Ubiquity 2.5.2
php rapid development framework
Loading...
Searching...
No Matches
AclControllerParser.php
Go to the documentation of this file.
1<?php
2namespace Ubiquity\security\acl\cache;
3
4use Ubiquity\controllers\Controller;
5use Ubiquity\orm\parser\Reflexion;
6use Ubiquity\security\acl\AclManager;
7use Ubiquity\cache\ClassUtils;
8use Ubiquity\exceptions\AclException;
9
18class AclControllerParser {
19
20 protected $controllerClass;
21
22 protected $mainResource;
23
24 protected $mainPermission;
25
26 protected $permissionMap;
27
28 public function __construct() {
29 $this->permissionMap = new PermissionsMap();
30 }
31
32 public function init() {
33 $this->permissionMap->init();
34 }
35
36 public function parse($controllerClass) {
37 $this->controllerClass = $controllerClass;
38 $reflect = new \ReflectionClass($controllerClass);
39 if (! $reflect->isAbstract() && $reflect->isSubclassOf(Controller::class)) {
40 try {
41 $annotsResource = Reflexion::getAnnotationClass($controllerClass, 'resource');
42 $annotsPermission = Reflexion::getAnnotationClass($controllerClass, 'permission');
43 $annotAllows = Reflexion::getAnnotationClass($controllerClass, 'allow');
44 } catch (\Exception $e) {
45 // When controllerClass generates an exception
46 }
47 $this->mainResource = $annotsResource[0] ?? null;
48 $this->mainPermission = $annotsPermission[0] ?? null;
49 if (\is_array($annotAllows) && \count($annotAllows) > 0) {
50 $resource = $this->mainResource ? $this->mainResource->name : $reflect->getShortName();
51 $permission = $this->mainPermission ? $this->mainPermission->name : 'ALL';
52 $this->addAllows($annotAllows, $controllerClass, null, $resource, $permission);
53 $this->permissionMap->addAction($controllerClass, '*', $resource, $permission);
54 }
55 $methods = Reflexion::getMethods($controllerClass, \ReflectionMethod::IS_PUBLIC);
56 $this->parseMethods($methods);
57 }
58 }
59
60 protected function parseMethods($methods) {
61 $hasPermission = false;
62 $controllerClass = $this->controllerClass;
63 $controller = ClassUtils::getClassSimpleName($controllerClass);
64 foreach ($methods as $method) {
65 $this->parseMethod($method, $hasPermission, $controller);
66 }
67 if ($hasPermission || $this->mainResource != null || $this->mainPermission != null) {
68 $permission = 'ALL';
69 $resource = $this->mainResource ? $this->mainResource->name : $controller;
70 $this->permissionMap->addAction($controllerClass, '*', $resource, $this->mainPermission ? $this->mainPermission->name : 'ALL');
71 AclManager::addResource($resource, $controller . '.*');
72 if (isset($this->mainPermission)) {
73 $permission = $this->mainPermission->name;
74 AclManager::addPermission($this->mainPermission->name, ($this->mainPermission->level) ?? 0);
75 }
76 $annotsAllow = Reflexion::getAnnotationClass($controllerClass, 'allow');
77 if (\is_array($annotsAllow) && \count($annotsAllow) > 0) {
78 $this->addAllows($annotsAllow, $controller, '*', $resource, $permission);
79 }
80 }
81 }
82
83 protected function parseMethod(\ReflectionMethod $method, bool &$hasPermission, $controller) {
84 $action = $method->name;
85 $permission = NULL;
86 $resource = NULL;
87 $controllerClass = $this->controllerClass;
88 if ($method->getDeclaringClass()->getName() === $controllerClass) {
89 try {
90 $annotResource = Reflexion::getAnnotationMethod($controllerClass, $action, 'resource');
91 $annotPermission = Reflexion::getAnnotationMethod($controllerClass, $action, 'permission');
92 if ($annotResource) {
93 $resource = $annotResource->name;
94 AclManager::addResource($annotResource->name, $controller . '.' . $action);
95 }
96 if ($annotPermission) {
97 if(\is_int($annotPermission->name) && $annotPermission->level===0){
98 $annotPermission->level=$annotPermission->name;
99 $annotPermission->name=null;
100 }
101 $permission = $annotPermission->name??\strtoupper($action);
102 AclManager::addPermission($permission, $annotPermission->level ?? 0);
103 $hasPermission = true;
104 }
105 $resource ??= $this->mainResource ? $this->mainResource->name : ($controller . '.' . $action);
106
107 $annotsAllow = Reflexion::getAnnotationsMethod($controllerClass, $action, 'allow');
108 if (\is_array($annotsAllow) && \count($annotsAllow) > 0) {
109 $this->addAllows($annotsAllow, $controller, $action, $resource, $permission);
110 $this->permissionMap->addAction($controllerClass, $action, $resource, $permission ?? 'ALL');
111 } elseif ($permission !== null && $resource !== null) {
112 $this->permissionMap->addAction($controllerClass, $action, $resource, $permission ?? 'ALL');
113 }
114 } catch (\Exception $e) {
115 // Exception in controller code
116 }
117 }
118 }
119
120 protected function addAllows($annotsAllow, $controller, $action, &$resource, &$permission) {
121 foreach ($annotsAllow as $annotAllow) {
122 if (isset($annotAllow->resource) && isset($resource) && \strpos($resource, '.') === FALSE && $resource !== $annotAllow->resource && $permission != null) {
123 throw new AclException("Resources {$resource} and {$annotAllow->resource} are in conflict for action {$controller}.{$action}");
124 }
125 if (isset($annotAllow->permission) && isset($permission) && $permission !== $annotAllow->permission) {
126 throw new AclException("Permissions {$permission} and {$annotAllow->permission} are in conflict for action {$controller}.{$action}");
127 }
128
129 $resource = ($annotAllow->resource ?? $resource)??$controller . '.' . $action;
130 $permission = ($annotAllow->permission ?? $permission)??\strtoupper($action);
131
132 if (\is_array($annotAllow->role)) {
133 foreach ($annotAllow->role as $role) {
134 AclManager::addAndAllow($role, $resource, $permission);
135 }
136 } else {
137 AclManager::addAndAllow($annotAllow->role, $resource, $permission);
138 }
139 }
140 }
141
142 public function save() {
143 $this->permissionMap->save();
144 AclManager::saveAll();
145 }
146
147 public function cacheUpdated(): bool {
148 if ($this->permissionMap->cacheUpdated()) {
149 return true;
150 }
151 return AclManager::cacheUpdated();
152 }
153}
154
Ubiquity\cache\ClassUtils
Manipulates class and namespace names Ubiquity\cache$ClassUtils This class is part of Ubiquity.
Definition ClassUtils.php:16
Ubiquity\cache\ClassUtils\getClassSimpleName
static getClassSimpleName($classnameWithNamespace)
Returns the simple class name of a class, without namespace.
Definition ClassUtils.php:173
Ubiquity\controllers\Controller
Base class for controllers.
Definition Controller.php:20
Ubiquity\exceptions\AclException
Ubiquity\exceptions$AclException This class is part of Ubiquity.
Definition AclException.php:12
Ubiquity\orm\parser\Reflexion
Reflection utilities in dev environment only.
Definition Reflexion.php:17
Ubiquity\orm\parser\Reflexion\getAnnotationClass
static getAnnotationClass($class, $annotation)
Definition Reflexion.php:85
Ubiquity\orm\parser\Reflexion\getAnnotationMethod
static getAnnotationMethod($class, $method, $annotation)
Definition Reflexion.php:94
Ubiquity\orm\parser\Reflexion\getMethods
static getMethods($instance, $filter=null)
Definition Reflexion.php:21
Ubiquity\orm\parser\Reflexion\getAnnotationsMethod
static getAnnotationsMethod($class, $method, $annotation)
Definition Reflexion.php:103
Ubiquity\security\acl\AclManager
Ubiquity\security\acl$AclManager This class is part of Ubiquity.
Definition AclManager.php:30
Ubiquity\security\acl\AclManager\saveAll
static saveAll()
Save all acls,roles, resources and permissions for AclProviders with no autoSave.
Definition AclManager.php:158
Ubiquity\security\acl\AclManager\addAndAllow
static addAndAllow(string $role, ?string $resource=' *', ?string $permission='ALL')
Add role, resource and permission and allow this role to access to resource with the permission.
Definition AclManager.php:115
Ubiquity\security\acl\AclManager\addPermission
static addPermission(string $name, int $level=0)
Definition AclManager.php:59
Ubiquity\security\acl\AclManager\addResource
static addResource(string $name, ?string $value=null)
Definition AclManager.php:49
Ubiquity\security\acl\cache\AclControllerParser
Ubiquity\security\acl\cache$AclControllerParser This class is part of Ubiquity.
Definition AclControllerParser.php:18
Ubiquity\security\acl\cache\AclControllerParser\addAllows
addAllows($annotsAllow, $controller, $action, &$resource, &$permission)
Definition AclControllerParser.php:120
Ubiquity\security\acl\cache\AclControllerParser\parseMethod
parseMethod(\ReflectionMethod $method, bool &$hasPermission, $controller)
Definition AclControllerParser.php:83
Ubiquity\security\acl\cache\PermissionsMap
Ubiquity\security\acl\cache$PermissionsMap This class is part of Ubiquity.
Definition PermissionsMap.php:16
Ubiquity\security\acl\traits\AclManagerTester\cacheUpdated
static cacheUpdated()
Checks if ACL cache is updated.
Definition AclManagerTester.php:19