📄 acl.php
字号:
* @throws Zend_Acl_Resource_Registry_Exception * @return boolean */ public function inherits($resource, $inherit, $onlyParent = false) { try { $resourceId = $this->get($resource)->getResourceId(); $inheritId = $this->get($inherit)->getResourceId(); } catch (Zend_Acl_Exception $e) { throw $e; } if (null !== $this->_resources[$resourceId]['parent']) { $parentId = $this->_resources[$resourceId]['parent']->getResourceId(); if ($inheritId === $parentId) { return true; } else if ($onlyParent) { return false; } } else { return false; } while (null !== $this->_resources[$parentId]['parent']) { $parentId = $this->_resources[$parentId]['parent']->getResourceId(); if ($inheritId === $parentId) { return true; } } return false; } /** * Removes a Resource and all of its children * * The $resource parameter can either be a Resource or a Resource identifier. * * @param Zend_Acl_Resource_Interface|string $resource * @throws Zend_Acl_Exception * @return Zend_Acl Provides a fluent interface */ public function remove($resource) { try { $resourceId = $this->get($resource)->getResourceId(); } catch (Zend_Acl_Exception $e) { throw $e; } $resourcesRemoved = array($resourceId); if (null !== ($resourceParent = $this->_resources[$resourceId]['parent'])) { unset($this->_resources[$resourceParent->getResourceId()]['children'][$resourceId]); } foreach ($this->_resources[$resourceId]['children'] as $childId => $child) { $this->remove($childId); $resourcesRemoved[] = $childId; } foreach ($resourcesRemoved as $resourceIdRemoved) { foreach ($this->_rules['byResourceId'] as $resourceIdCurrent => $rules) { if ($resourceIdRemoved === $resourceIdCurrent) { unset($this->_rules['byResourceId'][$resourceIdCurrent]); } } } unset($this->_resources[$resourceId]); return $this; } /** * Removes all Resources * * @return Zend_Acl Provides a fluent interface */ public function removeAll() { foreach ($this->_resources as $resourceId => $resource) { foreach ($this->_rules['byResourceId'] as $resourceIdCurrent => $rules) { if ($resourceId === $resourceIdCurrent) { unset($this->_rules['byResourceId'][$resourceIdCurrent]); } } } $this->_resources = array(); return $this; } /** * Adds an "allow" rule to the ACL * * @param Zend_Acl_Role_Interface|string|array $roles * @param Zend_Acl_Resource_Interface|string|array $resources * @param string|array $privileges * @param Zend_Acl_Assert_Interface $assert * @uses Zend_Acl::setRule() * @return Zend_Acl Provides a fluent interface */ public function allow($roles = null, $resources = null, $privileges = null, Zend_Acl_Assert_Interface $assert = null) { return $this->setRule(self::OP_ADD, self::TYPE_ALLOW, $roles, $resources, $privileges, $assert); } /** * Adds a "deny" rule to the ACL * * @param Zend_Acl_Role_Interface|string|array $roles * @param Zend_Acl_Resource_Interface|string|array $resources * @param string|array $privileges * @param Zend_Acl_Assert_Interface $assert * @uses Zend_Acl::setRule() * @return Zend_Acl Provides a fluent interface */ public function deny($roles = null, $resources = null, $privileges = null, Zend_Acl_Assert_Interface $assert = null) { return $this->setRule(self::OP_ADD, self::TYPE_DENY, $roles, $resources, $privileges, $assert); } /** * Removes "allow" permissions from the ACL * * @param Zend_Acl_Role_Interface|string|array $roles * @param Zend_Acl_Resource_Interface|string|array $resources * @param string|array $privileges * @uses Zend_Acl::setRule() * @return Zend_Acl Provides a fluent interface */ public function removeAllow($roles = null, $resources = null, $privileges = null) { return $this->setRule(self::OP_REMOVE, self::TYPE_ALLOW, $roles, $resources, $privileges); } /** * Removes "deny" restrictions from the ACL * * @param Zend_Acl_Role_Interface|string|array $roles * @param Zend_Acl_Resource_Interface|string|array $resources * @param string|array $privileges * @uses Zend_Acl::setRule() * @return Zend_Acl Provides a fluent interface */ public function removeDeny($roles = null, $resources = null, $privileges = null) { return $this->setRule(self::OP_REMOVE, self::TYPE_DENY, $roles, $resources, $privileges); } /** * Performs operations on ACL rules * * The $operation parameter may be either OP_ADD or OP_REMOVE, depending on whether the * user wants to add or remove a rule, respectively: * * OP_ADD specifics: * * A rule is added that would allow one or more Roles access to [certain $privileges * upon] the specified Resource(s). * * OP_REMOVE specifics: * * The rule is removed only in the context of the given Roles, Resources, and privileges. * Existing rules to which the remove operation does not apply would remain in the * ACL. * * The $type parameter may be either TYPE_ALLOW or TYPE_DENY, depending on whether the * rule is intended to allow or deny permission, respectively. * * The $roles and $resources parameters may be references to, or the string identifiers for, * existing Resources/Roles, or they may be passed as arrays of these - mixing string identifiers * and objects is ok - to indicate the Resources and Roles to which the rule applies. If either * $roles or $resources is null, then the rule applies to all Roles or all Resources, respectively. * Both may be null in order to work with the default rule of the ACL. * * The $privileges parameter may be used to further specify that the rule applies only * to certain privileges upon the Resource(s) in question. This may be specified to be a single * privilege with a string, and multiple privileges may be specified as an array of strings. * * If $assert is provided, then its assert() method must return true in order for * the rule to apply. If $assert is provided with $roles, $resources, and $privileges all * equal to null, then a rule having a type of: * * TYPE_ALLOW will imply a type of TYPE_DENY, and * * TYPE_DENY will imply a type of TYPE_ALLOW * * when the rule's assertion fails. This is because the ACL needs to provide expected * behavior when an assertion upon the default ACL rule fails. * * @param string $operation * @param string $type * @param Zend_Acl_Role_Interface|string|array $roles * @param Zend_Acl_Resource_Interface|string|array $resources * @param string|array $privileges * @param Zend_Acl_Assert_Interface $assert * @throws Zend_Acl_Exception * @uses Zend_Acl_Role_Registry::get() * @uses Zend_Acl::get() * @return Zend_Acl Provides a fluent interface */ public function setRule($operation, $type, $roles = null, $resources = null, $privileges = null, Zend_Acl_Assert_Interface $assert = null) { // ensure that the rule type is valid; normalize input to uppercase $type = strtoupper($type); if (self::TYPE_ALLOW !== $type && self::TYPE_DENY !== $type) { require_once 'Zend/Acl/Exception.php'; throw new Zend_Acl_Exception("Unsupported rule type; must be either '" . self::TYPE_ALLOW . "' or '" . self::TYPE_DENY . "'"); } // ensure that all specified Roles exist; normalize input to array of Role objects or null if (!is_array($roles)) { $roles = array($roles); } else if (0 === count($roles)) { $roles = array(null); } $rolesTemp = $roles; $roles = array(); foreach ($rolesTemp as $role) { if (null !== $role) { $roles[] = $this->_getRoleRegistry()->get($role); } else { $roles[] = null; } } unset($rolesTemp); // ensure that all specified Resources exist; normalize input to array of Resource objects or null if (!is_array($resources)) { $resources = array($resources); } else if (0 === count($resources)) { $resources = array(null); } $resourcesTemp = $resources; $resources = array(); foreach ($resourcesTemp as $resource) { if (null !== $resource) { $resources[] = $this->get($resource); } else { $resources[] = null; } } unset($resourcesTemp); // normalize privileges to array if (null === $privileges) { $privileges = array(); } else if (!is_array($privileges)) { $privileges = array($privileges); } switch ($operation) { // add to the rules case self::OP_ADD: foreach ($resources as $resource) { foreach ($roles as $role) { $rules =& $this->_getRules($resource, $role, true); if (0 === count($privileges)) { $rules['allPrivileges']['type'] = $type; $rules['allPrivileges']['assert'] = $assert; if (!isset($rules['byPrivilegeId'])) { $rules['byPrivilegeId'] = array(); } } else { foreach ($privileges as $privilege) { $rules['byPrivilegeId'][$privilege]['type'] = $type; $rules['byPrivilegeId'][$privilege]['assert'] = $assert; } } } } break; // remove from the rules case self::OP_REMOVE: foreach ($resources as $resource) { foreach ($roles as $role) { $rules =& $this->_getRules($resource, $role); if (null === $rules) { continue; } if (0 === count($privileges)) { if (null === $resource && null === $role) { if ($type === $rules['allPrivileges']['type']) { $rules = array( 'allPrivileges' => array( 'type' => self::TYPE_DENY, 'assert' => null ), 'byPrivilegeId' => array() ); } continue; } if ($type === $rules['allPrivileges']['type']) { unset($rules['allPrivileges']); } } else { foreach ($privileges as $privilege) { if (isset($rules['byPrivilegeId'][$privilege]) && $type === $rules['byPrivilegeId'][$privilege]['type']) { unset($rules['byPrivilegeId'][$privilege]); } } } } } break; default: require_once 'Zend/Acl/Exception.php'; throw new Zend_Acl_Exception("Unsupported operation; must be either '" . self::OP_ADD . "' or '" . self::OP_REMOVE . "'"); } return $this; } /** * Returns true if and only if the Role has access to the Resource * * The $role and $resource parameters may be references to, or the string identifiers for, * an existing Resource and Role combination. * * If either $role or $resource is null, then the query applies to all Roles or all Resources, * respectively. Both may be null to query whether the ACL has a "blacklist" rule * (allow everything to all). By default, Zend_Acl creates a "whitelist" rule (deny * everything to all), and this method would return false unless this default has * been overridden (i.e., by executing $acl->allow()). *⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -