-
Notifications
You must be signed in to change notification settings - Fork 204
/
Authorization.php
166 lines (149 loc) · 3.81 KB
/
Authorization.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
<?php
require_once 'Flux/Error.php';
/**
* The authorization component allows you to find out whether or not the
* the current user is allowed to perform a certain task based on his account
* group level.
*/
class Flux_Authorization {
/**
* Authorization instance.
*
* @access private
* @var Flux_Authorization
*/
private static $auth;
/**
* Access configuration.
*
* @access private
* @var Flux_Config
*/
private $config;
/**
* Session data object.
*
* @access private
* @var Flux_SessionData
*/
private $session;
/**
* Construct new Flux_Authorization instance.
*
* @param Flux_Config $accessConfig
* @param Flux_SessionData $sessionData
* @access private
*/
private function __construct(Flux_Config $accessConfig, Flux_SessionData $sessionData)
{
$this->config = $accessConfig;
$this->session = $sessionData;
}
/**
* Get authorization instance, creates one if it doesn't already exist.
*
* @param Flux_Config $accessConfig
* @param Flux_SessionData $sessionData
* @return Flux_Authorization
* @access public
*/
public static function getInstance($accessConfig = null, $sessionData = null)
{
if (!self::$auth) {
self::$auth = new Flux_Authorization($accessConfig, $sessionData);
}
return self::$auth;
}
/**
* Checks whether or not the current user is able to perform a particular
* action based on his/her group level and id.
*
* @param string $moduleName
* @param string $actionName
* @return bool
* @access public
*/
public function actionAllowed($moduleName, $actionName = 'index')
{
$accessConfig = $this->config->get('modules');
$accessKeys = array("$moduleName.$actionName", "$moduleName.*");
$accountLevel = $this->session->account->group_level;
$existentKeys = array();
if ($accessConfig instanceOf Flux_Config) {
foreach ($accessKeys as $accessKey) {
$accessLevel = $accessConfig->get($accessKey);
if (!is_null($accessLevel)) {
$existentKeys[] = $accessKey;
if ($accessLevel == AccountLevel::ANYONE || $accessLevel == $accountLevel ||
($accessLevel != AccountLevel::UNAUTH && $accessLevel <= $accountLevel)) {
return true;
}
}
}
}
if (empty($existentKeys)) {
return -1;
}
else {
return false;
}
}
/**
* Checks whether or not the current user is allowed to use a particular
* feature based on his/her group level and id.
*
* @param string $featureName
* @return bool
* @access public
*/
public function featureAllowed($featureName)
{
$accessConfig = $this->config->get('features');
$accountLevel = $this->session->account->group_level;
if (($accessConfig instanceOf Flux_Config)) {
$accessLevel = $accessConfig->get($featureName);
if (!is_null($accessLevel) &&
($accessLevel == AccountLevel::ANYONE || $accessLevel == $accountLevel ||
($accessLevel != AccountLevel::UNAUTH && $accessLevel <= $accountLevel))) {
return true;
}
}
return false;
}
/**
* Provides convenient getters such as `allowedTo<FeatureName>' and
* `getGroupLevelTo<FeatureName>'.
*
* @access public
*/
public function __get($prop)
{
if (preg_match("/^allowedTo(.+)/i", $prop, $m)) {
return $this->featureAllowed($m[1]);
}
elseif (preg_match("/^getGroupLevelTo(.+)/i", $prop, $m)) {
$accessConfig = $this->config->get('features');
if ($accessConfig instanceOf Flux_Config) {
return $accessConfig->get($m[1]);
}
}
}
/**
* Wrapper method for setting and getting values from the access config.
*
* @param string $key
* @param mixed $value
* @param arary $options
* @access public
*/
public function config($key, $value = null, $options = array())
{
if (!is_null($value)) {
return $this->config->set($key, $value, $options);
}
else {
return $this->config->get($key);
}
}
}
?>