|
| | __construct (PersistenceFacade $persistenceFacade, Session $session) |
| |
| | authorize ($resource, $context, $action, User $user=null) |
| |
| | addTempPermission ($resource, $context, $action) |
| |
| | removeTempPermission ($resource, $context, $action) |
| |
| | hasTempPermission ($resource, $context, $action) |
| |
| | clearTempPermissions () |
| |
| authorize |
( |
|
$resource, |
|
|
|
$context, |
|
|
|
$action, |
|
|
User |
$user = null |
|
) |
| |
| authorizeAction |
( |
|
$resource, |
|
|
|
$context, |
|
|
|
$action, |
|
|
User |
$user, |
|
|
|
$returnNullIfNoPermissionExists = true |
|
) |
| |
|
protected |
Authorize the given resource, context, action triple using the temporary permissions or the current user.
- Parameters
-
| $resource | The resource to authorize (e.g. class name of the Controller or ObjectId instance). |
| $context | The context in which the action takes place. |
| $action | The action to process. |
| $user | User instance to use for authorization |
| $returnNullIfNoPermissionExists | Optional, default: true |
- Returns
- Boolean
Definition at line 207 of file AbstractPermissionManager.php.
| getDefaultPolicy |
( |
User |
$user | ) |
|
|
protected |
Get the default policy that is used if no permission is set up for a requested action.
- Returns
- Boolean
Definition at line 246 of file AbstractPermissionManager.php.
| deserializePermissions |
( |
|
$val | ) |
|
|
protected |
Parse a permissions string and return an associative array with the keys 'default', 'allow', 'deny', where 'allow', 'deny' are arrays itselves holding roles and 'default' is a boolean value derived from the wildcard policy (+* or -*).
- Parameters
-
| $val | A role string (+*, +administrators, -guest, entries without '+' or '-' prefix default to allow rules). |
- Returns
- Associative array containing the permissions as an associative array with the keys 'default', 'allow', 'deny' or null, if val is empty
Definition at line 259 of file AbstractPermissionManager.php.
| serializePermissions |
( |
|
$permissions | ) |
|
|
protected |
Convert an associative permissions array with keys 'default', 'allow', 'deny' into a string.
- Parameters
-
| $permissions | Associative array with keys 'default', 'allow', 'deny', where 'allow', 'deny' are arrays itselves holding roles and 'default' is a boolean value derived from the wildcard policy (+* or -*). |
- Returns
- A role string (+*, +administrators, -guest, entries without '+' or '-' prefix default to allow rules).
Definition at line 307 of file AbstractPermissionManager.php.
| matchRoles |
( |
|
$permissions, |
|
|
User |
$user |
|
) |
| |
|
protected |
Matches the roles of the user and the roles in the given permissions.
- Parameters
-
| $permissions | An array containing permissions as an associative array with the keys 'default', 'allow', 'deny', where 'allow', 'deny' are arrays itselves holding roles and 'default' is a boolean value derived from the wildcard policy (+* or -*). 'allow' overwrites 'deny' overwrites 'default' |
| $user | AuthUser instance |
- Returns
- Boolean whether the user has access right according to the permissions.
Definition at line 332 of file AbstractPermissionManager.php.
| addTempPermission |
( |
|
$resource, |
|
|
|
$context, |
|
|
|
$action |
|
) |
| |
| removeTempPermission |
( |
|
$resource, |
|
|
|
$context, |
|
|
|
$action |
|
) |
| |
| hasTempPermission |
( |
|
$resource, |
|
|
|
$context, |
|
|
|
$action |
|
) |
| |
| const RESOURCE_TYPE_ENTITY_TYPE = 'entity.type' |
| const RESOURCE_TYPE_ENTITY_TYPE_PROPERTY = 'entity.type.property' |
| const RESOURCE_TYPE_ENTITY_INSTANCE = 'entity.instance' |
| const RESOURCE_TYPE_ENTITY_INSTANCE_PROPERTY = 'entity.instance.property' |
| const RESOURCE_TYPE_OTHER = 'other' |
| $_persistenceFacade = null |
|
protected |
Inheritance diagram for AbstractPermissionManager: