Detailed Description
PermissionManager implementations are used to handle all authorization requests.
PermissionManager instances are configured with an AuthUser instance, against which authorization requests are processed.
Definition at line 22 of file PermissionManager.php.
Inheritance diagram for PermissionManager:Public Member Functions | |
| authorize ($resource, $context, $action, User $user=null) | |
| addTempPermission ($resource, $context, $action) | |
| removeTempPermission ($resource, $context, $action) | |
| hasTempPermission ($resource, $context, $action) | |
| clearTempPermissions () | |
| getPermissions ($resource, $context, $action) | |
| setPermissions ($resource, $context, $action, $permissions) | |
| createPermission ($resource, $context, $action, $role, $modifier) | |
| removePermission ($resource, $context, $action, $role) | |
Public Attributes | |
| const | PERMISSION_MODIFIER_ALLOW = '+' |
| const | PERMISSION_MODIFIER_DENY = '-' |
Member Function Documentation
| authorize | ( | $resource, | |
| $context, | |||
| $action, | |||
| User | $user = null |
||
| ) |
Authorize for given resource, context, action triple.
A resource could be one of the following:
- Controller class name (e.g.
wcmf\application\controller\SaveController) - Type name (e.g.
app.src.model.wcmf.User) - Type and propery name (e.g.
app.src.model.wcmf.User.login) - Object id (e.g.
app.src.model.wcmf.User:123) - Object id and propery name (e.g.
app.src.model.wcmf.User:123.login)
- Parameters
-
$resource The resource to authorize (e.g. class name of the Controller or ObjectId instance). $context The context in which the action takes place. $action The action to process. $user User instance to use for authorization (optional, default: the user obtained by Session::getAuthUser method)
- Returns
- Boolean whether authorization succeeded/failed.
| addTempPermission | ( | $resource, | |
| $context, | |||
| $action | |||
| ) |
Add a temporary permission for the current user.
The permission is valid only until end of execution or a call to PermissionManager::removeTempPermission() or PermissionManager::clearTempPermissions().
- Parameters
-
$resource The resource to authorize (e.g. class name of the Controller or ObjectId). $context The context in which the action takes place. $action The action to process.
| removeTempPermission | ( | $resource, | |
| $context, | |||
| $action | |||
| ) |
Remove a temporary permission for the current user.
- Parameters
-
$resource The resource to authorize (e.g. class name of the Controller or ObjectId). $context The context in which the action takes place. $action The action to process.
| hasTempPermission | ( | $resource, | |
| $context, | |||
| $action | |||
| ) |
Check if a temporary permission for the current user exists.
- Parameters
-
$resource The resource to authorize (e.g. class name of the Controller or ObjectId). $context The context in which the action takes place. $action The action to process.
- Returns
- Boolean
| clearTempPermissions | ( | ) |
Reset all temporary permissions.
| getPermissions | ( | $resource, | |
| $context, | |||
| $action | |||
| ) |
Permission management.
Get the permissions on a resource, context, action combination.
- Parameters
-
$resource The resource (e.g. class name of the Controller or ObjectId). $context The context in which the action takes place. $action The action to process.
- Returns
- Assoziative array with keys 'default' (boolean) and 'allow', 'deny' (arrays of role names) or null, if no permissions are defined.
Implemented in DefaultPermissionManager, StaticPermissionManager, ChainedPermissionManager, and NullPermissionManager.
| setPermissions | ( | $resource, | |
| $context, | |||
| $action, | |||
| $permissions | |||
| ) |
Set the permissions on a resource, context, action combination.
- Parameters
-
$resource The resource (e.g. class name of the Controller or ObjectId). $context The context in which the action takes place. $action The action to process. $permissions Assoziative array with keys 'default' (boolean) and 'allow', 'deny' (arrays of role names) or null if all permissions should be deleted.
Implemented in DefaultPermissionManager, StaticPermissionManager, ChainedPermissionManager, and NullPermissionManager.
| createPermission | ( | $resource, | |
| $context, | |||
| $action, | |||
| $role, | |||
| $modifier | |||
| ) |
Create/Change a permission for a role on a resource, context, action combination.
- Parameters
-
$resource The resource (e.g. class name of the Controller or ObjectId). $context The context in which the action takes place. $action The action to process. $role The role to authorize. $modifier One of the PERMISSION_MODIFIER constants.
- Returns
- Boolean whether creation succeded/failed.
Implemented in DefaultPermissionManager, StaticPermissionManager, ChainedPermissionManager, and NullPermissionManager.
| removePermission | ( | $resource, | |
| $context, | |||
| $action, | |||
| $role | |||
| ) |
Remove a role from a permission on a resource, context, action combination.
- Parameters
-
$resource The resource (e.g. class name of the Controller or ObjectId). $context The context in which the action takes place. $action The action to process. $role The role to remove.
- Returns
- Boolean whether removal succeded/failed.
Implemented in DefaultPermissionManager, StaticPermissionManager, ChainedPermissionManager, and NullPermissionManager.
Member Data Documentation
| const PERMISSION_MODIFIER_ALLOW = '+' |
Definition at line 24 of file PermissionManager.php.
| const PERMISSION_MODIFIER_DENY = '-' |
Definition at line 25 of file PermissionManager.php.