mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-11-15 11:28:25 +00:00
allow multiple roles for a rule to be specified as string or array
This commit is contained in:
parent
ef5eead038
commit
95a41af9db
2 changed files with 18 additions and 8 deletions
|
@ -300,13 +300,19 @@ class PhpAco {
|
||||||
$tree = array();
|
$tree = array();
|
||||||
$root = &$tree;
|
$root = &$tree;
|
||||||
|
|
||||||
foreach ($allow as $dotPath => $commaSeparatedAros) {
|
foreach ($allow as $dotPath => $aros) {
|
||||||
$aros = array_map('trim', explode(',', $commaSeparatedAros));
|
if (is_string($aros)) {
|
||||||
|
$aros = array_map('trim', explode(',', $aros));
|
||||||
|
}
|
||||||
|
|
||||||
$this->access($aros, $dotPath, null, 'allow');
|
$this->access($aros, $dotPath, null, 'allow');
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ($deny as $dotPath => $commaSeparatedAros) {
|
foreach ($deny as $dotPath => $aros) {
|
||||||
$aros = array_map('trim', explode(',', $commaSeparatedAros));
|
if (is_string($aros)) {
|
||||||
|
$aros = array_map('trim', explode(',', $aros));
|
||||||
|
}
|
||||||
|
|
||||||
$this->access($aros, $dotPath, null, 'deny');
|
$this->access($aros, $dotPath, null, 'deny');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
|
|
||||||
|
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// AROs
|
// Roles
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
$config['roles'] = array(
|
$config['roles'] = array(
|
||||||
'Role/admin' => null,
|
'Role/admin' => null,
|
||||||
|
@ -30,6 +30,7 @@ $config['roles'] = array(
|
||||||
'Role/sales' => null,
|
'Role/sales' => null,
|
||||||
'Role/data_analyst' => 'Role/data_acquirer, Role/database_manager',
|
'Role/data_analyst' => 'Role/data_acquirer, Role/database_manager',
|
||||||
'Role/reports' => 'Role/data_analyst',
|
'Role/reports' => 'Role/data_analyst',
|
||||||
|
// allow inherited roles to be defined as an array or comma separated list
|
||||||
'Role/manager' => array(
|
'Role/manager' => array(
|
||||||
'Role/accounting',
|
'Role/accounting',
|
||||||
'Role/sales',
|
'Role/sales',
|
||||||
|
@ -49,7 +50,7 @@ $config['roles'] = array(
|
||||||
);
|
);
|
||||||
|
|
||||||
//-------------------------------------
|
//-------------------------------------
|
||||||
// ACOs
|
// Rules
|
||||||
//-------------------------------------
|
//-------------------------------------
|
||||||
$config['rules']['allow'] = array(
|
$config['rules']['allow'] = array(
|
||||||
'/*' => 'Role/admin',
|
'/*' => 'Role/admin',
|
||||||
|
@ -67,6 +68,9 @@ $config['rules']['allow'] = array(
|
||||||
);
|
);
|
||||||
$config['rules']['deny'] = array(
|
$config['rules']['deny'] = array(
|
||||||
// accountants and sales should not delete anything
|
// accountants and sales should not delete anything
|
||||||
'/controllers/*/delete' => 'Role/sales, Role/accounting',
|
'/controllers/*/delete' => array(
|
||||||
'/controllers/db/drop' => 'User/db_manager_2',
|
'Role/sales',
|
||||||
|
'Role/accounting'
|
||||||
|
),
|
||||||
|
'/controllers/db/drop' => 'User/db_manager_2',
|
||||||
);
|
);
|
||||||
|
|
Loading…
Reference in a new issue