/
CrudAuthorize.php
104 lines (97 loc) · 3.36 KB
/
CrudAuthorize.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<?php
/**
*
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
namespace Cake\Controller\Component\Auth;
use Cake\Controller\ComponentRegistry;
use Cake\Network\Request;
use Cake\Routing\Router;
/**
* An authorization adapter for AuthComponent. Provides the ability to authorize using CRUD mappings.
* CRUD mappings allow you to translate controller actions into *C*reate *R*ead *U*pdate *D*elete actions.
* This is then checked in the AclComponent as specific permissions.
*
* For example, taking `/posts/index` as the current request. The default mapping for `index`, is a `read` permission
* check. The Acl check would then be for the `posts` controller with the `read` permission. This allows you
* to create permission systems that focus more on what is being done to resources, rather than the specific actions
* being visited.
*
* @since 2.0
* @see AuthComponent::$authenticate
* @see AclComponent::check()
*/
class CrudAuthorize extends BaseAuthorize {
/**
* Sets up additional actionMap values that match the configured `Routing.prefixes`.
*
* @param ComponentRegistry $registry The component registry from the controller.
* @param array $settings An array of settings. This class does not use any settings.
*/
public function __construct(ComponentRegistry $registry, $settings = array()) {
parent::__construct($registry, $settings);
$this->_setPrefixMappings();
}
/**
* sets the crud mappings for prefix routes.
*
* @return void
*/
protected function _setPrefixMappings() {
$crud = array('create', 'read', 'update', 'delete');
$map = array_combine($crud, $crud);
$prefixes = Router::prefixes();
if (!empty($prefixes)) {
foreach ($prefixes as $prefix) {
$map = array_merge($map, array(
$prefix . '_index' => 'read',
$prefix . '_add' => 'create',
$prefix . '_edit' => 'update',
$prefix . '_view' => 'read',
$prefix . '_remove' => 'delete',
$prefix . '_create' => 'create',
$prefix . '_read' => 'read',
$prefix . '_update' => 'update',
$prefix . '_delete' => 'delete'
));
}
}
$this->mapActions($map);
}
/**
* Authorize a user using the mapped actions and the AclComponent.
*
* @param array $user The user to authorize
* @param \Cake\Network\Request $request The request needing authorization.
* @return boolean
*/
public function authorize($user, Request $request) {
if (!isset($this->settings['actionMap'][$request->params['action']])) {
trigger_error(sprintf(
'CrudAuthorize::authorize() - Attempted access of un-mapped action "%1$s" in controller "%2$s"',
$request->action,
$request->controller
),
E_USER_WARNING
);
return false;
}
$user = array($this->settings['userModel'] => $user);
$Acl = $this->_registry->load('Acl');
return $Acl->check(
$user,
$this->action($request, ':controller'),
$this->settings['actionMap'][$request->params['action']]
);
}
}