PermissionManager.php
1 <?php
2 /**
3  * wCMF - wemove Content Management Framework
4  * Copyright (C) 2005-2017 wemove digital solutions GmbH
5  *
6  * Licensed under the terms of the MIT License.
7  *
8  * See the LICENSE file distributed with this work for
9  * additional information.
10  */
11 namespace wcmf\lib\security;
12 
13 /**
14  * PermissionManager implementations are used to handle all authorization
15  * requests. PermissionManager instances are configured with an AuthUser
16  * instance, against which authorization requests are processed.
17  *
18  * @author ingo herwig <ingo@wemove.com>
19  */
20 interface PermissionManager {
21 
24 
25  /**
26  * Authorize for given resource, context, action triple.
27  * A resource could be one of the following:
28  * - Controller class name (e.g. `wcmf\application\controller\SaveController`)
29  * - Type name (e.g. `app.src.model.wcmf.User`)
30  * - Type and property name (e.g. `app.src.model.wcmf.User.login`)
31  * - Object id (e.g. `app.src.model.wcmf.User:123`)
32  * - Object id and property name (e.g. `app.src.model.wcmf.User:123.login`)
33  *
34  * @param $resource The resource to authorize (e.g. class name of the Controller or ObjectId instance).
35  * @param $context The context in which the action takes place.
36  * @param $action The action to process.
37  * @param $login The login of the user to use for authorization (optional,
38  * default: the value of Session::getAuthUser())
39  * @return Boolean whether authorization succeeded/failed.
40  */
41  public function authorize($resource, $context, $action, $login=null);
42 
43  /**
44  * Add a temporary permission for the current user. The permission
45  * is valid only until end of execution or a call to
46  * PermissionManager::removeTempPermission() or PermissionManager::clearTempPermissions().
47  * @param $resource The resource to authorize (e.g. class name of the Controller or ObjectId).
48  * @param $context The context in which the action takes place.
49  * @param $action The action to process.
50  * @return String handle, to be used when calling PermissionManager::removeTempPermission()
51  */
52  public function addTempPermission($resource, $context, $action);
53 
54  /**
55  * Remove a temporary permission for the current user.
56  * @param $handle The handle obtained from PermissionManager::addTempPermission()
57  */
58  public function removeTempPermission($handle);
59 
60  /**
61  * Check if a temporary permission for the current user exists.
62  * @param $resource The resource to authorize (e.g. class name of the Controller or ObjectId).
63  * @param $context The context in which the action takes place.
64  * @param $action The action to process.
65  * @return Boolean
66  */
67  public function hasTempPermission($resource, $context, $action);
68 
69  /**
70  * Reset all temporary permissions
71  */
72  public function clearTempPermissions();
73 
74  /**
75  * Permission management
76  */
77 
78  /**
79  * Get the permissions on a resource, context, action combination.
80  * @param $resource The resource (e.g. class name of the Controller or ObjectId).
81  * @param $context The context in which the action takes place.
82  * @param $action The action to process.
83  * @return Assoziative array with keys 'default' (boolean) and 'allow', 'deny'
84  * (arrays of role names) or null, if no permissions are defined.
85  */
86  public function getPermissions($resource, $context, $action);
87 
88  /**
89  * Set the permissions on a resource, context, action combination.
90  * @param $resource The resource (e.g. class name of the Controller or ObjectId).
91  * @param $context The context in which the action takes place.
92  * @param $action The action to process.
93  * @param $permissions Assoziative array with keys 'default' (boolean) and
94  * 'allow', 'deny' (arrays of role names) or null if all permissions should be deleted.
95  */
96  public function setPermissions($resource, $context, $action, $permissions);
97 
98  /**
99  * Create/Change a permission for a role on a resource, context, action combination.
100  * @param $resource The resource (e.g. class name of the Controller or ObjectId).
101  * @param $context The context in which the action takes place.
102  * @param $action The action to process.
103  * @param $role The role to authorize.
104  * @param $modifier One of the PERMISSION_MODIFIER constants.
105  * @return Boolean whether creation succeded/failed.
106  */
107  public function createPermission($resource, $context, $action, $role, $modifier);
108 
109  /**
110  * Remove a role from a permission on a resource, context, action combination.
111  * @param $resource The resource (e.g. class name of the Controller or ObjectId).
112  * @param $context The context in which the action takes place.
113  * @param $action The action to process.
114  * @param $role The role to remove.
115  * @return Boolean whether removal succeded/failed.
116  */
117  public function removePermission($resource, $context, $action, $role);
118 }
119 ?>
Security related interfaces and classes.
Definition: namespaces.php:83
removePermission($resource, $context, $action, $role)
Remove a role from a permission on a resource, context, action combination.
hasTempPermission($resource, $context, $action)
Check if a temporary permission for the current user exists.
removeTempPermission($handle)
Remove a temporary permission for the current user.
clearTempPermissions()
Reset all temporary permissions.
getPermissions($resource, $context, $action)
Permission management.
createPermission($resource, $context, $action, $role, $modifier)
Create/Change a permission for a role on a resource, context, action combination. ...
addTempPermission($resource, $context, $action)
Add a temporary permission for the current user.
PermissionManager implementations are used to handle all authorization requests.
setPermissions($resource, $context, $action, $permissions)
Set the permissions on a resource, context, action combination.
authorize($resource, $context, $action, $login=null)
Authorize for given resource, context, action triple.