00001 <?php
00027 include CORE_PATH . 'extensions/acl/role/role.php';
00028
00032 include CORE_PATH . 'extensions/acl/resource/resource.php';
00033
00054 class Acl {
00055
00061 private $roles_names = array();
00062
00068 private $roles = array();
00069
00075 private $resources = array();
00076
00082 public $access = array();
00083
00089 private $role_inherits = array();
00090
00096 private $resources_names = array('*');
00097
00103 private $access_list = array('*' => array('*'));
00104
00118 public function add_role(AclRole $roleObject, $access_inherits='') {
00119 if(in_array($roleObject->name, $this->roles_names)) {
00120 return false;
00121 }
00122 $this->roles[] = $roleObject;
00123 $this->roles_names[] = $roleObject->name;
00124 $this->access[$roleObject->name]['*']['*'] = 'A';
00125 if($access_inherits) {
00126 $this->add_inherit($roleObject->name, $access_inherits);
00127 }
00128 }
00129
00136 public function add_inherit($role, $role_to_inherit) {
00137 if(!in_array($role, $this->roles_names)) {
00138 return false;
00139 }
00140 if($role_to_inherit!='') {
00141 if(is_array($role_to_inherit)) {
00142 foreach($role_to_inherit as $rol_in) {
00143 if($rol_in==$role) {
00144 return false;
00145 }
00146 if(!in_array($rol_in, $this->roles_names)) {
00147 throw new KumbiaException("El Rol '{$rol_in}' no existe en la lista");
00148 return false;
00149 }
00150 $this->role_inherits[$role][] = $role_in;
00151 }
00152 $this->rebuild_access_list();
00153 } else {
00154 if($role_to_inherit==$role) {
00155 return false;
00156 }
00157 if(!in_array($role_to_inherit, $this->roles_names)) {
00158 throw new KumbiaException("El Rol '{$role_to_inherit}' no existe en la lista");
00159 return false;
00160 }
00161 $this->role_inherits[$role][] = $role_to_inherit;
00162 $this->rebuild_access_list();
00163 }
00164 } else {
00165 throw new KumbiaException("Debe especificar un rol a heredar en Acl::add_inherit");
00166 return false;
00167 }
00168 }
00169
00177 public function is_role($role_name) {
00178 return in_array($role_name, $this->roles_names);
00179 }
00180
00188 public function is_resource($resource_name) {
00189 return in_array($resource_name, $this->resources_names);
00190 }
00191
00210 public function add_resource(Acl_Resource $resource) {
00211 if(!in_array($resource->name, $this->resources)) {
00212 $this->resources[] = $resource;
00213 $this->access_list[$resource->name] = array();
00214 $this->resources_names[] = $resource->name;
00215 }
00216 if(func_num_args()>1) {
00217 $access_list = func_get_args();
00218 unset($access_list[0]);
00219 $this->add_resource_access($resource->name, $access_list);
00220 }
00221 }
00222
00229 public function add_resource_access($resource, $access_list) {
00230
00231 if(is_array($access_list)) {
00232 foreach($access_list as $access_name) {
00233 if(!in_array($access_name, $this->access_list[$resource])) {
00234 $this->access_list[$resource][] = $access_name;
00235 }
00236 }
00237 } else {
00238 if(!in_array($access_list, $this->access_list[$resource])) {
00239 $this->access_list[$resource][] = $access_list;
00240 }
00241 }
00242
00243 }
00244
00251 public function drop_resource_access($resource, $access_list) {
00252
00253 if(is_array($access_list)) {
00254 foreach($access_list as $access_name) {
00255 if(in_array($access_name, $this->access_list[$resource])) {
00256 foreach($this->access_list[$resource] as $i => $access) {
00257 if($access==$access_name) {
00258 unset($this->access_list[$resource][$i]);
00259 }
00260 }
00261 }
00262 }
00263 } else {
00264 if(in_array($access_list, $this->access_list[$resource])) {
00265 foreach($this->access_list[$resource] as $i => $access) {
00266 if($access==$access_list) {
00267 unset($this->access_list[$resource][$i]);
00268 }
00269 }
00270 }
00271 }
00272 $this->rebuild_access_list();
00273
00274 }
00275
00300 public function allow($role, $resource, $access) {
00301
00302 if(!in_array($role, $this->roles_names)) {
00303 throw new KumbiaException("No existe el rol '$role' en la lista");
00304 return;
00305 }
00306
00307 if(!in_array($resource, $this->resources_names)) {
00308 throw new KumbiaException("No existe el resource '$resource' en la lista");
00309 return;
00310 }
00311
00312 if(is_array($access)) {
00313 foreach($access as $acc) {
00314 if(!in_array($acc, $this->access_list[$resource])) {
00315 throw new KumbiaException("No existe el acceso '$acc' en el resource '$resource' de la lista");
00316 return false;
00317 }
00318 }
00319 foreach($access as $acc) {
00320 $this->access[$role][$resource][$acc] = 'A';
00321 }
00322 } else {
00323 if(!in_array($access, $this->access_list[$resource])) {
00324 throw new KumbiaException("No existe el acceso '$acc' en el resource '$resource' de la lista");
00325 return false;
00326 }
00327 $this->access[$role][$resource][$access] = 'A';
00328 $this->rebuild_access_list();
00329 }
00330 }
00331
00356 public function deny($role, $resource, $access) {
00357
00358 if(!in_array($role, $this->roles_names)) {
00359 throw new KumbiaException("No existe el rol '$role' en la lista");
00360 return;
00361 }
00362
00363 if(!in_array($resource, $this->resources_names)) {
00364 throw new KumbiaException("No existe el resource '$resource' en la lista");
00365 return;
00366 }
00367
00368 if(is_array($access)) {
00369 foreach($access as $acc) {
00370 if(!in_array($acc, $this->access_list[$resource])) {
00371 throw new KumbiaException("No existe el acceso '$access' en el resource '$resource' de la lista");
00372 return false;
00373 }
00374 }
00375 foreach($access as $acc) {
00376 $this->access[$role][$resource][$acc] = 'D';
00377 }
00378 } else {
00379 if(!in_array($access, $this->access_list[$resource])) {
00380 throw new KumbiaException("No existe el acceso '$access' en el resource '$resource' de la lista");
00381 return false;
00382 }
00383 $this->access[$role][$resource][$access] = 'D';
00384 $this->rebuild_access_list();
00385 }
00386 }
00387
00407 public function is_allowed($role, $resource, $access_list) {
00408
00409 if(!in_array($role, $this->roles_names)) {
00410 throw new KumbiaException("El rol '$role' no existe en la lista en acl::is_allowed");
00411 return false;
00412 }
00413 if(!in_array($resource, $this->resources_names)) {
00414 throw new KumbiaException("El resource '$resource' no existe en la lista en acl::is_allowed");
00415 return false;
00416 }
00417 if(is_array($access_list)) {
00418 foreach ($access_list as $access) {
00419 if(!in_array($access, $this->access_list[$resource])) {
00420 throw new KumbiaException("No existe en acceso '$access' en el resource '$resource' en acl::is_allowed");
00421 return false;
00422 }
00423 }
00424 } else {
00425 if(!in_array($access_list, $this->access_list[$resource])) {
00426 throw new KumbiaException("No existe en acceso '$access_list' en el resource '$resource' en acl::is_allowed");
00427 return false;
00428 }
00429 }
00430
00431
00432
00433
00434
00435 }
00436
00443 private function rebuild_access_list() {
00444
00445 for($i=0;$i<=ceil(count($this->roles)*count($this->roles)/2);$i++) {
00446 foreach($this->roles_names as $role) {
00447 if(isset($this->role_inherits[$role])) {
00448 foreach($this->role_inherits[$role] as $role_inherit) {
00449 if(isset($this->access[$role_inherit])) {
00450 foreach($this->access[$role_inherit] as $resource_name => $access) {
00451 foreach ($access as $access_name => $value) {
00452 if(!in_array($access_name, $this->access_list[$resource_name])) {
00453 unset($this->access[$role_inherit][$resource_name][$access_name]);
00454 } else {
00455 if(!isset($this->access[$role][$resource_name][$access_name])) {
00456 $this->access[$role][$resource_name][$access_name] = $value;
00457 }
00458 }
00459 }
00460 }
00461 }
00462 }
00463 }
00464 }
00465 }
00466 }
00467 }
