allow multiple roles for a rule to be specified as string or array

This commit is contained in:
0x20h 2012-01-13 22:02:25 +01:00
parent ef5eead038
commit 95a41af9db
2 changed files with 18 additions and 8 deletions

View file

@ -300,13 +300,19 @@ class PhpAco {
$tree = array(); $tree = array();
$root = &$tree; $root = &$tree;
foreach ($allow as $dotPath => $commaSeparatedAros) { foreach ($allow as $dotPath => $aros) {
$aros = array_map('trim', explode(',', $commaSeparatedAros)); if (is_string($aros)) {
$aros = array_map('trim', explode(',', $aros));
}
$this->access($aros, $dotPath, null, 'allow'); $this->access($aros, $dotPath, null, 'allow');
} }
foreach ($deny as $dotPath => $commaSeparatedAros) { foreach ($deny as $dotPath => $aros) {
$aros = array_map('trim', explode(',', $commaSeparatedAros)); if (is_string($aros)) {
$aros = array_map('trim', explode(',', $aros));
}
$this->access($aros, $dotPath, null, 'deny'); $this->access($aros, $dotPath, null, 'deny');
} }
} }

View file

@ -20,7 +20,7 @@
// ------------------------------------- // -------------------------------------
// AROs // Roles
// ------------------------------------- // -------------------------------------
$config['roles'] = array( $config['roles'] = array(
'Role/admin' => null, 'Role/admin' => null,
@ -30,6 +30,7 @@ $config['roles'] = array(
'Role/sales' => null, 'Role/sales' => null,
'Role/data_analyst' => 'Role/data_acquirer, Role/database_manager', 'Role/data_analyst' => 'Role/data_acquirer, Role/database_manager',
'Role/reports' => 'Role/data_analyst', 'Role/reports' => 'Role/data_analyst',
// allow inherited roles to be defined as an array or comma separated list
'Role/manager' => array( 'Role/manager' => array(
'Role/accounting', 'Role/accounting',
'Role/sales', 'Role/sales',
@ -49,7 +50,7 @@ $config['roles'] = array(
); );
//------------------------------------- //-------------------------------------
// ACOs // Rules
//------------------------------------- //-------------------------------------
$config['rules']['allow'] = array( $config['rules']['allow'] = array(
'/*' => 'Role/admin', '/*' => 'Role/admin',
@ -67,6 +68,9 @@ $config['rules']['allow'] = array(
); );
$config['rules']['deny'] = array( $config['rules']['deny'] = array(
// accountants and sales should not delete anything // accountants and sales should not delete anything
'/controllers/*/delete' => 'Role/sales, Role/accounting', '/controllers/*/delete' => array(
'/controllers/db/drop' => 'User/db_manager_2', 'Role/sales',
'Role/accounting'
),
'/controllers/db/drop' => 'User/db_manager_2',
); );