Detailed Description

AbstractPermissionManager is the base class for concrete PermissionManager implementations.

Author
ingo herwig ingo@.nosp@m.wemo.nosp@m.ve.co.nosp@m.m

Definition at line 31 of file AbstractPermissionManager.php.

+ Inheritance diagram for AbstractPermissionManager:

Public Member Functions

 __construct (PersistenceFacade $persistenceFacade, Session $session, array $dynamicRoles=[])
 
 setPrincipalFactory (PrincipalFactory $principalFactory)
 
 authorize ($resource, $context, $action, $login=null, $applyDefaultPolicy=true)
 
 addTempPermission ($resource, $context, $action)
 
 removeTempPermission ($handle)
 
 hasTempPermission ($resource, $context, $action)
 
 clearTempPermissions ()
 
- Public Member Functions inherited from PermissionManager
 getPermissions ($resource, $context, $action)
 
 setPermissions ($resource, $context, $action, $permissions)
 
 createPermission ($resource, $context, $action, $role, $modifier)
 
 removePermission ($resource, $context, $action, $role)
 

Public Attributes

const RESOURCE_TYPE_ENTITY_TYPE = 'entity.type'
 
const RESOURCE_TYPE_ENTITY_TYPE_PROPERTY = 'entity.type.property'
 
const RESOURCE_TYPE_ENTITY_INSTANCE = 'entity.instance'
 
const RESOURCE_TYPE_ENTITY_INSTANCE_PROPERTY = 'entity.instance.property'
 
const RESOURCE_TYPE_OTHER = 'other'
 
- Public Attributes inherited from PermissionManager
const PERMISSION_MODIFIER_ALLOW = '+'
 
const PERMISSION_MODIFIER_DENY = '-'
 

Protected Member Functions

 authorizeAction ($requestedResource, $permissionResource, $context, $action, $login)
 
 getDefaultPolicy ($login)
 
 parseResource ($resource)
 
 deserializePermissions ($value)
 
 serializePermissions ($permissions)
 
 matchRoles ($resource, $permissions, $login)
 
 matchRole (User $user, $role, $resource)
 

Protected Attributes

 $persistenceFacade = null
 
 $session = null
 
 $dynamicRoles = []
 
 $principalFactory = null
 

Constructor & Destructor Documentation

◆ __construct()

__construct ( PersistenceFacade  $persistenceFacade,
Session  $session,
array  $dynamicRoles = [] 
)

Constructor.

Parameters
$persistenceFacade
$session

Definition at line 54 of file AbstractPermissionManager.php.

Member Function Documentation

◆ setPrincipalFactory()

setPrincipalFactory ( PrincipalFactory  $principalFactory)

Set the principal factory instances.

Parameters
$principalFactory

Definition at line 69 of file AbstractPermissionManager.php.

◆ authorize()

authorize (   $resource,
  $context,
  $action,
  $login = null,
  $applyDefaultPolicy = true 
)
See also
PermissionManager::authorize()

Implements PermissionManager.

Definition at line 76 of file AbstractPermissionManager.php.

◆ authorizeAction()

authorizeAction (   $requestedResource,
  $permissionResource,
  $context,
  $action,
  $login 
)
protected

Authorize a resource, context, action triple by using the permissions set on another resource (e.g.

authorize an action on an entity instance base on the permissions defined for it's type).

Parameters
$requestedResourceThe resource string to authorize.
$permissionResourceThe resource string to use for selecting permissions.
$contextThe context in which the action takes place.
$actionThe action to process.
$loginThe login of the user to use for authorization
Returns
Boolean or null if undefined

Definition at line 195 of file AbstractPermissionManager.php.

◆ getDefaultPolicy()

getDefaultPolicy (   $login)
protected

Get the default policy that is used if no permission is set up for a requested action.

Parameters
$loginThe login of the user to get the default policy for
Returns
Boolean

Definition at line 233 of file AbstractPermissionManager.php.

◆ parseResource()

parseResource (   $resource)
protected

Get the resource type and parameters (as applicable) from a resource.

Parameters
$resourceThe resource represented as string
Returns
Associative array with keys 'resourceType' (one of the RESOURCE_TYPE_ constants), 'oid' (object id), 'type' (entity type), 'oidProperty' (object id with instance property), 'typeProperty' (type id with entity property)

Definition at line 247 of file AbstractPermissionManager.php.

◆ deserializePermissions()

deserializePermissions (   $value)
protected

Parse a permissions string and return an associative array with the keys 'default', 'allow', 'deny', where 'allow', 'deny' are arrays itself holding roles and 'default' is a boolean value derived from the wildcard policy (+* or -*).

Parameters
$valueA role string (+*, +administrators, -guest, entries without '+' or '-' prefix default to allow rules).
Returns
Associative array containing the permissions as an associative array with the keys 'default', 'allow', 'deny' or null, if value is empty

Definition at line 297 of file AbstractPermissionManager.php.

◆ serializePermissions()

serializePermissions (   $permissions)
protected

Convert an associative permissions array with keys 'default', 'allow', 'deny' into a string.

Parameters
$permissionsAssociative array with keys 'default', 'allow', 'deny', where 'allow', 'deny' are arrays itself holding roles and 'default' is a boolean value derived from the wildcard policy (+* or -*).
Returns
A role string (+*, +administrators, -guest, entries without '+' or '-' prefix default to allow rules).

Definition at line 345 of file AbstractPermissionManager.php.

◆ matchRoles()

matchRoles (   $resource,
  $permissions,
  $login 
)
protected

Matches the roles of the user and the roles in the given permissions.

Parameters
$resourceThe resource string to authorize.
$permissionsAn array containing permissions as an associative array with the keys 'default', 'allow', 'deny', where 'allow', 'deny' are arrays itself holding roles and 'default' is a boolean value derived from the wildcard policy (+* or -*). 'allow' overwrites 'deny' overwrites 'default'
$loginthe login of the user to match the roles for
Returns
Boolean whether the user is authorized according to the permissions

Definition at line 371 of file AbstractPermissionManager.php.

◆ matchRole()

matchRole ( User  $user,
  $role,
  $resource 
)
protected

Check if a user matches the role for a resource.

Parameters
$userThe user instance.
$roleThe role name.
$resourceThe resource string to authorize.
Returns
Boolean

Definition at line 403 of file AbstractPermissionManager.php.

◆ addTempPermission()

addTempPermission (   $resource,
  $context,
  $action 
)

◆ removeTempPermission()

removeTempPermission (   $handle)

◆ hasTempPermission()

hasTempPermission (   $resource,
  $context,
  $action 
)

◆ clearTempPermissions()

clearTempPermissions ( )

Member Data Documentation

◆ RESOURCE_TYPE_ENTITY_TYPE

const RESOURCE_TYPE_ENTITY_TYPE = 'entity.type'

Definition at line 33 of file AbstractPermissionManager.php.

◆ RESOURCE_TYPE_ENTITY_TYPE_PROPERTY

const RESOURCE_TYPE_ENTITY_TYPE_PROPERTY = 'entity.type.property'

Definition at line 34 of file AbstractPermissionManager.php.

◆ RESOURCE_TYPE_ENTITY_INSTANCE

const RESOURCE_TYPE_ENTITY_INSTANCE = 'entity.instance'

Definition at line 35 of file AbstractPermissionManager.php.

◆ RESOURCE_TYPE_ENTITY_INSTANCE_PROPERTY

const RESOURCE_TYPE_ENTITY_INSTANCE_PROPERTY = 'entity.instance.property'

Definition at line 36 of file AbstractPermissionManager.php.

◆ RESOURCE_TYPE_OTHER

const RESOURCE_TYPE_OTHER = 'other'

Definition at line 37 of file AbstractPermissionManager.php.

◆ $persistenceFacade

$persistenceFacade = null
protected

Definition at line 44 of file AbstractPermissionManager.php.

◆ $session

$session = null
protected

Definition at line 45 of file AbstractPermissionManager.php.

◆ $dynamicRoles

$dynamicRoles = []
protected

Definition at line 46 of file AbstractPermissionManager.php.

◆ $principalFactory

$principalFactory = null
protected

Definition at line 47 of file AbstractPermissionManager.php.