KumbiaPHP beta2-dev
Framework PHP en español
|
00001 <?php 00048 include CORE_PATH . 'libs/acl/role/role.php'; 00049 00053 include CORE_PATH . 'libs/acl/resource/resource.php'; 00054 00055 class Acl { 00056 00062 private $roles_names = array(); 00063 00069 private $roles = array(); 00070 00076 private $resources = array(); 00077 00083 public $access = array(); 00084 00090 private $role_inherits = array(); 00091 00097 private $resources_names = array('*'); 00098 00104 private $access_list = array('*' => array('*')); 00105 00119 public function add_role(AclRole $roleObject, $access_inherits='') { 00120 if(in_array($roleObject->name, $this->roles_names)) { 00121 return false; 00122 } 00123 $this->roles[] = $roleObject; 00124 $this->roles_names[] = $roleObject->name; 00125 $this->access[$roleObject->name]['*']['*'] = 'A'; 00126 if($access_inherits) { 00127 $this->add_inherit($roleObject->name, $access_inherits); 00128 } 00129 } 00130 00137 public function add_inherit($role, $role_to_inherit) { 00138 if(!in_array($role, $this->roles_names)) { 00139 return false; 00140 } 00141 if($role_to_inherit!='') { 00142 if(is_array($role_to_inherit)) { 00143 foreach($role_to_inherit as $rol_in) { 00144 if($rol_in==$role) { 00145 return false; 00146 } 00147 if(!in_array($rol_in, $this->roles_names)) { 00148 throw new KumbiaException("El Rol '{$rol_in}' no existe en la lista"); 00149 return false; 00150 } 00151 $this->role_inherits[$role][] = $role_in; 00152 } 00153 $this->rebuild_access_list(); 00154 } else { 00155 if($role_to_inherit==$role) { 00156 return false; 00157 } 00158 if(!in_array($role_to_inherit, $this->roles_names)) { 00159 throw new KumbiaException("El Rol '{$role_to_inherit}' no existe en la lista"); 00160 return false; 00161 } 00162 $this->role_inherits[$role][] = $role_to_inherit; 00163 $this->rebuild_access_list(); 00164 } 00165 } else { 00166 throw new KumbiaException("Debe especificar un rol a heredar en Acl::add_inherit"); 00167 return false; 00168 } 00169 } 00170 00178 public function is_role($role_name) { 00179 return in_array($role_name, $this->roles_names); 00180 } 00181 00189 public function is_resource($resource_name) { 00190 return in_array($resource_name, $this->resources_names); 00191 } 00192 00211 public function add_resource(AclResource $resource) { 00212 if(!in_array($resource->name, $this->resources)) { 00213 $this->resources[] = $resource; 00214 $this->access_list[$resource->name] = array(); 00215 $this->resources_names[] = $resource->name; 00216 } 00217 if(func_num_args()>1) { 00218 $access_list = func_get_args(); 00219 unset($access_list[0]); 00220 $this->add_resource_access($resource->name, $access_list); 00221 } 00222 } 00223 00230 public function add_resource_access($resource, $access_list) { 00231 if(is_array($access_list)) { 00232 foreach($access_list as $access_name) { 00233 if(!in_array($access_name, $this->access_list[$resource])) { 00234 $this->access_list[$resource][] = $access_name; 00235 } 00236 } 00237 } else { 00238 if(!in_array($access_list, $this->access_list[$resource])) { 00239 $this->access_list[$resource][] = $access_list; 00240 } 00241 } 00242 } 00243 00250 public function drop_resource_access($resource, $access_list) { 00251 if(is_array($access_list)) { 00252 foreach($access_list as $access_name) { 00253 if(in_array($access_name, $this->access_list[$resource])) { 00254 foreach($this->access_list[$resource] as $i => $access) { 00255 if($access==$access_name) { 00256 unset($this->access_list[$resource][$i]); 00257 } 00258 } 00259 } 00260 } 00261 } else { 00262 if(in_array($access_list, $this->access_list[$resource])) { 00263 foreach($this->access_list[$resource] as $i => $access) { 00264 if($access==$access_list) { 00265 unset($this->access_list[$resource][$i]); 00266 } 00267 } 00268 } 00269 } 00270 $this->rebuild_access_list(); 00271 00272 } 00273 00298 public function allow($role, $resource, $access) { 00299 if(!in_array($role, $this->roles_names)) { 00300 throw new KumbiaException("No existe el rol '$role' en la lista"); 00301 return; 00302 } 00303 if(!in_array($resource, $this->resources_names)) { 00304 throw new KumbiaException("No existe el resource '$resource' en la lista"); 00305 return; 00306 } 00307 if(is_array($access)) { 00308 foreach($access as $acc) { 00309 if(!in_array($acc, $this->access_list[$resource])) { 00310 throw new KumbiaException("No existe el acceso '$acc' en el resource '$resource' de la lista"); 00311 return false; 00312 } 00313 } 00314 foreach($access as $acc) { 00315 $this->access[$role][$resource][$acc] = 'A'; 00316 } 00317 } else { 00318 if(!in_array($access, $this->access_list[$resource])) { 00319 throw new KumbiaException("No existe el acceso '$access' en el resource '$resource' de la lista"); 00320 return false; 00321 } 00322 $this->access[$role][$resource][$access] = 'A'; 00323 $this->rebuild_access_list(); 00324 } 00325 } 00326 00351 public function deny($role, $resource, $access) { 00352 if(!in_array($role, $this->roles_names)) { 00353 throw new KumbiaException("No existe el rol '$role' en la lista"); 00354 return; 00355 } 00356 if(!in_array($resource, $this->resources_names)) { 00357 throw new KumbiaException("No existe el resource '$resource' en la lista"); 00358 return; 00359 } 00360 if(is_array($access)) { 00361 foreach($access as $acc) { 00362 if(!in_array($acc, $this->access_list[$resource])) { 00363 throw new KumbiaException("No existe el acceso '$acc' en el resource '$resource' de la lista"); 00364 return false; 00365 } 00366 } 00367 foreach($access as $acc) { 00368 $this->access[$role][$resource][$acc] = 'D'; 00369 } 00370 } else { 00371 if(!in_array($access, $this->access_list[$resource])) { 00372 throw new KumbiaException("No existe el acceso '$access' en el resource '$resource' de la lista"); 00373 return false; 00374 } 00375 $this->access[$role][$resource][$access] = 'D'; 00376 $this->rebuild_access_list(); 00377 } 00378 } 00379 00399 public function is_allowed($role, $resource, $access_list) { 00400 if(!in_array($role, $this->roles_names)) { 00401 throw new KumbiaException("El rol '$role' no existe en la lista en acl::is_allowed"); 00402 return false; 00403 } 00404 if(!in_array($resource, $this->resources_names)) { 00405 throw new KumbiaException("El resource '$resource' no existe en la lista en acl::is_allowed"); 00406 return false; 00407 } 00408 if(is_array($access_list)) { 00409 foreach ($access_list as $access) { 00410 if(!in_array($access, $this->access_list[$resource])) { 00411 throw new KumbiaException("No existe en acceso '$access' en el resource '$resource' en acl::is_allowed"); 00412 return false; 00413 } 00414 } 00415 } else { 00416 if(!in_array($access_list, $this->access_list[$resource])) { 00417 throw new KumbiaException("No existe en acceso '$access_list' en el resource '$resource' en acl::is_allowed"); 00418 return false; 00419 } 00420 } 00421 00422 /*foreach($this->access[$role] as ){ 00423 00424 }*/ 00425 // FIXME: Por lo pronto hacemos esta validación, luego se mejorará 00426 if(!isset($this->access[$role][$resource][$access_list])) return false; 00427 if($this->access[$role][$resource][$access_list] == "A") return true; 00428 } 00429 00436 private function rebuild_access_list() { 00437 for($i=0;$i<=ceil(count($this->roles)*count($this->roles)/2);$i++) { 00438 foreach($this->roles_names as $role) { 00439 if(isset($this->role_inherits[$role])) { 00440 foreach($this->role_inherits[$role] as $role_inherit) { 00441 if(isset($this->access[$role_inherit])) { 00442 foreach($this->access[$role_inherit] as $resource_name => $access) { 00443 foreach ($access as $access_name => $value) { 00444 if(!in_array($access_name, $this->access_list[$resource_name])) { 00445 unset($this->access[$role_inherit][$resource_name][$access_name]); 00446 } else { 00447 if(!isset($this->access[$role][$resource_name][$access_name])) { 00448 $this->access[$role][$resource_name][$access_name] = $value; 00449 } 00450 } 00451 } 00452 } 00453 } 00454 } 00455 } 00456 } 00457 } 00458 } 00459 }