object $component
2007-10-22 06:58:51 +00:00
* @ access public
2007-05-23 18:12:05 +00:00
*/
function initialize ( & $component ) {
2007-10-15 16:34:24 +00:00
$component -> Aro = $this -> Aro ;
$component -> Aco = $this -> Aco ;
2007-05-23 18:12:05 +00:00
}
/**
2007-10-22 06:58:51 +00:00
* Checks if the given $aro has access to action $action in $aco
2007-05-23 18:12:05 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $action Action ( defaults to * )
* @ return boolean Success ( true if ARO has access to action in ACO , false otherwise )
* @ access public
2007-05-23 18:12:05 +00:00
*/
function check ( $aro , $aco , $action = " * " ) {
if ( $aro == null || $aco == null ) {
return false ;
}
2007-10-28 04:18:18 +00:00
$permKeys = $this -> _getAcoKeys ( $this -> Aro -> Permission -> schema ());
2007-05-23 18:12:05 +00:00
$aroPath = $this -> Aro -> node ( $aro );
$acoPath = new Set ( $this -> Aco -> node ( $aco ));
if ( empty ( $aroPath ) || empty ( $acoPath )) {
trigger_error ( " DB_ACL::check() - Failed ARO/ACO node lookup in permissions check. Node references: \n Aro: " . print_r ( $aro , true ) . " \n Aco: " . print_r ( $aco , true ), E_USER_WARNING );
return false ;
}
if ( $acoPath -> get () == null || $acoPath -> get () == array ()) {
trigger_error ( " DB_ACL::check() - Failed ACO node lookup in permissions check. Node references: \n Aro: " . print_r ( $aro , true ) . " \n Aco: " . print_r ( $aco , true ), E_USER_WARNING );
return false ;
}
$aroNode = $aroPath [ 0 ];
$acoNode = $acoPath -> get ();
$acoNode = $acoNode [ 0 ];
if ( $action != '*' && ! in_array ( '_' . $action , $permKeys )) {
trigger_error ( sprintf ( __ ( " ACO permissions key %s does not exist in DB_ACL::check() " , true ), $action ), E_USER_NOTICE );
return false ;
}
Fixes #2902, DB_ACL::allow allowing all when $actions is not an array.
Fixes #2988, AclComponent check() does not inherit permissions.
Fixes #3022, Inconsistent table alias quoting crashes Acl node lookup with PostgreSQL.
Fixes #3129, Console ACL Shell ACO View Broken
Fixes #3176, Problems with ACL support on Microsoft SQL Server.
Closes #3311 as invalid, DboSourceTest::testArrayConditionsParsing tests added
Fixes #3312, DB_ACL::check() fail returning right permission
Fixes #3344, Model->field adds incorrect condition under certain circumstances.
Fixes #3400, Cookie Component: When reading a non-existing key it throws a notice.
Fixes #3407, Since [5768] CookieComponent throws warning when used in beforeFilter().
Closes #3401, Added form test to ensure $Form->fields array is what the security component requires.
Updated AclComponentTest
Merged changes in app/ to cake/console/libs/templates/skel
Fixed generated link to Run More Test after running Group > All tests
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5776 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-10-17 12:51:17 +00:00
$inherited = array ();
2007-10-29 00:17:37 +00:00
$acoIDs = $acoPath -> extract ( '{n}.' . $this -> Aco -> alias . '.id' );
Fixes #2902, DB_ACL::allow allowing all when $actions is not an array.
Fixes #2988, AclComponent check() does not inherit permissions.
Fixes #3022, Inconsistent table alias quoting crashes Acl node lookup with PostgreSQL.
Fixes #3129, Console ACL Shell ACO View Broken
Fixes #3176, Problems with ACL support on Microsoft SQL Server.
Closes #3311 as invalid, DboSourceTest::testArrayConditionsParsing tests added
Fixes #3312, DB_ACL::check() fail returning right permission
Fixes #3344, Model->field adds incorrect condition under certain circumstances.
Fixes #3400, Cookie Component: When reading a non-existing key it throws a notice.
Fixes #3407, Since [5768] CookieComponent throws warning when used in beforeFilter().
Closes #3401, Added form test to ensure $Form->fields array is what the security component requires.
Updated AclComponentTest
Merged changes in app/ to cake/console/libs/templates/skel
Fixed generated link to Run More Test after running Group > All tests
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5776 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-10-17 12:51:17 +00:00
for ( $i = 0 ; $i < count ( $aroPath ); $i ++ ) {
2007-10-29 00:17:37 +00:00
$permAlias = $this -> Aro -> Permission -> alias ;
Closes #2119 Only define clone() in PHP4 when it hasn't been already defined.
Closes #2213, Support multiple plugin paths.
Closes #2234, filepaths to behavior classes should be cached in class.paths.php also
Closes #2345, ability to group components into subfolders
Closes #2645, Improvement to basic.php for class loading.
Fixes #3526, Cache::write, when using just the config name, it fails.
Fixes #3559, loading plugin model as assoc don't work.
Closes #3567 Controller Folders (Note this does not need routing to work, but controller names can not conflict with others in the same application so naming must still be unique)
Fixes #3579, email.php component: Parse error with php 4.
Adding new class and file importer.
Updated most of the core to use the importer.
Added ClassRegsitry::init() that will create and instance of an object and store it in the registry.
Deprecated most of the load functions in basics.php
Plugin model loading now forces using the dot notation, to use models within a plugin, all the model associations must be in the PluginName.Model syntax, if this is not used, the plugin will look for the models in the main app/models directory first, if not found then it will search the plugin directories recursively until it finds a model.
var $belongsTo = array('SomeModel'); will look for some_model.php in the app/models
var $belongsTo = array('MyPlugin.SomeModel'); will look for some_model.php in my_plugin/models
var $belongsTo = array('MyPlugin.MyPlugin', 'SomeModel'); will used my_plugin/models/my_plugin.php and app/models/some_model.php
The controllers of the plugin will still look for the default models inside the plugin if var $uses is not set:
var $uses = array('SomeModel'); will look for some_model.php in the app/models
var $uses = array('MyPlugin.SomeModel'); will look for some_model.php in my_plugin/models
var $uses = array('MyPlugin.MyPlugin', 'SomeModel'); will used my_plugin/models/my_plugin.php and app/models/some_model.php
All of the above will work between plugins and main app
These changes also allow placing model and controllers is sub directories
Removed old class.paths.php file generation
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6001 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-11-16 09:35:19 +00:00
Fixes #2902, DB_ACL::allow allowing all when $actions is not an array.
Fixes #2988, AclComponent check() does not inherit permissions.
Fixes #3022, Inconsistent table alias quoting crashes Acl node lookup with PostgreSQL.
Fixes #3129, Console ACL Shell ACO View Broken
Fixes #3176, Problems with ACL support on Microsoft SQL Server.
Closes #3311 as invalid, DboSourceTest::testArrayConditionsParsing tests added
Fixes #3312, DB_ACL::check() fail returning right permission
Fixes #3344, Model->field adds incorrect condition under certain circumstances.
Fixes #3400, Cookie Component: When reading a non-existing key it throws a notice.
Fixes #3407, Since [5768] CookieComponent throws warning when used in beforeFilter().
Closes #3401, Added form test to ensure $Form->fields array is what the security component requires.
Updated AclComponentTest
Merged changes in app/ to cake/console/libs/templates/skel
Fixed generated link to Run More Test after running Group > All tests
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5776 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-10-17 12:51:17 +00:00
$perms = $this -> Aro -> Permission -> findAll ( array (
2007-10-29 00:17:37 +00:00
" { $permAlias } .aro_id " => $aroPath [ $i ][ $this -> Aro -> alias ][ 'id' ],
" { $permAlias } .aco_id " => $acoIDs ),
null , array ( $this -> Aco -> alias . '.lft' => 'desc' ), null , null , 0
);
2007-05-23 18:12:05 +00:00
if ( empty ( $perms )) {
continue ;
} else {
2007-10-29 00:17:37 +00:00
$perms = Set :: extract ( $perms , '{n}.' . $this -> Aro -> Permission -> alias );
foreach ( $perms as $perm ) {
2007-05-23 18:12:05 +00:00
if ( $action == '*' ) {
Fixes #2902, DB_ACL::allow allowing all when $actions is not an array.
Fixes #2988, AclComponent check() does not inherit permissions.
Fixes #3022, Inconsistent table alias quoting crashes Acl node lookup with PostgreSQL.
Fixes #3129, Console ACL Shell ACO View Broken
Fixes #3176, Problems with ACL support on Microsoft SQL Server.
Closes #3311 as invalid, DboSourceTest::testArrayConditionsParsing tests added
Fixes #3312, DB_ACL::check() fail returning right permission
Fixes #3344, Model->field adds incorrect condition under certain circumstances.
Fixes #3400, Cookie Component: When reading a non-existing key it throws a notice.
Fixes #3407, Since [5768] CookieComponent throws warning when used in beforeFilter().
Closes #3401, Added form test to ensure $Form->fields array is what the security component requires.
Updated AclComponentTest
Merged changes in app/ to cake/console/libs/templates/skel
Fixed generated link to Run More Test after running Group > All tests
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5776 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-10-17 12:51:17 +00:00
2007-06-20 06:15:35 +00:00
foreach ( $permKeys as $key ) {
2007-05-23 18:12:05 +00:00
if ( ! empty ( $perm )) {
2008-01-09 00:39:00 +00:00
if ( $perm [ $key ] == - 1 ) {
2007-05-23 18:12:05 +00:00
return false ;
Fixes #2902, DB_ACL::allow allowing all when $actions is not an array.
Fixes #2988, AclComponent check() does not inherit permissions.
Fixes #3022, Inconsistent table alias quoting crashes Acl node lookup with PostgreSQL.
Fixes #3129, Console ACL Shell ACO View Broken
Fixes #3176, Problems with ACL support on Microsoft SQL Server.
Closes #3311 as invalid, DboSourceTest::testArrayConditionsParsing tests added
Fixes #3312, DB_ACL::check() fail returning right permission
Fixes #3344, Model->field adds incorrect condition under certain circumstances.
Fixes #3400, Cookie Component: When reading a non-existing key it throws a notice.
Fixes #3407, Since [5768] CookieComponent throws warning when used in beforeFilter().
Closes #3401, Added form test to ensure $Form->fields array is what the security component requires.
Updated AclComponentTest
Merged changes in app/ to cake/console/libs/templates/skel
Fixed generated link to Run More Test after running Group > All tests
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5776 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-10-17 12:51:17 +00:00
} elseif ( $perm [ $key ] == 1 ) {
$inherited [ $key ] = 1 ;
2007-05-23 18:12:05 +00:00
}
}
}
2007-10-29 00:17:37 +00:00
Fixes #2902, DB_ACL::allow allowing all when $actions is not an array.
Fixes #2988, AclComponent check() does not inherit permissions.
Fixes #3022, Inconsistent table alias quoting crashes Acl node lookup with PostgreSQL.
Fixes #3129, Console ACL Shell ACO View Broken
Fixes #3176, Problems with ACL support on Microsoft SQL Server.
Closes #3311 as invalid, DboSourceTest::testArrayConditionsParsing tests added
Fixes #3312, DB_ACL::check() fail returning right permission
Fixes #3344, Model->field adds incorrect condition under certain circumstances.
Fixes #3400, Cookie Component: When reading a non-existing key it throws a notice.
Fixes #3407, Since [5768] CookieComponent throws warning when used in beforeFilter().
Closes #3401, Added form test to ensure $Form->fields array is what the security component requires.
Updated AclComponentTest
Merged changes in app/ to cake/console/libs/templates/skel
Fixed generated link to Run More Test after running Group > All tests
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5776 3807eeeb-6ff5-0310-8944-8be069107fe0
2007-10-17 12:51:17 +00:00
if ( count ( $inherited ) === count ( $permKeys )) {
return true ;
}
2007-05-23 18:12:05 +00:00
} else {
switch ( $perm [ '_' . $action ]) {
case - 1 :
return false ;
case 0 :
continue ;
break ;
case 1 :
return true ;
break ;
}
}
}
}
}
return false ;
}
/**
2007-10-22 06:58:51 +00:00
* Allow $aro to have access to action $actions in $aco
2007-05-23 18:12:05 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $actions Action ( defaults to * )
2007-10-22 16:11:12 +00:00
* @ param integer $value Value to indicate access type ( 1 to give access , - 1 to deny , 0 to inherit )
2007-10-22 06:58:51 +00:00
* @ return boolean Success
* @ access public
2007-05-23 18:12:05 +00:00
*/
2007-06-10 17:43:37 +00:00
function allow ( $aro , $aco , $actions = " * " , $value = 1 ) {
2007-05-23 18:12:05 +00:00
$perms = $this -> getAclLink ( $aro , $aco );
2007-10-28 04:18:18 +00:00
$permKeys = $this -> _getAcoKeys ( $this -> Aro -> Permission -> schema ());
2007-05-23 18:12:05 +00:00
$save = array ();
if ( $perms == false ) {
trigger_error ( __ ( 'DB_ACL::allow() - Invalid node' , true ), E_USER_WARNING );
return false ;
}
if ( isset ( $perms [ 0 ])) {
2007-10-27 01:32:17 +00:00
$save = $perms [ 0 ][ $this -> Aro -> Permission -> alias ];
2007-05-23 18:12:05 +00:00
}
2007-06-10 17:43:37 +00:00
if ( $actions == " * " ) {
2007-10-28 04:18:18 +00:00
$permKeys = $this -> _getAcoKeys ( $this -> Aro -> Permission -> schema ());
2007-10-29 00:17:37 +00:00
$save = array_combine ( $permKeys , array_pad ( array (), count ( $permKeys ), $value ));
2007-05-23 18:12:05 +00:00
} else {
2007-06-20 06:15:35 +00:00
if ( ! is_array ( $actions )) {
2007-06-17 07:58:48 +00:00
$actions = array ( '_' . $actions );
2007-06-10 17:43:37 +00:00
}
2007-06-20 06:15:35 +00:00
if ( is_array ( $actions )) {
foreach ( $actions as $action ) {
2007-06-10 17:43:37 +00:00
if ( $action { 0 } != '_' ) {
$action = '_' . $action ;
}
if ( in_array ( $action , $permKeys )) {
$save [ $action ] = $value ;
2007-07-08 21:01:31 +00:00
}
2007-06-10 17:43:37 +00:00
}
2007-05-23 18:12:05 +00:00
}
}
2007-07-08 21:01:31 +00:00
2007-05-23 18:12:05 +00:00
$save [ 'aro_id' ] = $perms [ 'aro' ];
$save [ 'aco_id' ] = $perms [ 'aco' ];
if ( $perms [ 'link' ] != null && count ( $perms [ 'link' ]) > 0 ) {
2007-10-27 01:32:17 +00:00
$save [ 'id' ] = $perms [ 'link' ][ 0 ][ $this -> Aro -> Permission -> alias ][ 'id' ];
2007-05-23 18:12:05 +00:00
}
2007-06-10 17:43:37 +00:00
$this -> Aro -> Permission -> create ( $save );
return $this -> Aro -> Permission -> save ();
2007-05-23 18:12:05 +00:00
}
/**
2007-10-22 06:58:51 +00:00
* Deny access for $aro to action $action in $aco
2007-05-23 18:12:05 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $actions Action ( defaults to * )
* @ return boolean Success
* @ access public
2007-05-23 18:12:05 +00:00
*/
function deny ( $aro , $aco , $action = " * " ) {
return $this -> allow ( $aro , $aco , $action , - 1 );
}
/**
2007-10-22 06:58:51 +00:00
* Let access for $aro to action $action in $aco be inherited
2007-05-23 18:12:05 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $actions Action ( defaults to * )
* @ return boolean Success
* @ access public
2007-05-23 18:12:05 +00:00
*/
function inherit ( $aro , $aco , $action = " * " ) {
return $this -> allow ( $aro , $aco , $action , 0 );
}
/**
2007-10-22 06:58:51 +00:00
* Allow $aro to have access to action $actions in $aco
2007-05-23 18:12:05 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $actions Action ( defaults to * )
* @ return boolean Success
* @ see allow ()
* @ access public
2007-05-23 18:12:05 +00:00
*/
function grant ( $aro , $aco , $action = " * " ) {
return $this -> allow ( $aro , $aco , $action );
}
/**
2007-10-22 06:58:51 +00:00
* Deny access for $aro to action $action in $aco
2007-05-23 18:12:05 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $actions Action ( defaults to * )
* @ return boolean Success
* @ see deny ()
* @ access public
2007-05-23 18:12:05 +00:00
*/
function revoke ( $aro , $aco , $action = " * " ) {
return $this -> deny ( $aro , $aco , $action );
}
/**
* Get an array of access - control links between the given Aro and Aco
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ return array Indexed array with : 'aro' , 'aco' and 'link'
* @ access public
2007-05-23 18:12:05 +00:00
*/
function getAclLink ( $aro , $aco ) {
$obj = array ();
$obj [ 'Aro' ] = $this -> Aro -> node ( $aro );
$obj [ 'Aco' ] = $this -> Aco -> node ( $aco );
if ( empty ( $obj [ 'Aro' ]) || empty ( $obj [ 'Aco' ])) {
return false ;
}
return array (
2007-10-27 01:32:17 +00:00
'aro' => Set :: extract ( $obj , 'Aro.0.' . $this -> Aro -> alias . '.id' ),
'aco' => Set :: extract ( $obj , 'Aco.0.' . $this -> Aco -> alias . '.id' ),
2007-05-23 18:12:05 +00:00
'link' => $this -> Aro -> Permission -> findAll ( array (
2007-10-27 01:32:17 +00:00
$this -> Aro -> Permission -> alias . '.aro_id' => Set :: extract ( $obj , 'Aro.0.' . $this -> Aro -> alias . '.id' ),
$this -> Aro -> Permission -> alias . '.aco_id' => Set :: extract ( $obj , 'Aco.0.' . $this -> Aco -> alias . '.id' )
2007-05-23 18:12:05 +00:00
))
);
}
/**
2007-10-22 06:58:51 +00:00
* Get the keys used in an ACO
2007-05-23 18:12:05 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param array $keys Permission model info
* @ return array ACO keys
* @ access protected
2007-05-23 18:12:05 +00:00
*/
function _getAcoKeys ( $keys ) {
$newKeys = array ();
2007-10-28 04:18:18 +00:00
$keys = array_keys ( $keys );
2007-06-20 06:15:35 +00:00
foreach ( $keys as $key ) {
2007-05-23 18:12:05 +00:00
if ( ! in_array ( $key , array ( 'id' , 'aro_id' , 'aco_id' ))) {
$newKeys [] = $key ;
}
}
return $newKeys ;
}
}
/**
* In this file you can extend the AclBase .
*
* @ package cake
* @ subpackage cake . cake . libs . model . iniacl
*/
class INI_ACL extends AclBase {
/**
* Array with configuration , parsed from ini file
2007-10-22 06:58:51 +00:00
*
* @ var array
* @ access public
2007-05-23 18:12:05 +00:00
*/
var $config = null ;
/**
* The constructor must be overridden , as AclBase is abstract .
*
*/
function __construct () {
}
/**
* Main ACL check function . Checks to see if the ARO ( access request object ) has access to the ACO ( access control object ) .
2007-07-08 21:01:31 +00:00
* Looks at the acl . ini . php file for permissions ( see instructions in / config / acl . ini . php ) .
2007-05-23 18:12:05 +00:00
*
2007-10-22 06:58:51 +00:00
* @ param string $aro ARO
* @ param string $aco ACO
* @ param string $aco_action Action
2007-10-22 16:09:35 +00:00
* @ return boolean Success
2007-10-22 06:58:51 +00:00
* @ access public
2007-05-23 18:12:05 +00:00
*/
function check ( $aro , $aco , $aco_action = null ) {
if ( $this -> config == null ) {
$this -> config = $this -> readConfigFile ( CONFIGS . 'acl.ini.php' );
}
$aclConfig = $this -> config ;
if ( isset ( $aclConfig [ $aro ][ 'deny' ])) {
$userDenies = $this -> arrayTrim ( explode ( " , " , $aclConfig [ $aro ][ 'deny' ]));
if ( array_search ( $aco , $userDenies )) {
return false ;
}
}
if ( isset ( $aclConfig [ $aro ][ 'allow' ])) {
$userAllows = $this -> arrayTrim ( explode ( " , " , $aclConfig [ $aro ][ 'allow' ]));
if ( array_search ( $aco , $userAllows )) {
return true ;
}
}
if ( isset ( $aclConfig [ $aro ][ 'groups' ])) {
$userGroups = $this -> arrayTrim ( explode ( " , " , $aclConfig [ $aro ][ 'groups' ]));
2007-06-20 06:15:35 +00:00
foreach ( $userGroups as $group ) {
2007-05-23 18:12:05 +00:00
if ( array_key_exists ( $group , $aclConfig )) {
if ( isset ( $aclConfig [ $group ][ 'deny' ])) {
$groupDenies = $this -> arrayTrim ( explode ( " , " , $aclConfig [ $group ][ 'deny' ]));
if ( array_search ( $aco , $groupDenies )) {
return false ;
}
}
if ( isset ( $aclConfig [ $group ][ 'allow' ])) {
$groupAllows = $this -> arrayTrim ( explode ( " , " , $aclConfig [ $group ][ 'allow' ]));
if ( array_search ( $aco , $groupAllows )) {
return true ;
}
}
}
}
}
return false ;
}
/**
* Parses an INI file and returns an array that reflects the INI file ' s section structure . Double - quote friendly .
*
2007-10-22 06:58:51 +00:00
* @ param string $fileName File
* @ return array INI section structure
* @ access public
2007-05-23 18:12:05 +00:00
*/
function readConfigFile ( $fileName ) {
$fileLineArray = file ( $fileName );
2007-06-20 06:15:35 +00:00
foreach ( $fileLineArray as $fileLine ) {
2007-07-08 21:01:31 +00:00
$dataLine = trim ( $fileLine );
$firstChar = substr ( $dataLine , 0 , 1 );
2007-05-23 18:12:05 +00:00
2007-07-08 21:01:31 +00:00
if ( $firstChar != ';' && $dataLine != '' ) {
if ( $firstChar == '[' && substr ( $dataLine , - 1 , 1 ) == ']' ) {
$sectionName = preg_replace ( '/[\[\]]/' , '' , $dataLine );
} else {
$delimiter = strpos ( $dataLine , '=' );
2007-05-23 18:12:05 +00:00
2007-07-08 21:01:31 +00:00
if ( $delimiter > 0 ) {
$key = strtolower ( trim ( substr ( $dataLine , 0 , $delimiter )));
$value = trim ( substr ( $dataLine , $delimiter + 1 ));
2007-05-23 18:12:05 +00:00
2007-07-08 21:01:31 +00:00
if ( substr ( $value , 0 , 1 ) == '"' && substr ( $value , - 1 ) == '"' ) {
$value = substr ( $value , 1 , - 1 );
}
2007-05-23 18:12:05 +00:00
2007-07-08 21:01:31 +00:00
$iniSetting [ $sectionName ][ $key ] = stripcslashes ( $value );
} else {
if ( ! isset ( $sectionName )) {
$sectionName = '' ;
2007-05-23 18:12:05 +00:00
}
2007-07-08 21:01:31 +00:00
$iniSetting [ $sectionName ][ strtolower ( trim ( $dataLine ))] = '' ;
2007-05-23 18:12:05 +00:00
}
}
2007-07-08 21:01:31 +00:00
}
2007-05-23 18:12:05 +00:00
}
return $iniSetting ;
}
/**
* Removes trailing spaces on all array elements ( to prepare for searching )
*
2007-10-22 06:58:51 +00:00
* @ param array $array Array to trim
* @ return array Trimmed array
* @ access public
2007-05-23 18:12:05 +00:00
*/
function arrayTrim ( $array ) {
2007-07-24 13:55:25 +00:00
foreach ( $array as $key => $value ) {
$array [ $key ] = trim ( $value );
2007-05-23 18:12:05 +00:00
}
array_unshift ( $array , " " );
return $array ;
}
}
2007-10-22 06:58:51 +00:00
?>
