/
acl.php
165 lines (138 loc) · 4.29 KB
/
acl.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
<?php
namespace projectx\core\vendor\auth;
/**
* Description of acl
* use projectx\core\vendor\auth\acl;
* /* List possible actions */
$actions = array(
'read',
'write',
'publish',
'delete'
);
/* Create a new object to generate a permissions set
$permissionGenerator = new ACL($actions);
/* Add the permissions you want
$permissionGenerator->addPermission('read');
$permissionGenerator->addPermission('write');
$permissionGenerator->addPermission('delete');
/* Remove the permissions you've changed your mind about
$permissionGenerator->removePermission('read');
/* And get an integer that correlates to the set of permissions you chose. This
* can be stored and associated with a user account.
$code = $permissionGenerator->evaluate();
/* Create an object and pass it a permissions code to test against
$ACL = new ACL($actions, $code);
/* Get an array of possible actions you can test for
$actions = $ACL->getActions();
/* Check which actions are allowed with the permissions code you passed in
foreach ($actions as $action) {
if($ACL->hasPermission($action)) {
echo $action . ' is allowed <br>';
}else{
echo $action . ' is NOT allowed <br>';
}
}
* @author bart
*/
class acl
{
private $actions;
private $perm;
private $eval = 0;
/**
* Constructor that sets the permissions code passed to it.
* @param integer $perm The permissions code that will be tested against. It
* is optional and not needed when only using the class to generate a new
* permissions code.
*/
public function __construct($actions, $perm = 0)
{
$this->actions = $actions;
$this->perm = intval($perm);
}
/**
* Checks wether or not the permissions code passed to the constructor will
* allow the provided action.
* @param string $action The action to be tested for
* @return boolean Wether or not the action may be performed
*/
public function hasPermission($action)
{
if(in_array($action, $this->actions)){
return $this->testPermission($this->perm, $action);
}else{
return $this->invalidAction();
}
}
/**
* Adds an action to the eval property when generating a new permissions
* code.
* @param string $action The action that should be allowed.
*/
public function addPermission($action)
{
if(!$this->testPermission($this->eval, $action)){
$this->eval += $this->getKey($action);
}
}
/**
* Removes an action to the eval property when generating a new permissions
* code.
* @param string $action The action that should not be allowed.
*/
public function removePermission($action)
{
if($this->testPermission($this->eval, $action)){
$this->eval -= $this->getKey($action);
}
}
/**
* Returns the permissions code generated by adding allowed actions via the
* addPermission method.
* @return int The new permissions code.
*/
public function evaluate()
{
return $this->eval;
}
/**
* Returns an array of possible actions.
* @return array All possible actions
*/
public function getActions()
{
return $this->actions;
}
/**
* Checks if the provided action is alloed when using the provided
* permissions code.
* @param int $permCode A permissions code.
* @param string $action The action to test for.
* @return bool Wether or not the action should be allowed.
*/
private function testPermission($permCode, $action)
{
$key = $this->getKey($action);
return ( ($permCode & $key) == $key);
}
/**
* Gets the bitmask value based on an actions position in the array of possible actions.
* @param string $action The action to look up
* @return int The bitmask value
*/
private function getKey($action)
{
return pow(2, array_search($action, $this->actions));
}
/**
* The response when an action that's not in the list of possibilities is
* tested.
* @return bool Always returns false.
*/
private function invalidAction()
{
throw new Exception('INVALID ACTION');
//return false;
}
}