01-02-2010, 12:51 AM
|
#1 (permalink)
|
|
The Addict
Join Date: Jun 2008
Posts: 335
Thanks: 2
|
Simple ACL
I was in need of a really simple ACL so I just made my own ( I would've liked to use Zend's but the need for it was so small I couldn't justify including even a portion of that beast )
It's simple, it works off Resources & Roles just like Zends ( Albeit simplified ) and allows for role inheritance and binding ( Binding a particular role to a or set of resources )
Having made use of the __sleep magic method, this object can be serialized so the role(s) and resource(s) are store able.
You can see an example below
php Code:
<?php$acl-> addResource('forum', array('edit', 'view', 'delete', 'add')); $acl-> addRole('guest', null, array('view'), 'forum') -> addRole('user', 'guest', array('add')) -> addRole('moderator', 'user', array('edit', 'delete')) -> addRole('administrator'); if( $acl-> isAllowed('moderator', 'edit', 'forum') ) echo 'FOOO'; $acl-> addResource('gallery', array('view')) -> addRole('guest', null, array('view'), 'gallery') -> addRole('user', 'guest', null, 'gallery') -> addRole('moderator', 'user', array('delete'), 'gallery'); if( $acl-> isAllowed('user', 'view', 'gallery') ) echo "FOOO"; $serializedObject = serialize($acl); $acl2 = new System_Acl (unserialize($serializedObject));
The actual object is below:
php Code:
<?phpclass System_Acl { private $roles = array(); private $resources = array(); private $bindings = array(); public function __construct( $unserializedACL = null ) { // Restore object if( is_array($unserializedACL) && count($unserializedACL) == 3 ) { $this-> roles = $unserializedACL[ 'roles']; $this-> resources = $unserializedACL[ 'resources']; $this-> bindings = $unserializedACL[ 'bindings']; } } public function __sleep() { // When we serialize the object for keeping return array( 'bindings' => $this-> bindings, 'roles' => $this-> roles, 'resources' => $this-> resources ); } public function addResource ( $resourceName, $actions = array() ) { // Add a resource to be considered $this-> resources[ $resourceName] = $actions; return $this; } public function addRole ( $roleName, $inherit = null, $allowedActions = array(), $addRoleTo = null ) { $allowedActions = ( is_null($allowedActions) ) ? array() : $allowedActions; // Construct allowed actions array, if there's an inheritence add it $allowedActions = (! is_null($inherit) && array_key_exists($inherit, $this-> roles)) ? array_merge($this-> roles[ $inherit], $allowedActions) : $allowedActions; // Add the role $this-> roles[ $roleName] = $allowedActions; // If these rules are bound to a particular object // Add the bind if( (! is_null($addRoleTo) || array_key_exists($inherit, $this-> bindings)) ) { $resourceBind = ( is_null($addRoleTo) ) ? $this-> bindings[ $inherit] : $addRoleTo; if( ! is_array($resourceBind) ) { if( array_key_exists($resourceBind, $this-> resources) ) $this-> bindings[ $roleName][] = $resourceBind; }else{ foreach( $resourceBind as $bindingResource ) { if( array_key_exists($bindingResource, $this-> resources) ) $this-> bindings[ $roleName] = $resourceBind; } } } return $this; } public function allow ( $roleName, $actions = array() ) { // Allow this role new powers if( array_key_exists($roleName, $this-> roles) ) $this-> roles[ $roleName] = array_merge($this-> roles[ $roleName], $actions); return $this; } public function deny ( $roleName, $deniedActions ) { // Deny him powers if( ! is_array($deniedActions) ) $deniedActions = array($deniedActions); if( array_key_exists($roleName, $this-> roles) ) { $roleActions = $this-> roles[ $roleName]; $newRoleActions = array(); foreach( $roleActions as $roleAction ) { if( ! in_array($roleAction, $deniedActions) ) $newRoleActions[] = $roleAction; } $this-> roles[ $roleName] = $newRoleActions; } return $this; } public function isAllowed ( $roleName, $action, $resoure = null ) { if( array_key_exists($roleName, $this-> roles) ) { if( count($this-> roles[ $roleName] ) == 0 ) return true; if( ! is_null($resoure) ) { if( array_key_exists($resoure, $this-> resources) && ! in_array($action, $this-> resources[ $resoure] ) ) return false; if( array_key_exists($roleName, $this-> bindings) ) { if( is_array($this-> bindings[ $roleName] ) ) { if( in_array($action, $this-> roles[ $roleName] ) ) return true; }elseif( is_string($this-> bindings[ $roleName] ) && $resoure == $this-> bindings[ $roleName] ) { if( in_array($action, $this-> roles[ $roleName] ) ) return true; }else{ if( in_array($action, $this-> roles[ $roleName] ) ) return true; } }else{ return false; } }else{ if( in_array($action, $this-> roles[ $roleName] ) ) return true; } } return false; }}
|
|
|
|
Join the friendly bunch on IRC...
Hybrid Mode
