|
| __construct (PersistenceFacade $persistenceFacade, Session $session) |
|
| authorize ($resource, $context, $action, User $user=null) |
|
| addTempPermission ($resource, $context, $action) |
|
| removeTempPermission ($resource, $context, $action) |
|
| hasTempPermission ($resource, $context, $action) |
|
| clearTempPermissions () |
|
authorize |
( |
|
$resource, |
|
|
|
$context, |
|
|
|
$action, |
|
|
User |
$user = null |
|
) |
| |
authorizeAction |
( |
|
$resource, |
|
|
|
$context, |
|
|
|
$action, |
|
|
User |
$user, |
|
|
|
$returnNullIfNoPermissionExists = true |
|
) |
| |
|
protected |
Authorize the given resource, context, action triple using the temporary permissions or the current user.
- Parameters
-
$resource | The resource to authorize (e.g. class name of the Controller or ObjectId instance). |
$context | The context in which the action takes place. |
$action | The action to process. |
$user | User instance to use for authorization |
$returnNullIfNoPermissionExists | Optional, default: true |
- Returns
- Boolean
Definition at line 207 of file AbstractPermissionManager.php.
getDefaultPolicy |
( |
User |
$user | ) |
|
|
protected |
Get the default policy that is used if no permission is set up for a requested action.
- Returns
- Boolean
Definition at line 246 of file AbstractPermissionManager.php.
deserializePermissions |
( |
|
$val | ) |
|
|
protected |
Parse a permissions string and return an associative array with the keys 'default', 'allow', 'deny', where 'allow', 'deny' are arrays itselves holding roles and 'default' is a boolean value derived from the wildcard policy (+* or -*).
- Parameters
-
$val | A role string (+*, +administrators, -guest, entries without '+' or '-' prefix default to allow rules). |
- Returns
- Associative array containing the permissions as an associative array with the keys 'default', 'allow', 'deny' or null, if val is empty
Definition at line 259 of file AbstractPermissionManager.php.
serializePermissions |
( |
|
$permissions | ) |
|
|
protected |
Convert an associative permissions array with keys 'default', 'allow', 'deny' into a string.
- Parameters
-
$permissions | Associative array with keys 'default', 'allow', 'deny', where 'allow', 'deny' are arrays itselves holding roles and 'default' is a boolean value derived from the wildcard policy (+* or -*). |
- Returns
- A role string (+*, +administrators, -guest, entries without '+' or '-' prefix default to allow rules).
Definition at line 307 of file AbstractPermissionManager.php.
matchRoles |
( |
|
$permissions, |
|
|
User |
$user |
|
) |
| |
|
protected |
Matches the roles of the user and the roles in the given permissions.
- Parameters
-
$permissions | An array containing permissions as an associative array with the keys 'default', 'allow', 'deny', where 'allow', 'deny' are arrays itselves holding roles and 'default' is a boolean value derived from the wildcard policy (+* or -*). 'allow' overwrites 'deny' overwrites 'default' |
$user | AuthUser instance |
- Returns
- Boolean whether the user has access right according to the permissions.
Definition at line 332 of file AbstractPermissionManager.php.
addTempPermission |
( |
|
$resource, |
|
|
|
$context, |
|
|
|
$action |
|
) |
| |
removeTempPermission |
( |
|
$resource, |
|
|
|
$context, |
|
|
|
$action |
|
) |
| |
hasTempPermission |
( |
|
$resource, |
|
|
|
$context, |
|
|
|
$action |
|
) |
| |
const RESOURCE_TYPE_ENTITY_TYPE = 'entity.type' |
const RESOURCE_TYPE_ENTITY_TYPE_PROPERTY = 'entity.type.property' |
const RESOURCE_TYPE_ENTITY_INSTANCE = 'entity.instance' |
const RESOURCE_TYPE_ENTITY_INSTANCE_PROPERTY = 'entity.instance.property' |
const RESOURCE_TYPE_OTHER = 'other' |
$_persistenceFacade = null |
|
protected |