26 #require_once 'Zend/Acl/Resource/Interface.php'; 32 #require_once 'Zend/Acl/Role/Registry.php'; 38 #require_once 'Zend/Acl/Assert/Interface.php'; 44 #require_once 'Zend/Acl/Role.php'; 50 #require_once 'Zend/Acl/Resource.php'; 116 'allResources' => array(
118 'allPrivileges' => array(
119 'type' => self::TYPE_DENY,
122 'byPrivilegeId' => array()
124 'byRoleId' => array()
126 'byResourceId' => array()
148 public function addRole($role, $parents =
null)
150 if (is_string($role)) {
155 #require_once 'Zend/Acl/Exception.php'; 156 throw new Zend_Acl_Exception(
'addRole() expects $role to be of type Zend_Acl_Role_Interface');
232 foreach ($this->_rules[
'allResources'][
'byRoleId'] as $roleIdCurrent =>
$rules) {
233 if (
$roleId === $roleIdCurrent) {
234 unset($this->_rules[
'allResources'][
'byRoleId'][$roleIdCurrent]);
237 foreach ($this->_rules[
'byResourceId'] as $resourceIdCurrent => $visitor) {
238 if (array_key_exists(
'byRoleId', $visitor)) {
239 foreach ($visitor[
'byRoleId'] as $roleIdCurrent =>
$rules) {
240 if (
$roleId === $roleIdCurrent) {
241 unset($this->_rules[
'byResourceId'][$resourceIdCurrent][
'byRoleId'][$roleIdCurrent]);
260 foreach ($this->_rules[
'allResources'][
'byRoleId'] as $roleIdCurrent =>
$rules) {
261 unset($this->_rules[
'allResources'][
'byRoleId'][$roleIdCurrent]);
263 foreach ($this->_rules[
'byResourceId'] as $resourceIdCurrent => $visitor) {
264 foreach ($visitor[
'byRoleId'] as $roleIdCurrent =>
$rules) {
265 unset($this->_rules[
'byResourceId'][$resourceIdCurrent][
'byRoleId'][$roleIdCurrent]);
290 #require_once 'Zend/Acl/Exception.php'; 291 throw new Zend_Acl_Exception(
'addResource() expects $resource to be of type Zend_Acl_Resource_Interface');
294 $resourceId =
$resource->getResourceId();
296 if ($this->
has($resourceId)) {
297 #require_once 'Zend/Acl/Exception.php'; 301 $resourceParent =
null;
303 if (
null !== $parent) {
306 $resourceParentId = $parent->getResourceId();
308 $resourceParentId = $parent;
310 $resourceParent = $this->
get($resourceParentId);
312 #require_once 'Zend/Acl/Exception.php'; 313 throw new Zend_Acl_Exception(
"Parent Resource id '$resourceParentId' does not exist", 0, $e);
315 $this->_resources[$resourceParentId][
'children'][$resourceId] =
$resource;
318 $this->_resources[$resourceId] = array(
320 'parent' => $resourceParent,
321 'children' => array()
358 $resourceId =
$resource->getResourceId();
364 #require_once 'Zend/Acl/Exception.php'; 368 return $this->_resources[$resourceId][
'instance'];
382 $resourceId =
$resource->getResourceId();
387 return isset($this->_resources[$resourceId]);
408 $resourceId = $this->
get(
$resource)->getResourceId();
409 $inheritId = $this->
get($inherit)->getResourceId();
411 #require_once 'Zend/Acl/Exception.php'; 415 if (
null !== $this->_resources[$resourceId][
'parent']) {
416 $parentId = $this->_resources[$resourceId][
'parent']->getResourceId();
417 if ($inheritId === $parentId) {
419 }
else if ($onlyParent) {
426 while (
null !== $this->_resources[$parentId][
'parent']) {
427 $parentId = $this->_resources[$parentId][
'parent']->getResourceId();
428 if ($inheritId === $parentId) {
448 $resourceId = $this->
get(
$resource)->getResourceId();
450 #require_once 'Zend/Acl/Exception.php'; 454 $resourcesRemoved = array($resourceId);
455 if (
null !== ($resourceParent = $this->_resources[$resourceId][
'parent'])) {
456 unset($this->_resources[$resourceParent->getResourceId()][
'children'][$resourceId]);
458 foreach ($this->_resources[$resourceId][
'children'] as $childId => $child) {
459 $this->
remove($childId);
460 $resourcesRemoved[] = $childId;
463 foreach ($resourcesRemoved as $resourceIdRemoved) {
464 foreach ($this->_rules[
'byResourceId'] as $resourceIdCurrent =>
$rules) {
465 if ($resourceIdRemoved === $resourceIdCurrent) {
466 unset($this->_rules[
'byResourceId'][$resourceIdCurrent]);
471 unset($this->_resources[$resourceId]);
483 foreach ($this->_resources as $resourceId =>
$resource) {
484 foreach ($this->_rules[
'byResourceId'] as $resourceIdCurrent =>
$rules) {
485 if ($resourceId === $resourceIdCurrent) {
486 unset($this->_rules[
'byResourceId'][$resourceIdCurrent]);
491 $this->_resources = array();
508 return $this->
setRule(self::OP_ADD, self::TYPE_ALLOW, $roles, $resources, $privileges, $assert);
523 return $this->
setRule(self::OP_ADD, self::TYPE_DENY, $roles, $resources, $privileges, $assert);
535 public function removeAllow($roles =
null, $resources =
null, $privileges =
null)
537 return $this->
setRule(self::OP_REMOVE, self::TYPE_ALLOW, $roles, $resources, $privileges);
549 public function removeDeny($roles =
null, $resources =
null, $privileges =
null)
551 return $this->
setRule(self::OP_REMOVE, self::TYPE_DENY, $roles, $resources, $privileges);
606 public function setRule($operation,
$type, $roles =
null, $resources =
null, $privileges =
null,
611 if (self::TYPE_ALLOW !==
$type && self::TYPE_DENY !==
$type) {
612 #require_once 'Zend/Acl/Exception.php'; 613 throw new Zend_Acl_Exception(
"Unsupported rule type; must be either '" . self::TYPE_ALLOW .
"' or '" 614 . self::TYPE_DENY .
"'");
618 if (!is_array($roles)) {
619 $roles = array($roles);
620 }
else if (0 === count($roles)) {
621 $roles = array(
null);
625 foreach ($rolesTemp as $role) {
626 if (
null !== $role) {
635 if ($resources !==
null) {
636 if (!is_array($resources)) {
637 $resources = array($resources);
638 }
else if (0 === count($resources)) {
639 $resources = array(
null);
641 $resourcesTemp = $resources;
642 $resources = array();
652 $allResources = array();
653 foreach ($this->_resources as $rTarget) {
654 $allResources[] = $rTarget[
'instance'];
660 if (
null === $privileges) {
661 $privileges = array();
662 }
else if (!is_array($privileges)) {
663 $privileges = array($privileges);
666 switch ($operation) {
670 if ($resources !==
null) {
673 foreach ($roles as $role) {
675 if (0 === count($privileges)) {
677 $rules[
'allPrivileges'][
'assert'] = $assert;
678 if (!isset(
$rules[
'byPrivilegeId'])) {
679 $rules[
'byPrivilegeId'] = array();
682 foreach ($privileges as $privilege) {
683 $rules[
'byPrivilegeId'][$privilege][
'type'] =
$type;
684 $rules[
'byPrivilegeId'][$privilege][
'assert'] = $assert;
691 foreach ($roles as $role) {
693 if (0 === count($privileges)) {
695 $rules[
'allPrivileges'][
'assert'] = $assert;
697 foreach ($privileges as $privilege) {
698 $rules[
'byPrivilegeId'][$privilege][
'type'] =
$type;
699 $rules[
'byPrivilegeId'][$privilege][
'assert'] = $assert;
708 if ($resources !==
null) {
711 foreach ($roles as $role) {
716 if (0 === count($privileges)) {
717 if (
null ===
$resource &&
null === $role) {
720 'allPrivileges' => array(
721 'type' => self::TYPE_DENY,
724 'byPrivilegeId' => array()
730 if (isset(
$rules[
'allPrivileges'][
'type']) &&
733 unset(
$rules[
'allPrivileges']);
736 foreach ($privileges as $privilege) {
737 if (isset(
$rules[
'byPrivilegeId'][$privilege]) &&
738 $type ===
$rules[
'byPrivilegeId'][$privilege][
'type'])
740 unset(
$rules[
'byPrivilegeId'][$privilege]);
748 foreach ($roles as $role) {
754 foreach (array_merge(array(
null), $allResources) as
$resource) {
759 if (0 === count($privileges)) {
760 if (
null === $role) {
763 'allPrivileges' => array(
764 'type' => self::TYPE_DENY,
767 'byPrivilegeId' => array()
773 if (isset(
$rules[
'allPrivileges'][
'type']) &&
$type ===
$rules[
'allPrivileges'][
'type']) {
774 unset(
$rules[
'allPrivileges']);
777 foreach ($privileges as $privilege) {
778 if (isset(
$rules[
'byPrivilegeId'][$privilege]) &&
779 $type ===
$rules[
'byPrivilegeId'][$privilege][
'type'])
781 unset(
$rules[
'byPrivilegeId'][$privilege]);
791 #require_once 'Zend/Acl/Exception.php'; 792 throw new Zend_Acl_Exception(
"Unsupported operation; must be either '" . self::OP_ADD .
"' or '" 793 . self::OP_REMOVE .
"'");
830 $this->_isAllowedRole =
null;
831 $this->_isAllowedResource =
null;
832 $this->_isAllowedPrivilege =
null;
834 if (
null !== $role) {
836 $this->_isAllowedRole = $role;
839 $this->_isAllowedRole = $role;
852 if (
null === $privilege) {
862 foreach (
$rules[
'byPrivilegeId'] as $privilege =>
$rule) {
863 if (self::TYPE_DENY === ($ruleTypeOnePrivilege = $this->
_getRuleType(
$resource,
null, $privilege))) {
868 return self::TYPE_ALLOW === $ruleTypeAllPrivileges;
877 $this->_isAllowedPrivilege = $privilege;
887 return self::TYPE_ALLOW === $ruleType;
889 return self::TYPE_ALLOW === $ruleTypeAllPrivileges;
909 if (
null === $this->_roleRegistry) {
929 'visited' => array(),
937 while (
null !== ($role = array_pop($dfs[
'stack']))) {
938 if (!isset($dfs[
'visited'][$role->
getRoleId()])) {
969 #require_once 'Zend/Acl/Exception.php'; 974 foreach (
$rules[
'byPrivilegeId'] as $privilege =>
$rule) {
975 if (self::TYPE_DENY === ($ruleTypeOnePrivilege = $this->
_getRuleType(
$resource, $role, $privilege))) {
980 return self::TYPE_ALLOW === $ruleTypeAllPrivileges;
984 $dfs[
'visited'][$role->
getRoleId()] =
true;
985 foreach ($this->
_getRoleRegistry()->getParents($role) as $roleParentId => $roleParent) {
986 $dfs[
'stack'][] = $roleParent;
1008 if (
null === $privilege) {
1012 #require_once 'Zend/Acl/Exception.php'; 1017 'visited' => array(),
1025 while (
null !== ($role = array_pop($dfs[
'stack']))) {
1026 if (!isset($dfs[
'visited'][$role->
getRoleId()])) {
1052 $privilege =
null, &$dfs =
null)
1054 if (
null === $privilege) {
1058 #require_once 'Zend/Acl/Exception.php'; 1062 if (
null === $dfs) {
1066 #require_once 'Zend/Acl/Exception.php'; 1071 return self::TYPE_ALLOW === $ruleTypeOnePrivilege;
1073 return self::TYPE_ALLOW === $ruleTypeAllPrivileges;
1076 $dfs[
'visited'][$role->
getRoleId()] =
true;
1077 foreach ($this->
_getRoleRegistry()->getParents($role) as $roleParentId => $roleParent) {
1078 $dfs[
'stack'][] = $roleParent;
1114 if (
null === $privilege) {
1115 if (isset(
$rules[
'allPrivileges'])) {
1120 }
else if (!isset(
$rules[
'byPrivilegeId'][$privilege])) {
1127 if (
$rule[
'assert']) {
1128 $assertion =
$rule[
'assert'];
1129 $assertionValue = $assertion->assert(
1133 $this->_isAllowedPrivilege
1137 if (
null ===
$rule[
'assert'] || $assertionValue) {
1138 return $rule[
'type'];
1139 }
else if (
null !==
$resource ||
null !== $role ||
null !== $privilege) {
1141 }
else if (self::TYPE_ALLOW ===
$rule[
'type']) {
1171 $visitor =& $this->_rules[
'allResources'];
1174 $resourceId =
$resource->getResourceId();
1175 if (!isset($this->_rules[
'byResourceId'][$resourceId])) {
1179 $this->_rules[
'byResourceId'][$resourceId] = array();
1181 $visitor =& $this->_rules[
'byResourceId'][$resourceId];
1186 if (
null === $role) {
1187 if (!isset($visitor[
'allRoles'])) {
1191 $visitor[
'allRoles'][
'byPrivilegeId'] = array();
1193 return $visitor[
'allRoles'];
1196 if (!isset($visitor[
'byRoleId'][
$roleId])) {
1200 $visitor[
'byRoleId'][
$roleId][
'byPrivilegeId'] = array();
1201 $visitor[
'byRoleId'][
$roleId][
'allPrivileges'] = array(
'type' =>
null,
'assert' =>
null);
1203 return $visitor[
'byRoleId'][
$roleId];
1213 trigger_error(
'The method getRegisteredRoles() was deprecated as of ' 1214 .
'version 1.0, and may be removed. You\'re encouraged ' 1215 .
'to use getRoles() instead.');
1238 return array_keys($this->_resources);
removeDeny($roles=null, $resources=null, $privileges=null)
& _getRules(Zend_Acl_Resource_Interface $resource=null, Zend_Acl_Role_Interface $role=null, $create=false)
isAllowed($role=null, $resource=null, $privilege=null)
_roleDFSAllPrivileges(Zend_Acl_Role_Interface $role, Zend_Acl_Resource_Interface $resource=null)
add(Zend_Acl_Resource_Interface $resource, $parent=null)
inheritsRole($role, $inherit, $onlyParents=false)
deny($roles=null, $resources=null, $privileges=null, Zend_Acl_Assert_Interface $assert=null)
addResource($resource, $parent=null)
_roleDFSVisitOnePrivilege(Zend_Acl_Role_Interface $role, Zend_Acl_Resource_Interface $resource=null, $privilege=null, &$dfs=null)
removeAllow($roles=null, $resources=null, $privileges=null)
inherits($resource, $inherit, $onlyParent=false)
setRule($operation, $type, $roles=null, $resources=null, $privileges=null, Zend_Acl_Assert_Interface $assert=null)
_roleDFSVisitAllPrivileges(Zend_Acl_Role_Interface $role, Zend_Acl_Resource_Interface $resource=null, &$dfs=null)
allow($roles=null, $resources=null, $privileges=null, Zend_Acl_Assert_Interface $assert=null)
_getRuleType(Zend_Acl_Resource_Interface $resource=null, Zend_Acl_Role_Interface $role=null, $privilege=null)
addRole($role, $parents=null)
_roleDFSOnePrivilege(Zend_Acl_Role_Interface $role, Zend_Acl_Resource_Interface $resource=null, $privilege=null)