Detailed Description

AbstractPermissionManager is the base class for concrete PermissionManager implementations.

Author: ingo herwig ingo@.nosp@m.wemo.nosp@m.ve.co.nosp@m.m

Definition at line 31 of file AbstractPermissionManager.php.

Inheritance diagram for AbstractPermissionManager:

Public Member Functions
	__construct (PersistenceFacade $persistenceFacade, Session $session, array $dynamicRoles=[])

	setPrincipalFactory (PrincipalFactory $principalFactory)

	authorize ($resource, $context, $action, $login=null, $applyDefaultPolicy=true)

	addTempPermission ($resource, $context, $action)

	removeTempPermission ($handle)

	hasTempPermission ($resource, $context, $action)

	clearTempPermissions ()

Public Member Functions inherited from PermissionManager
	getPermissions ($resource, $context, $action)

	setPermissions ($resource, $context, $action, $permissions)

	createPermission ($resource, $context, $action, $role, $modifier)

	removePermission ($resource, $context, $action, $role)

Public Attributes
const	RESOURCE_TYPE_ENTITY_TYPE = 'entity.type'

const	RESOURCE_TYPE_ENTITY_TYPE_PROPERTY = 'entity.type.property'

const	RESOURCE_TYPE_ENTITY_INSTANCE = 'entity.instance'

const	RESOURCE_TYPE_ENTITY_INSTANCE_PROPERTY = 'entity.instance.property'

const	RESOURCE_TYPE_OTHER = 'other'

Public Attributes inherited from PermissionManager
const	PERMISSION_MODIFIER_ALLOW = '+'

const	PERMISSION_MODIFIER_DENY = '-'

Protected Member Functions
	authorizeAction ($requestedResource, $permissionResource, $context, $action, $login)

	getDefaultPolicy ($login)

	parseResource ($resource)

	deserializePermissions ($value)

	serializePermissions ($permissions)

	matchRoles ($resource, $permissions, $login)

	matchRole (User $user, $role, $resource)

Protected Attributes
	$persistenceFacade = null

	$session = null

	$dynamicRoles = []

	$principalFactory = null

Constructor & Destructor Documentation

◆ __construct()

__construct	(	PersistenceFacade	$persistenceFacade,
		Session	$session,
		array	$dynamicRoles = `[]`
	)

Constructor.

Parameters

$persistenceFacade
$session

Definition at line 54 of file AbstractPermissionManager.php.

Member Function Documentation

◆ setPrincipalFactory()

setPrincipalFactory ( PrincipalFactory $principalFactory )

Set the principal factory instances.

Parameters

$principalFactory

Definition at line 69 of file AbstractPermissionManager.php.

◆ authorize()

authorize	(	$resource,
		$context,
		$action,
		$login = `null`,
		$applyDefaultPolicy = `true`
	)

See also: PermissionManager::authorize()

Implements PermissionManager.

Definition at line 76 of file AbstractPermissionManager.php.

◆ authorizeAction()

authorizeAction	(	$requestedResource,
		$permissionResource,
		$context,
		$action,
		$login
	)

protected

Authorize a resource, context, action triple by using the permissions set on another resource (e.g.

authorize an action on an entity instance base on the permissions defined for it's type).

Parameters

$requestedResource	The resource string to authorize.
$permissionResource	The resource string to use for selecting permissions.
$context	The context in which the action takes place.
$action	The action to process.
$login	The login of the user to use for authorization

Returns: Boolean or null if undefined

Definition at line 195 of file AbstractPermissionManager.php.

◆ getDefaultPolicy()

getDefaultPolicy ( $login )

protected

Get the default policy that is used if no permission is set up for a requested action.

Parameters

$login The login of the user to get the default policy for

Returns: Boolean

Definition at line 233 of file AbstractPermissionManager.php.

◆ parseResource()

parseResource ( $resource )

protected

Get the resource type and parameters (as applicable) from a resource.

Parameters

$resource The resource represented as string

Returns: Associative array with keys 'resourceType' (one of the RESOURCE_TYPE_ constants), 'oid' (object id), 'type' (entity type), 'oidProperty' (object id with instance property), 'typeProperty' (type id with entity property)

Definition at line 247 of file AbstractPermissionManager.php.

◆ deserializePermissions()

deserializePermissions ( $value )

protected

Parse a permissions string and return an associative array with the keys 'default', 'allow', 'deny', where 'allow', 'deny' are arrays itself holding roles and 'default' is a boolean value derived from the wildcard policy (+* or -*).

Parameters

$value A role string (+*, +administrators, -guest, entries without '+' or '-' prefix default to allow rules).

Returns: Associative array containing the permissions as an associative array with the keys 'default', 'allow', 'deny' or null, if value is empty

Definition at line 297 of file AbstractPermissionManager.php.

◆ serializePermissions()

serializePermissions ( $permissions )

protected

Convert an associative permissions array with keys 'default', 'allow', 'deny' into a string.

Parameters

$permissions Associative array with keys 'default', 'allow', 'deny', where 'allow', 'deny' are arrays itself holding roles and 'default' is a boolean value derived from the wildcard policy (+* or -*).

Returns: A role string (+*, +administrators, -guest, entries without '+' or '-' prefix default to allow rules).

Definition at line 345 of file AbstractPermissionManager.php.

◆ matchRoles()

matchRoles	(	$resource,
		$permissions,
		$login
	)

protected

Matches the roles of the user and the roles in the given permissions.

Parameters

$resource	The resource string to authorize.
$permissions	An array containing permissions as an associative array with the keys 'default', 'allow', 'deny', where 'allow', 'deny' are arrays itself holding roles and 'default' is a boolean value derived from the wildcard policy (+* or -*). 'allow' overwrites 'deny' overwrites 'default'
$login	the login of the user to match the roles for