23 include
CORE_PATH .
'libs/acl/role/role.php';
28 include
CORE_PATH .
'libs/acl/resource/resource.php';
60 private $roles_names = array();
66 private $roles = array();
72 private $resources = array();
84 private $role_inherits = array();
90 private $resources_names = array(
'*');
96 private $access_list = array(
'*' => array(
'*'));
113 if (in_array($roleObject->name, $this->roles_names)) {
116 $this->roles[] = $roleObject;
117 $this->roles_names[] = $roleObject->name;
118 $this->access[$roleObject->name][
'*'][
'*'] =
'A';
119 if ($access_inherits) {
120 $this->
add_inherit($roleObject->name, $access_inherits);
132 if (!in_array($role, $this->roles_names)) {
135 if ($role_to_inherit !=
'') {
136 if (is_array($role_to_inherit)) {
137 foreach ($role_to_inherit as $rol_in) {
138 if ($rol_in == $role) {
141 if (!in_array($rol_in, $this->roles_names)) {
145 $this->role_inherits[$role][] = $role_in;
147 $this->rebuild_access_list();
149 if ($role_to_inherit == $role) {
152 if (!in_array($role_to_inherit, $this->roles_names)) {
153 throw new KumbiaException(
"El Rol '{$role_to_inherit}' no existe en la lista");
156 $this->role_inherits[$role][] = $role_to_inherit;
157 $this->rebuild_access_list();
160 throw new KumbiaException(
"Debe especificar un rol a heredar en Acl::add_inherit");
174 return in_array($role_name, $this->roles_names);
186 return in_array($resource_name, $this->resources_names);
209 if (!in_array($resource->name, $this->resources)) {
210 $this->resources[] = $resource;
211 $this->access_list[$resource->name] = array();
212 $this->resources_names[] = $resource->name;
214 if (func_num_args() > 1) {
215 $access_list = func_get_args();
216 unset($access_list[0]);
229 if (is_array($access_list)) {
230 foreach ($access_list as $access_name) {
231 if (!in_array($access_name, $this->access_list[$resource])) {
232 $this->access_list[$resource][] = $access_name;
236 if (!in_array($access_list, $this->access_list[$resource])) {
237 $this->access_list[$resource][] = $access_list;
250 if (is_array($access_list)) {
251 foreach ($access_list as $access_name) {
252 if (in_array($access_name, $this->access_list[$resource])) {
253 foreach ($this->access_list[$resource] as $i =>
$access) {
255 unset($this->access_list[$resource][$i]);
261 if (in_array($access_list, $this->access_list[$resource])) {
262 foreach ($this->access_list[$resource] as $i =>
$access) {
264 unset($this->access_list[$resource][$i]);
269 $this->rebuild_access_list();
298 if (!in_array($role, $this->roles_names)) {
302 if (!in_array($resource, $this->resources_names)) {
303 throw new KumbiaException(
"No existe el resource '$resource' en la lista");
308 if (!in_array($acc, $this->access_list[$resource])) {
309 throw new KumbiaException(
"No existe el acceso '$acc' en el resource '$resource' de la lista");
314 $this->access[$role][$resource][$acc] =
'A';
317 if (!in_array(
$access, $this->access_list[$resource])) {
318 throw new KumbiaException(
"No existe el acceso '$access' en el resource '$resource' de la lista");
321 $this->access[$role][$resource][
$access] =
'A';
322 $this->rebuild_access_list();
352 if (!in_array($role, $this->roles_names)) {
356 if (!in_array($resource, $this->resources_names)) {
357 throw new KumbiaException(
"No existe el resource '$resource' en la lista");
362 if (!in_array($acc, $this->access_list[$resource])) {
363 throw new KumbiaException(
"No existe el acceso '$acc' en el resource '$resource' de la lista");
368 $this->access[$role][$resource][$acc] =
'D';
371 if (!in_array(
$access, $this->access_list[$resource])) {
372 throw new KumbiaException(
"No existe el acceso '$access' en el resource '$resource' de la lista");
375 $this->access[$role][$resource][
$access] =
'D';
376 $this->rebuild_access_list();
401 if (!in_array($role, $this->roles_names)) {
402 throw new KumbiaException(
"El rol '$role' no existe en la lista en acl::is_allowed");
405 if (!in_array($resource, $this->resources_names)) {
406 throw new KumbiaException(
"El resource '$resource' no existe en la lista en acl::is_allowed");
409 if (is_array($access_list)) {
410 foreach ($access_list as
$access) {
411 if (!in_array($access, $this->access_list[$resource])) {
412 throw new KumbiaException(
"No existe en acceso '$access' en el resource '$resource' en acl::is_allowed");
417 if (!in_array($access_list, $this->access_list[$resource])) {
418 throw new KumbiaException(
"No existe en acceso '$access_list' en el resource '$resource' en acl::is_allowed");
427 if (!isset($this->access[$role][$resource][$access_list]))
429 if ($this->access[$role][$resource][$access_list] ==
"A")
439 private function rebuild_access_list()
441 for ($i = 0; $i <= ceil(count($this->roles) * count($this->roles) / 2); $i++) {
442 foreach ($this->roles_names as $role) {
443 if (isset($this->role_inherits[$role])) {
444 foreach ($this->role_inherits[$role] as $role_inherit) {
445 if (isset($this->access[$role_inherit])) {
446 foreach ($this->access[$role_inherit] as $resource_name =>
$access) {
447 foreach (
$access as $access_name => $value) {
448 if (!in_array($access_name, $this->access_list[$resource_name])) {
449 unset($this->access[$role_inherit][$resource_name][$access_name]);
451 if (!isset($this->access[$role][$resource_name][$access_name])) {
452 $this->access[$role][$resource_name][$access_name] = $value;