Merge branch 'feature/acl-interface' of https://github.com/extr3m0/zf2 …

…into feature/2374
zendframework · Sep 18, 2012 · 465ca38 · 465ca38
2 parents bf65e9a + ab9a46a
commit 465ca38
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 11 deletions.
diff --git a/library/Zend/Permissions/Acl/Acl.php b/library/Zend/Permissions/Acl/Acl.php
@@ -15,7 +15,7 @@
  * @package    Zend_Permissions
  * @subpackage Acl
  */
-class Acl
+class Acl implements AclInterface
 {
     /**
      * Rule type: allow

diff --git a/library/Zend/Permissions/Acl/AclInterface.php b/library/Zend/Permissions/Acl/AclInterface.php
@@ -0,0 +1,57 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link      http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://framework.zend.com/license/new-bsd New BSD License
+ * @package   Zend_Permissions
+ */
+
+namespace Zend\Permissions\Acl;
+
+/**
+ * @category   Zend
+ * @package    Zend_Permissions
+ * @subpackage Acl
+ */
+interface AclInterface
+{
+    /**
+     * Returns true if and only if the Resource exists in the ACL
+     *
+     * The $resource parameter can either be a Resource or a Resource identifier.
+     *
+     * @param  Resource\ResourceInterface|string $resource
+     * @return boolean
+     */
+    public function hasResource($resource);
+
+    /**
+     * Returns true if and only if the Role has access to the Resource
+     *
+     * The $role and $resource parameters may be references to, or the string identifiers for,
+     * an existing Resource and Role combination.
+     *
+     * If either $role or $resource is null, then the query applies to all Roles or all Resources,
+     * respectively. Both may be null to query whether the ACL has a "blacklist" rule
+     * (allow everything to all). By default, Zend_Acl creates a "whitelist" rule (deny
+     * everything to all), and this method would return false unless this default has
+     * been overridden (i.e., by executing $acl->allow()).
+     *
+     * If a $privilege is not provided, then this method returns false if and only if the
+     * Role is denied access to at least one privilege upon the Resource. In other words, this
+     * method returns true if and only if the Role is allowed all privileges on the Resource.
+     *
+     * This method checks Role inheritance using a depth-first traversal of the Role registry.
+     * The highest priority parent (i.e., the parent most recently added) is checked first,
+     * and its respective parents are checked similarly before the lower-priority parents of
+     * the Role are checked.
+     *
+     * @param  Role\RoleInterface|string            $role
+     * @param  Resource\ResourceInterface|string    $resource
+     * @param  string                               $privilege
+     * @return boolean
+     */
+    public function isAllowed($role = null, $resource = null, $privilege = null);
+}
diff --git a/library/Zend/View/Helper/Navigation/AbstractHelper.php b/library/Zend/View/Helper/Navigation/AbstractHelper.php
@@ -69,7 +69,7 @@ abstract class AbstractHelper extends View\Helper\AbstractHtmlElement implements
     /**
      * ACL to use when iterating pages
      *
-     * @var Acl\Acl
+     * @var Acl\AclInterface
      */
     protected $acl;
 
@@ -119,7 +119,7 @@ abstract class AbstractHelper extends View\Helper\AbstractHtmlElement implements
      * Default ACL to use when iterating pages if not explicitly set in the
      * instance by calling {@link setAcl()}
      *
-     * @var Acl\Acl
+     * @var Acl\AclInterface
      */
     protected static $defaultAcl;
 
@@ -316,10 +316,10 @@ public function getIndent()
      *
      * Implements {@link HelperInterface::setAcl()}.
      *
-     * @param  Acl\Acl $acl [optional] ACL object.  Default is null.
+     * @param  Acl\AclInterface $acl [optional] ACL object.  Default is null.
      * @return AbstractHelper  fluent interface, returns self
      */
-    public function setAcl(Acl\Acl $acl = null)
+    public function setAcl(Acl\AclInterface $acl = null)
     {
         $this->acl = $acl;
         return $this;
@@ -331,7 +331,7 @@ public function setAcl(Acl\Acl $acl = null)
      *
      * Implements {@link HelperInterface::getAcl()}.
      *
-     * @return Acl\Acl|null  ACL object or null
+     * @return Acl\AclInterface|null  ACL object or null
      */
     public function getAcl()
     {
@@ -844,11 +844,11 @@ protected function normalizeId($value)
     /**
      * Sets default ACL to use if another ACL is not explicitly set
      *
-     * @param  Acl\Acl $acl [optional] ACL object. Default is null, which
+     * @param  Acl\AclInterface $acl [optional] ACL object. Default is null, which
      *                      sets no ACL object.
      * @return void
      */
-    public static function setDefaultAcl(Acl\Acl $acl = null)
+    public static function setDefaultAcl(Acl\AclInterface $acl = null)
     {
         self::$defaultAcl = $acl;
     }

diff --git a/library/Zend/View/Helper/Navigation/HelperInterface.php b/library/Zend/View/Helper/Navigation/HelperInterface.php
@@ -45,16 +45,16 @@ public function getContainer();
     /**
      * Sets ACL to use when iterating pages
      *
-     * @param  Acl\Acl $acl [optional] ACL instance
+     * @param  Acl\AclInterface $acl [optional] ACL instance
      * @return HelperInterface  fluent interface, returns self
      */
-    public function setAcl(Acl\Acl $acl = null);
+    public function setAcl(Acl\AclInterface $acl = null);
 
     /**
      * Returns ACL or null if it isn't set using {@link setAcl()} or
      * {@link setDefaultAcl()}
      *
-     * @return Acl\Acl|null  ACL object or null
+     * @return Acl\AclInterface|null  ACL object or null
      */
     public function getAcl();