wCMF 4.0
StaticPermissionManager.php
1 <?php
2 /**
3  * wCMF - wemove Content Management Framework
4  * Copyright (C) 2005-2015 wemove digital solutions GmbH
5  *
6  * Licensed under the terms of the MIT License.
7  *
8  * See the LICENSE file distributed with this work for
9  * additional information.
10  */
11 namespace wcmf\lib\security\impl;
12 
13 use wcmf\lib\config\ActionKey;
14 use wcmf\lib\config\Configuration;
15 use wcmf\lib\config\impl\ConfigActionKeyProvider;
16 use wcmf\lib\config\impl\InifileConfiguration;
17 use wcmf\lib\core\LogManager;
18 use wcmf\lib\core\Session;
19 use wcmf\lib\persistence\PersistenceFacade;
20 use wcmf\lib\security\impl\AbstractPermissionManager;
21 use wcmf\lib\security\PermissionManager;
22 use wcmf\lib\util\StringUtil;
23 
24 /**
25  * StaticPermissionManager retrieves authorization rules from the
26  * application configuration.
27  *
28  * @author ingo herwig <ingo@wemove.com>
29  */
30 class StaticPermissionManager extends AbstractPermissionManager implements PermissionManager {
31 
32  const AUTHORIZATION_SECTION = 'authorization';
33 
34  private $_configuration = null;
35  private $_actionKeyProvider = null;
36 
37  private static $_logger = null;
38 
39  /**
40  * Constructor
41  * @param $persistenceFacade
42  * @param $session
43  * @param $configuration
44  */
45  public function __construct(PersistenceFacade $persistenceFacade,
46  Session $session,
47  Configuration $configuration) {
48  parent::__construct($persistenceFacade, $session);
49  if (self::$_logger == null) {
50  self::$_logger = LogManager::getLogger(__CLASS__);
51  }
52  $this->_configuration = $configuration;
53  $this->_actionKeyProvider = new ConfigActionKeyProvider($this->_configuration,
54  self::AUTHORIZATION_SECTION);
55  }
56 
57  /**
58  * @see PermissionManager::getPermissions()
59  */
60  public function getPermissions($resource, $context, $action) {
61  $result = null;
62  $actionKey = ActionKey::getBestMatch($this->_actionKeyProvider, $resource, $context, $action);
63  if (strlen($actionKey) > 0) {
64  $result = $this->deserializePermissions($this->_actionKeyProvider->getKeyValue($actionKey));
65  }
66  if (self::$_logger->isDebugEnabled()) {
67  self::$_logger->debug("Permissions for $resource?$context?$action (->$actionKey): ".trim(StringUtil::getDump($result)));
68  }
69  return $result;
70  }
71 
72  /**
73  * @see PermissionManager::setPermissions()
74  */
75  public function setPermissions($resource, $context, $action, $permissions) {
76  $permKey = ActionKey::createKey($resource, $context, $action);
77  $config = $this->getConfigurationInstance();
78  $configInstance = $config['instance'];
79  $isChanged = false;
80 
81  if ($permissions != null) {
82  // set permissions
83  $rolesStr = $this->serializePermissions($permissions);
84  if (strlen($rolesStr)) {
85  $configInstance->setValue($permKey, $rolesStr, self::AUTHORIZATION_SECTION, true);
86  $isChanged = true;
87  }
88  }
89  else {
90  // delete permissions
91  $configInstance->removeKey($permKey);
92  $isChanged = true;
93  }
94 
95  if ($isChanged) {
96  $configInstance->writeConfiguration(basename($config['file']));
97  }
98  }
99 
100  /**
101  * @see PermissionManager::createPermission()
102  */
103  public function createPermission($resource, $context, $action, $role, $modifier) {
104  return self::modifyPermission($resource, $context, $action, $role, $modifier);
105  }
106 
107  /**
108  * @see PermissionManager::removePermission()
109  */
110  public function removePermission($resource, $context, $action, $role) {
111  return self::modifyPermission($resource, $context, $action, $role, null);
112  }
113 
114  /**
115  * Modify a permission for the given role.
116  * @param $resource The resource (e.g. class name of the Controller or object id).
117  * @param $context The context in which the action takes place.
118  * @param $action The action to process.
119  * @param $role The role to authorize.
120  * @param $modifier One of the PERMISSION_MODIFIER_ constants, null, if the permission
121  * should be removed.
122  * @return boolean
123  */
124  protected function modifyPermission($resource, $context, $action, $role, $modifier) {
125 
126  $permKey = ActionKey::createKey($resource, $context, $action);
127  $permVal = '';
128  if ($modifier != null) {
129  $permVal = $modifier.$role;
130  }
131  $config = $this->getConfigurationInstance();
132  $configInstance = $config['instance'];
133  $value = $configInstance->getValue($permKey, self::AUTHORIZATION_SECTION);
134  if ($value === false && $modifier != null) {
135  $configInstance->setValue($permKey, $permVal, self::AUTHORIZATION_SECTION, true);
136  }
137  else {
138  // remove role from value
139  $newValue = preg_replace('/ +/', ' ', str_replace(array(PermissionManager::PERMISSION_MODIFIER_ALLOW.$role,
140  PermissionManager::PERMISSION_MODIFIER_DENY.$role), "", $value));
141  if (strlen($newValue) > 0) {
142  $configInstance->setValue($permKey, $newValue." ".$permVal, self::AUTHORIZATION_SECTION, false);
143  }
144  else {
145  $configInstance->removeKey($permKey, self::AUTHORIZATION_SECTION);
146  }
147  }
148 
149  $configInstance->writeConfiguration(basename($config['file']));
150  return true;
151  }
152 
153  /**
154  * Get the configuration instance and file that is used to store the permissions.
155  * @return Associative array with keys 'instance' and 'file'.
156  */
157  protected function getConfigurationInstance() {
158  // get config file to modify
159  $configFiles = $this->_configuration->getConfigurations();
160  if (sizeof($configFiles) == 0) {
161  return false;
162  }
163 
164  // create a writable configuration and modify the permission
165  $mainConfig = $configFiles[0];
166  $config = new InifileConfiguration(dirname($mainConfig).'/');
167  $config->addConfiguration(basename($mainConfig));
168  return array(
169  'instance' => $config,
170  'file' => $mainConfig
171  );
172  }
173 }
174 ?>
wcmf\lib\config\ActionKey\getBestMatch
static getBestMatch(ActionKeyProvider $actionKeyProvider, $resource, $context, $action)
Get an action key that matches a given combination of resource, context, action best.
Definition: ActionKey.php:55
wcmf\lib\security\impl\AbstractPermissionManager\serializePermissions
serializePermissions($permissions)
Convert an associative permissions array with keys 'default', 'allow', 'deny' into a string...
Definition: AbstractPermissionManager.php:307
wcmf\lib\security\impl\StaticPermissionManager\setPermissions
setPermissions($resource, $context, $action, $permissions)
Definition: StaticPermissionManager.php:75
wcmf\lib\security\impl\StaticPermissionManager\getConfigurationInstance
getConfigurationInstance()
Get the configuration instance and file that is used to store the permissions.
Definition: StaticPermissionManager.php:157
wcmf\lib\security\impl\StaticPermissionManager\removePermission
removePermission($resource, $context, $action, $role)
Definition: StaticPermissionManager.php:110
wcmf\lib\security\impl\StaticPermissionManager\__construct
__construct(PersistenceFacade $persistenceFacade, Session $session, Configuration $configuration)
Constructor.
Definition: StaticPermissionManager.php:45
wcmf\lib\security\impl\AbstractPermissionManager
AbstractPermissionManager is the base class for concrete PermissionManager implementations.
Definition: AbstractPermissionManager.php:30
wcmf\lib\core\LogManager\getLogger
static getLogger($name)
Get the logger with the given name.
Definition: LogManager.php:35
wcmf\lib\security\impl\AbstractPermissionManager\deserializePermissions
deserializePermissions($val)
Parse a permissions string and return an associative array with the keys 'default', 'allow', 'deny', where 'allow', 'deny' are arrays itselves holding roles and 'default' is a boolean value derived from the wildcard policy (+* or -*).
Definition: AbstractPermissionManager.php:259
wcmf\lib\security\impl\StaticPermissionManager
StaticPermissionManager retrieves authorization rules from the application configuration.
Definition: StaticPermissionManager.php:30
wcmf\lib\core\Session
Session is the interface for session implementations and defines access to session variables...
Definition: Session.php:21
wcmf\lib\security\impl\StaticPermissionManager\createPermission
createPermission($resource, $context, $action, $role, $modifier)
Definition: StaticPermissionManager.php:103
wcmf\lib\config\impl\ConfigActionKeyProvider
ConfigActionKeyProvider searches for action keys in the application configuration.
Definition: ConfigActionKeyProvider.php:22
wcmf\lib\security\PermissionManager
PermissionManager implementations are used to handle all authorization requests.
Definition: PermissionManager.php:22
wcmf\lib\config\Configuration
Implementations of Configuration give access to the application configuration.
Definition: Configuration.php:32
wcmf\lib\config\ActionKey\createKey
static createKey($resource, $context, $action)
Create an action key from the given values.
Definition: ActionKey.php:33
wcmf\lib\config\impl\InifileConfiguration
InifileConfiguration reads the application configuraiton from ini files.
Definition: InifileConfiguration.php:29
wcmf\lib\persistence\PersistenceFacade
PersistenceFacade defines the interface for PersistenceFacade implementations.
Definition: PersistenceFacade.php:23
wcmf\lib\security\impl\StaticPermissionManager\modifyPermission
modifyPermission($resource, $context, $action, $role, $modifier)
Modify a permission for the given role.
Definition: StaticPermissionManager.php:124
wcmf\lib\util\StringUtil\getDump
static getDump($var)
Get the dump of a variable as string.
Definition: StringUtil.php:25