Detailed Description
PermissionManager implementations are used to handle all authorization requests.
PermissionManager instances are configured with an AuthUser instance, against which authorization requests are processed.
Definition at line 20 of file PermissionManager.php.
Inheritance diagram for PermissionManager:Public Member Functions | |
| authorize ($resource, $context, $action, $login=null, $applyDefaultPolicy=true) | |
| addTempPermission ($resource, $context, $action) | |
| removeTempPermission ($handle) | |
| hasTempPermission ($resource, $context, $action) | |
| clearTempPermissions () | |
| getPermissions ($resource, $context, $action) | |
| setPermissions ($resource, $context, $action, $permissions) | |
| createPermission ($resource, $context, $action, $role, $modifier) | |
| removePermission ($resource, $context, $action, $role) | |
Public Attributes | |
| const | PERMISSION_MODIFIER_ALLOW = '+' |
| const | PERMISSION_MODIFIER_DENY = '-' |
Member Function Documentation
◆ authorize()
| authorize | ( | $resource, | |
| $context, | |||
| $action, | |||
$login = null, |
|||
$applyDefaultPolicy = true |
|||
| ) |
Authorize for given resource, context, action triple.
A resource could be one of the following:
- Controller class name (e.g.
wcmf\application\controller\SaveController) - Type name (e.g.
app.src.model.wcmf.User) - Type and property name (e.g.
app.src.model.wcmf.User.login) - Object id (e.g.
app.src.model.wcmf.User:123) - Object id and property name (e.g.
app.src.model.wcmf.User:123.login)
- Parameters
-
$resource The resource to authorize (e.g. class name of the Controller or ObjectId instance). $context The context in which the action takes place. $action The action to process. $login The login of the user to use for authorization (optional, default: the value of Session::getAuthUser()) $applyDefaultPolicy Boolean whether to apply a default policy, if no authorization rule is set for this request (optional, default: true)
- Returns
- Boolean whether authorization succeeded/failed or null, if no rule is set and no default policy is applied
Implemented in AbstractPermissionManager, and NullPermissionManager.
◆ addTempPermission()
| addTempPermission | ( | $resource, | |
| $context, | |||
| $action | |||
| ) |
Add a temporary permission for the current user.
The permission is valid only until end of execution or a call to PermissionManager::removeTempPermission() or PermissionManager::clearTempPermissions().
- Parameters
-
$resource The resource to authorize (e.g. class name of the Controller or ObjectId). $context The context in which the action takes place. $action The action to process.
- Returns
- String handle, to be used when calling PermissionManager::removeTempPermission()
Implemented in AbstractPermissionManager, and NullPermissionManager.
◆ removeTempPermission()
| removeTempPermission | ( | $handle | ) |
Remove a temporary permission for the current user.
- Parameters
-
$handle The handle obtained from PermissionManager::addTempPermission()
Implemented in AbstractPermissionManager, and NullPermissionManager.
◆ hasTempPermission()
| hasTempPermission | ( | $resource, | |
| $context, | |||
| $action | |||
| ) |
Check if a temporary permission for the current user exists.
- Parameters
-
$resource The resource to authorize (e.g. class name of the Controller or ObjectId). $context The context in which the action takes place. $action The action to process.
- Returns
- Boolean
Implemented in AbstractPermissionManager, and NullPermissionManager.
◆ clearTempPermissions()
| clearTempPermissions | ( | ) |
Reset all temporary permissions.
Implemented in AbstractPermissionManager, and NullPermissionManager.
◆ getPermissions()
| getPermissions | ( | $resource, | |
| $context, | |||
| $action | |||
| ) |
Permission management.
Get the permissions on a resource, context, action combination.
- Parameters
-
$resource The resource (e.g. class name of the Controller or ObjectId). $context The context in which the action takes place. $action The action to process.
- Returns
- Assoziative array with keys 'default' (boolean) and 'allow', 'deny' (arrays of role names) or null, if no permissions are defined.
Implemented in DefaultPermissionManager, NullPermissionManager, StaticPermissionManager, and ChainedPermissionManager.
◆ setPermissions()
| setPermissions | ( | $resource, | |
| $context, | |||
| $action, | |||
| $permissions | |||
| ) |
Set the permissions on a resource, context, action combination.
- Parameters
-
$resource The resource (e.g. class name of the Controller or ObjectId). $context The context in which the action takes place. $action The action to process. $permissions Assoziative array with keys 'default' (boolean) and 'allow', 'deny' (arrays of role names) or null if all permissions should be deleted.
Implemented in DefaultPermissionManager, StaticPermissionManager, NullPermissionManager, and ChainedPermissionManager.
◆ createPermission()
| createPermission | ( | $resource, | |
| $context, | |||
| $action, | |||
| $role, | |||
| $modifier | |||
| ) |
Create/Change a permission for a role on a resource, context, action combination.
- Parameters
-
$resource The resource (e.g. class name of the Controller or ObjectId). $context The context in which the action takes place. $action The action to process. $role The role to authorize. $modifier One of the PERMISSION_MODIFIER constants.
- Returns
- Boolean whether creation succeded/failed.
Implemented in DefaultPermissionManager, StaticPermissionManager, NullPermissionManager, and ChainedPermissionManager.
◆ removePermission()
| removePermission | ( | $resource, | |
| $context, | |||
| $action, | |||
| $role | |||
| ) |
Remove a role from a permission on a resource, context, action combination.
- Parameters
-
$resource The resource (e.g. class name of the Controller or ObjectId). $context The context in which the action takes place. $action The action to process. $role The role to remove.
- Returns
- Boolean whether removal succeded/failed.
Implemented in DefaultPermissionManager, StaticPermissionManager, NullPermissionManager, and ChainedPermissionManager.
Member Data Documentation
◆ PERMISSION_MODIFIER_ALLOW
| const PERMISSION_MODIFIER_ALLOW = '+' |
Definition at line 22 of file PermissionManager.php.
◆ PERMISSION_MODIFIER_DENY
| const PERMISSION_MODIFIER_DENY = '-' |
Definition at line 23 of file PermissionManager.php.