PermissionManager Interface Reference

Detailed Description

PermissionManager implementations are used to handle all authorization requests.

PermissionManager instances are configured with an AuthUser instance, against which authorization requests are processed.

Author
ingo herwig ingo@.nosp@m.wemo.nosp@m.ve.co.nosp@m.m

Definition at line 20 of file PermissionManager.php.

+ Inheritance diagram for PermissionManager:

Public Member Functions

 authorize ($resource, $context, $action, $login=null, $applyDefaultPolicy=true)
 
 addTempPermission ($resource, $context, $action)
 
 removeTempPermission ($handle)
 
 hasTempPermission ($resource, $context, $action)
 
 clearTempPermissions ()
 
 getPermissions ($resource, $context, $action)
 
 setPermissions ($resource, $context, $action, $permissions)
 
 createPermission ($resource, $context, $action, $role, $modifier)
 
 removePermission ($resource, $context, $action, $role)
 

Public Attributes

const PERMISSION_MODIFIER_ALLOW = '+'
 
const PERMISSION_MODIFIER_DENY = '-'
 

Member Function Documentation

◆ authorize()

authorize (   $resource,
  $context,
  $action,
  $login = null,
  $applyDefaultPolicy = true 
)

Authorize for given resource, context, action triple.

A resource could be one of the following:

  • Controller class name (e.g. wcmf\application\controller\SaveController)
  • Type name (e.g. app.src.model.wcmf.User)
  • Type and property name (e.g. app.src.model.wcmf.User.login)
  • Object id (e.g. app.src.model.wcmf.User:123)
  • Object id and property name (e.g. app.src.model.wcmf.User:123.login)
Parameters
$resourceThe resource to authorize (e.g. class name of the Controller or ObjectId instance).
$contextThe context in which the action takes place.
$actionThe action to process.
$loginThe login of the user to use for authorization (optional, default: the value of Session::getAuthUser())
$applyDefaultPolicyBoolean whether to apply a default policy, if no authorization rule is set for this request (optional, default: true)
Returns
Boolean whether authorization succeeded/failed or null, if no rule is set and no default policy is applied

Implemented in AbstractPermissionManager, and NullPermissionManager.

◆ addTempPermission()

addTempPermission (   $resource,
  $context,
  $action 
)

Add a temporary permission for the current user.

The permission is valid only until end of execution or a call to PermissionManager::removeTempPermission() or PermissionManager::clearTempPermissions().

Parameters
$resourceThe resource to authorize (e.g. class name of the Controller or ObjectId).
$contextThe context in which the action takes place.
$actionThe action to process.
Returns
String handle, to be used when calling PermissionManager::removeTempPermission()

Implemented in AbstractPermissionManager, and NullPermissionManager.

◆ removeTempPermission()

removeTempPermission (   $handle)

Remove a temporary permission for the current user.

Parameters
$handleThe handle obtained from PermissionManager::addTempPermission()

Implemented in AbstractPermissionManager, and NullPermissionManager.

◆ hasTempPermission()

hasTempPermission (   $resource,
  $context,
  $action 
)

Check if a temporary permission for the current user exists.

Parameters
$resourceThe resource to authorize (e.g. class name of the Controller or ObjectId).
$contextThe context in which the action takes place.
$actionThe action to process.
Returns
Boolean

Implemented in AbstractPermissionManager, and NullPermissionManager.

◆ clearTempPermissions()

clearTempPermissions ( )

Reset all temporary permissions.

Implemented in AbstractPermissionManager, and NullPermissionManager.

◆ getPermissions()

getPermissions (   $resource,
  $context,
  $action 
)

Permission management.

Get the permissions on a resource, context, action combination.

Parameters
$resourceThe resource (e.g. class name of the Controller or ObjectId).
$contextThe context in which the action takes place.
$actionThe action to process.
Returns
Assoziative array with keys 'default' (boolean) and 'allow', 'deny' (arrays of role names) or null, if no permissions are defined.

Implemented in DefaultPermissionManager, NullPermissionManager, StaticPermissionManager, and ChainedPermissionManager.

◆ setPermissions()

setPermissions (   $resource,
  $context,
  $action,
  $permissions 
)

Set the permissions on a resource, context, action combination.

Parameters
$resourceThe resource (e.g. class name of the Controller or ObjectId).
$contextThe context in which the action takes place.
$actionThe action to process.
$permissionsAssoziative array with keys 'default' (boolean) and 'allow', 'deny' (arrays of role names) or null if all permissions should be deleted.

Implemented in DefaultPermissionManager, StaticPermissionManager, NullPermissionManager, and ChainedPermissionManager.

◆ createPermission()

createPermission (   $resource,
  $context,
  $action,
  $role,
  $modifier 
)

Create/Change a permission for a role on a resource, context, action combination.

Parameters
$resourceThe resource (e.g. class name of the Controller or ObjectId).
$contextThe context in which the action takes place.
$actionThe action to process.
$roleThe role to authorize.
$modifierOne of the PERMISSION_MODIFIER constants.
Returns
Boolean whether creation succeded/failed.

Implemented in DefaultPermissionManager, StaticPermissionManager, NullPermissionManager, and ChainedPermissionManager.

◆ removePermission()

removePermission (   $resource,
  $context,
  $action,
  $role 
)

Remove a role from a permission on a resource, context, action combination.

Parameters
$resourceThe resource (e.g. class name of the Controller or ObjectId).
$contextThe context in which the action takes place.
$actionThe action to process.
$roleThe role to remove.
Returns
Boolean whether removal succeded/failed.

Implemented in DefaultPermissionManager, StaticPermissionManager, NullPermissionManager, and ChainedPermissionManager.

Member Data Documentation

◆ PERMISSION_MODIFIER_ALLOW

const PERMISSION_MODIFIER_ALLOW = '+'

Definition at line 22 of file PermissionManager.php.

◆ PERMISSION_MODIFIER_DENY

const PERMISSION_MODIFIER_DENY = '-'

Definition at line 23 of file PermissionManager.php.