files/Rbac.php

Rbac.php 

  1. <?php
  2. /**
  3.  * Zend Framework (http://framework.zend.com/)
  4.  *
  5.  * @link      http://github.com/zendframework/zf2 for the canonical source repository
  6.  * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
  7.  * @license   http://framework.zend.com/license/new-bsd New BSD License
  8.  */
  9.  
  10. namespace Zend\Permissions\Rbac;
  11.  
  12. use RecursiveIteratorIterator;
  13.  
  14. class Rbac extends AbstractIterator
  15. {
  16.     /**
  17.      * flag: whether or not to create roles automatically if
  18.      * they do not exist.
  19.      *
  20.      * @var bool
  21.      */
  22.     protected $createMissingRoles = false;
  23.  
  24.     /**
  25.      * @param  bool                     $createMissingRoles
  26.      * @return \Zend\Permissions\Rbac\Rbac
  27.      */
  28.     public function setCreateMissingRoles($createMissingRoles)
  29.     {
  30.         $this->createMissingRoles = $createMissingRoles;
  31.  
  32.         return $this;
  33.     }
  34.  
  35.     /**
  36.      * @return bool
  37.      */
  38.     public function getCreateMissingRoles()
  39.     {
  40.         return $this->createMissingRoles;
  41.     }
  42.  
  43.     /**
  44.      * Add a child.
  45.      *
  46.      * @param  string|RoleInterface               $child
  47.      * @param  array|RoleInterface|null           $parents
  48.      * @return self
  49.      * @throws Exception\InvalidArgumentException
  50.      */
  51.     public function addRole($child, $parents = null)
  52.     {
  53.         if (is_string($child)) {
  54.             $child = new Role($child);
  55.         }
  56.         if (!$child instanceof RoleInterface) {
  57.             throw new Exception\InvalidArgumentException(
  58.                 'Child must be a string or implement Zend\Permissions\Rbac\RoleInterface'
  59.             );
  60.         }
  61.  
  62.         if ($parents) {
  63.             if (!is_array($parents)) {
  64.                 $parents = array($parents);
  65.             }
  66.             foreach ($parents as $parent) {
  67.                 if ($this->createMissingRoles && !$this->hasRole($parent)) {
  68.                     $this->addRole($parent);
  69.                 }
  70.                 $this->getRole($parent)->addChild($child);
  71.             }
  72.         }
  73.  
  74.         $this->children[] = $child;
  75.  
  76.         return $this;
  77.     }
  78.  
  79.     /**
  80.      * Is a child with $name registered?
  81.      *
  82.      * @param  \Zend\Permissions\Rbac\RoleInterface|string $objectOrName
  83.      * @return bool
  84.      */
  85.     public function hasRole($objectOrName)
  86.     {
  87.         try {
  88.             $this->getRole($objectOrName);
  89.  
  90.             return true;
  91.         } catch (Exception\InvalidArgumentException $e) {
  92.             return false;
  93.         }
  94.     }
  95.  
  96.     /**
  97.      * Get a child.
  98.      *
  99.      * @param  \Zend\Permissions\Rbac\RoleInterface|string $objectOrName
  100.      * @return RoleInterface
  101.      * @throws Exception\InvalidArgumentException
  102.      */
  103.     public function getRole($objectOrName)
  104.     {
  105.         if (!is_string($objectOrName) && !$objectOrName instanceof RoleInterface) {
  106.             throw new Exception\InvalidArgumentException(
  107.                 'Expected string or implement \Zend\Permissions\Rbac\RoleInterface'
  108.             );
  109.         }
  110.  
  111.         $it = new RecursiveIteratorIterator($this, RecursiveIteratorIterator::CHILD_FIRST);
  112.         foreach ($it as $leaf) {
  113.             if ((is_string($objectOrName) && $leaf->getName() == $objectOrName) || $leaf == $objectOrName) {
  114.                 return $leaf;
  115.             }
  116.         }
  117.  
  118.         throw new Exception\InvalidArgumentException(sprintf(
  119.             'No role with name "%s" could be found',
  120.             is_object($objectOrName) ? $objectOrName->getName() : $objectOrName
  121.         ));
  122.     }
  123.  
  124.     /**
  125.      * Determines if access is granted by checking the role and child roles for permission.
  126.      *
  127.      * @param  RoleInterface|string             $role
  128.      * @param  string                           $permission
  129.      * @param  AssertionInterface|Callable|null $assert
  130.      * @return bool
  131.      */
  132.     public function isGranted($role, $permission, $assert = null)
  133.     {
  134.         if ($assert) {
  135.             if ($assert instanceof AssertionInterface) {
  136.                 if (!$assert->assert($this)) {
  137.                     return false;
  138.                 }
  139.             } elseif (is_callable($assert)) {
  140.                 if (!$assert($this)) {
  141.                     return false;
  142.                 }
  143.             } else {
  144.                 throw new Exception\InvalidArgumentException(
  145.                     'Assertions must be a Callable or an instance of Zend\Permissions\Rbac\AssertionInterface'
  146.                 );
  147.             }
  148.         }
  149.  
  150.         if ($this->getRole($role)->hasPermission($permission)) {
  151.             return true;
  152.         }
  153.  
  154.         return false;
  155.     }
  156. }
# Change User Description Committed
#1 18334 Liz Lam initial add of jambox 9 years ago