PermissionManager Interface Reference

Detailed Description

PermissionManager implementations are used to handle all authorization requests.

PermissionManager instances are configured with an AuthUser instance, against which authorization requests are processed.

Author
ingo herwig ingo@.nosp@m.wemo.nosp@m.ve.co.nosp@m.m

Definition at line 20 of file PermissionManager.php.

+ Inheritance diagram for PermissionManager:

Public Member Functions

 authorize ($resource, $context, $action, $login=null)
 
 addTempPermission ($resource, $context, $action)
 
 removeTempPermission ($handle)
 
 hasTempPermission ($resource, $context, $action)
 
 clearTempPermissions ()
 
 getPermissions ($resource, $context, $action)
 
 setPermissions ($resource, $context, $action, $permissions)
 
 createPermission ($resource, $context, $action, $role, $modifier)
 
 removePermission ($resource, $context, $action, $role)
 

Public Attributes

const PERMISSION_MODIFIER_ALLOW = '+'
 
const PERMISSION_MODIFIER_DENY = '-'
 

Member Function Documentation

authorize (   $resource,
  $context,
  $action,
  $login = null 
)

Authorize for given resource, context, action triple.

A resource could be one of the following:

  • Controller class name (e.g. wcmf\application\controller\SaveController)
  • Type name (e.g. app.src.model.wcmf.User)
  • Type and property name (e.g. app.src.model.wcmf.User.login)
  • Object id (e.g. app.src.model.wcmf.User:123)
  • Object id and property name (e.g. app.src.model.wcmf.User:123.login)
Parameters
$resourceThe resource to authorize (e.g. class name of the Controller or ObjectId instance).
$contextThe context in which the action takes place.
$actionThe action to process.
$loginThe login of the user to use for authorization (optional, default: the value of Session::getAuthUser())
Returns
Boolean whether authorization succeeded/failed.

Implemented in AbstractPermissionManager, and NullPermissionManager.

addTempPermission (   $resource,
  $context,
  $action 
)

Add a temporary permission for the current user.

The permission is valid only until end of execution or a call to PermissionManager::removeTempPermission() or PermissionManager::clearTempPermissions().

Parameters
$resourceThe resource to authorize (e.g. class name of the Controller or ObjectId).
$contextThe context in which the action takes place.
$actionThe action to process.
Returns
String handle, to be used when calling PermissionManager::removeTempPermission()

Implemented in AbstractPermissionManager.

removeTempPermission (   $handle)

Remove a temporary permission for the current user.

Parameters
$handleThe handle obtained from PermissionManager::addTempPermission()

Implemented in AbstractPermissionManager.

hasTempPermission (   $resource,
  $context,
  $action 
)

Check if a temporary permission for the current user exists.

Parameters
$resourceThe resource to authorize (e.g. class name of the Controller or ObjectId).
$contextThe context in which the action takes place.
$actionThe action to process.
Returns
Boolean

Implemented in AbstractPermissionManager.

clearTempPermissions ( )

Reset all temporary permissions.

Implemented in AbstractPermissionManager.

getPermissions (   $resource,
  $context,
  $action 
)

Permission management.

Get the permissions on a resource, context, action combination.

Parameters
$resourceThe resource (e.g. class name of the Controller or ObjectId).
$contextThe context in which the action takes place.
$actionThe action to process.
Returns
Assoziative array with keys 'default' (boolean) and 'allow', 'deny' (arrays of role names) or null, if no permissions are defined.

Implemented in DefaultPermissionManager, StaticPermissionManager, NullPermissionManager, and ChainedPermissionManager.

setPermissions (   $resource,
  $context,
  $action,
  $permissions 
)

Set the permissions on a resource, context, action combination.

Parameters
$resourceThe resource (e.g. class name of the Controller or ObjectId).
$contextThe context in which the action takes place.
$actionThe action to process.
$permissionsAssoziative array with keys 'default' (boolean) and 'allow', 'deny' (arrays of role names) or null if all permissions should be deleted.

Implemented in DefaultPermissionManager, StaticPermissionManager, ChainedPermissionManager, and NullPermissionManager.

createPermission (   $resource,
  $context,
  $action,
  $role,
  $modifier 
)

Create/Change a permission for a role on a resource, context, action combination.

Parameters
$resourceThe resource (e.g. class name of the Controller or ObjectId).
$contextThe context in which the action takes place.
$actionThe action to process.
$roleThe role to authorize.
$modifierOne of the PERMISSION_MODIFIER constants.
Returns
Boolean whether creation succeded/failed.

Implemented in DefaultPermissionManager, StaticPermissionManager, ChainedPermissionManager, and NullPermissionManager.

removePermission (   $resource,
  $context,
  $action,
  $role 
)

Remove a role from a permission on a resource, context, action combination.

Parameters
$resourceThe resource (e.g. class name of the Controller or ObjectId).
$contextThe context in which the action takes place.
$actionThe action to process.
$roleThe role to remove.
Returns
Boolean whether removal succeded/failed.

Implemented in DefaultPermissionManager, StaticPermissionManager, ChainedPermissionManager, and NullPermissionManager.

Member Data Documentation

const PERMISSION_MODIFIER_ALLOW = '+'

Definition at line 22 of file PermissionManager.php.

const PERMISSION_MODIFIER_DENY = '-'

Definition at line 23 of file PermissionManager.php.