Overview

Namespaces

  • Charcoal
    • Object
    • User
      • Acl

Classes

  • Charcoal\Object\Content
  • Charcoal\Object\ObjectRevision
  • Charcoal\Object\ObjectRoute
  • Charcoal\Object\ObjectSchedule
  • Charcoal\Object\UserData
  • Charcoal\User\AbstractUser
  • Charcoal\User\Acl\Manager
  • Charcoal\User\Acl\Permission
  • Charcoal\User\Acl\PermissionCategory
  • Charcoal\User\Acl\Role
  • Charcoal\User\Authenticator
  • Charcoal\User\Authorizer
  • Charcoal\User\AuthToken
  • Charcoal\User\AuthTokenMetadata
  • Charcoal\User\GenericUser

Interfaces

  • Charcoal\Object\ArchivableInterface
  • Charcoal\Object\CategorizableInterface
  • Charcoal\Object\CategorizableMultipleInterface
  • Charcoal\Object\CategoryInterface
  • Charcoal\Object\ContentInterface
  • Charcoal\Object\HierarchicalInterface
  • Charcoal\Object\ObjectRevisionInterface
  • Charcoal\Object\ObjectRouteInterface
  • Charcoal\Object\ObjectScheduleInterface
  • Charcoal\Object\PublishableInterface
  • Charcoal\Object\RevisionableInterface
  • Charcoal\Object\RoutableInterface
  • Charcoal\Object\UserDataInterface
  • Charcoal\User\UserInterface

Traits

  • Charcoal\Object\ArchivableTrait
  • Charcoal\Object\CategorizableMultipleTrait
  • Charcoal\Object\CategorizableTrait
  • Charcoal\Object\CategoryTrait
  • Charcoal\Object\HierarchicalTrait
  • Charcoal\Object\PublishableTrait
  • Charcoal\Object\RevisionableTrait
  • Charcoal\Object\RoutableTrait
  • Overview
  • Namespace
  • Class 
  1: <?php
  2: 
  3: namespace Charcoal\User\Acl;
  4: 
  5: // Dependencies from `ext-pdo`
  6: use PDO;
  7: use PDOException;
  8: 
  9: // Dependencies from 'PSR-3' (Logging)
 10: use Psr\Log\LoggerAwareInterface;
 11: use Psr\Log\LoggerAwareTrait;
 12: 
 13: // Dependencies from `zendframework/zend-permissions`
 14: use Zend\Permissions\Acl\Acl;
 15: use Zend\Permissions\Acl\Role\GenericRole;
 16: 
 17: /**
 18:  * Manage ACL roles and permissions from config (arrays) or database.
 19:  */
 20: class Manager implements LoggerAwareInterface
 21: {
 22:     use LoggerAwareTrait;
 23: 
 24:     /**
 25:      * Constructor options:
 26:      * - `logger`
 27:      *
 28:      * @param array $data Constructor options.
 29:      */
 30:     public function __construct(array $data)
 31:     {
 32:         $this->setLogger($data['logger']);
 33:     }
 34: 
 35:     /**
 36:      * @param Acl    $acl         The Zend Acl instant to load permissions to.
 37:      * @param array  $permissions The array of permissions, in [role=>details] array.
 38:      * @param string $resource    The Acl resource (string identifier) to load roles and permissions into.
 39:      * @return void
 40:      */
 41:     public function loadPermissions(Acl &$acl, array $permissions, $resource = '')
 42:     {
 43:         foreach ($permissions as $role => $rolePermissions) {
 44:             $this->addRoleAndPermissions($acl, $role, $rolePermissions, $resource);
 45:         }
 46:     }
 47: 
 48:     /**
 49:      * @param Acl    $acl      The Zend Acl instance to load permissions to.
 50:      * @param PDO    $db       The PDO database instance.
 51:      * @param string $table    The table where to fetch the roles and permissions.
 52:      * @param string $resource The Acl resource (string identifier) to load roles and permissions into.
 53:      * @return void
 54:      */
 55:     public function loadDatabasePermissions(Acl &$acl, PDO $db, $table, $resource = '')
 56:     {
 57:         // Quick-and-dirty sanitization
 58:         $table = preg_replace('/[^A-Za-z0-9_]/', '', $table);
 59: 
 60:         $q = '
 61:             SELECT
 62:                 `ident`,
 63:                 `parent`,
 64:                 `denied`,
 65:                 `allowed`,
 66:                 `superuser`
 67:             FROM
 68:                 `'.$table.'`
 69:             ORDER BY
 70:                 `position` ASC';
 71: 
 72:         $this->logger->debug($q);
 73: 
 74:         // Put inside a try-catch block because ACL is optional; table might not exist.
 75:         try {
 76:             $sth = $db->query($q);
 77:             while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
 78:                 $this->addRoleAndPermissions($acl, $row['ident'], $row, $resource);
 79:             }
 80:         } catch (PDOException $e) {
 81:             $this->logger->warning('Can not fetch ACL roles: '.$e->getMessage());
 82:         }
 83:     }
 84: 
 85:     /**
 86:      * @param Acl    $acl         The Zend Acl instant to add permissions to.
 87:      * @param string $role        The role (string identifier) to add.
 88:      * @param array  $permissions The permissions details (array) to add.
 89:      * @param string $resource    The Acl resource (string identifier) to add roles and permissions into.
 90:      * @return void
 91:      */
 92:     private function addRoleAndPermissions(Acl &$acl, $role, array $permissions, $resource)
 93:     {
 94:         if (!$acl->hasRole($role)) {
 95:             // Add role
 96:             $parentRole = isset($permissions['parent']) ? $permissions['parent'] : null;
 97:             $parentRole = $parentRole ?: null;
 98:             $newRole = new GenericRole($role);
 99:             $acl->addRole($newRole, $parentRole);
100:         }
101: 
102:         if (isset($permissions['superuser']) && $permissions['superuser']) {
103:             $acl->allow($role);
104: 
105:             return;
106:         }
107: 
108:         if (isset($permissions['allowed'])) {
109:             if (is_string($permissions['allowed'])) {
110:                 $allowedPermissions = explode(',', $permissions['allowed']);
111:             } else {
112:                 $allowedPermissions = $permissions['allowed'];
113:             }
114:             foreach ($allowedPermissions as $allowed) {
115:                 $acl->allow($role, $resource, $allowed);
116:             }
117:         }
118: 
119:         if (isset($permissions['denied'])) {
120:             if (is_string($permissions['denied'])) {
121:                 $deniedPermissions = explode(',', $permissions['denied']);
122:             } else {
123:                 $deniedPermissions = $permissions['denied'];
124:             }
125:             foreach ($deniedPermissions as $denied) {
126:                 $acl->deny($role, $resource, $denied);
127:             }
128:         }
129:     }
130: }
131:
API documentation generated by ApiGen