Ubiquity 2.5.2
php rapid development framework
Loading...
Searching...
No Matches
AclList.php
Go to the documentation of this file.
1<?php
2namespace Ubiquity\security\acl\models;
3
4use Ubiquity\security\acl\persistence\AclProviderInterface;
5use Ubiquity\exceptions\AclException;
6use Ubiquity\security\acl\models\traits\AclListOperationsTrait;
7use Ubiquity\security\acl\models\traits\AclListQueryTrait;
8use Ubiquity\security\acl\persistence\AclCacheProvider;
9
18class AclList extends AclListOperationsTrait,AclListQueryTrait {
19
24 protected $acls;
25
30 protected $roles;
31
36 protected $resources;
37
42 protected $permissions;
43
48 protected $providers = [];
49
50 protected $elementsCache = [];
51
52 protected function getElementByName(string $name, array $inArray, string $type) {
53 foreach ($inArray as $elm) {
54 if ($elm->getName() == $name) {
55 return $elm;
56 }
57 }
58 throw new AclException("$name does not exist in $type ACL");
59 }
60
61 protected function elementExistByName(string $name, array $inArray): bool {
62 foreach ($inArray as $elm) {
63 if ($elm->getName() == $name) {
64 return true;
65 }
66 }
67 return false;
68 }
69
70 public function __construct() {
71 $this->providers = [];
72 $this->init();
73 }
74
75 public function init() {
76 $this->roles = [
77 '@ALL' => new Role('@ALL')
78 ];
79 $this->resources = [
80 '*' => new Resource('*')
81 ];
82 $this->permissions = [
83 'ALL' => new Permission('ALL', 1000)
84 ];
85 $this->elementsCache = [];
86 $this->acls = [];
87 foreach ($this->providers as $prov) {
88 $prov->clearAll();
89 }
90 }
91
92 public function getRoleByName(string $name) {
93 return $this->elementsCache[$name] ??= $this->getElementByName($name, $this->roles, 'roles');
94 }
95
96 public function getResourceByName(string $name) {
97 return $this->elementsCache[$name] ??= $this->getElementByName($name, $this->resources, 'resources');
98 }
99
100 public function getPermissionByName(string $name) {
101 return $this->elementsCache[$name] ??= $this->getElementByName($name, $this->permissions, 'permissions');
102 }
103
104 public function loadAcls(): array {
105 foreach ($this->providers as $provider) {
106 $this->acls += $provider->loadAllAcls();
107 }
108 return $this->acls;
109 }
110
111 public function loadRoles(): array {
112 foreach ($this->providers as $provider) {
113 $this->roles += $provider->loadAllRoles();
114 }
115 return $this->roles;
116 }
117
118 public function loadResources(): array {
119 foreach ($this->providers as $provider) {
120 $this->resources += $provider->loadAllResources();
121 }
122 return $this->resources;
123 }
124
125 public function loadPermissions(): array {
126 foreach ($this->providers as $provider) {
127 $this->permissions+=$provider->loadAllPermissions();
128 }
129 return $this->permissions;
130 }
131
132 public function addProvider(AclProviderInterface $provider) {
133 $this->providers[] = $provider;
134 }
135
140 public function getAcls() {
141 return $this->acls;
142 }
143
148 public function getRoles() {
149 return $this->roles;
150 }
151
156 public function getResources() {
157 return $this->resources;
158 }
159
164 public function getPermissions() {
165 return $this->permissions;
166 }
167
172 public function getProviders() {
173 return $this->providers;
174 }
175
180 public function setProviders($providers) {
181 $this->providers = $providers;
182 }
183
184 public function getRolePermissionsOn(string $roleName, $resourceName = '*'): array {
185 $role = $this->getRoleByName($roleName);
186 $parents = $role->getParentsArray();
187 $result = [];
188 foreach ($this->acls as $aclElement) {
189 $aclRoleName = $aclElement->getRole()->getName();
190 if ($aclRoleName === '@ALL' || $aclRoleName === $roleName) {
191 $aclResourceName = $aclElement->getResource()->getName();
192 if ($aclResourceName === '*' || $aclResourceName === $resourceName || \strpos($resourceName, $aclResourceName.'.')!==false) {
193 $result[] = $aclElement;
194 }
195 }
196 }
197 foreach ($parents as $parentElm) {
198 $result += $this->getRolePermissionsOn($parentElm, $resourceName);
199 }
200 return $result;
201 }
202
203 public function isAllowed(string $roleName, string $resourceName, string $permissionName) {
204 $acls = $this->getRolePermissionsOn($roleName, $resourceName);
205 if (\count($acls) > 0) {
206 $permissionLevel = $this->getPermissionByName($permissionName)->getLevel();
207 foreach ($acls as $aclElm) {
208 $level = $aclElm->getPermission()->getLevel();
209 if ($level >= $permissionLevel) {
210 return true;
211 }
212 }
213 }
214 return false;
215 }
216
222 public function getProvider(string $providerClass) {
223 foreach ($this->providers as $prov) {
224 if ($prov instanceof $providerClass) {
225 return $prov;
226 }
227 }
228 return null;
229 }
230
236 public function getAclById_(string $id_): ?AclElement {
237 foreach ($this->acls as $acl) {
238 if ($acl->getId_() === $id_) {
239 return $acl;
240 }
241 }
242 return null;
243 }
244
245 public function getProviderClasses() {
246 $result = [];
247 foreach ($this->providers as $prov) {
248 $result[] = \get_class($prov);
249 }
250 return $result;
251 }
252
253 public function hasCache() {
254 foreach ($this->providers as $prov) {
255 if ($prov instanceof AclCacheProvider) {
256 return true;
257 }
258 }
259 return false;
260 }
261
262 public function getElementsNames($part) {
263 $result = [];
264 foreach ($this->$part as $elm) {
265 $result[] = $elm->__toString();
266 }
267 return $result;
268 }
269}
270
Ubiquity\exceptions\AclException
Ubiquity\exceptions$AclException This class is part of Ubiquity.
Definition AclException.php:12
Ubiquity\security\acl\models\AclElement
Ubiquity\security\acl\models$AclElement This class is part of Ubiquity.
Definition AclElement.php:16
Ubiquity\security\acl\models\AclList
Ubiquity\security\acl\models$AclList This class is part of Ubiquity.
Definition AclList.php:18
Ubiquity\security\acl\models\AclList\addProvider
addProvider(AclProviderInterface $provider)
Definition AclList.php:132
Ubiquity\security\acl\models\AclList\isAllowed
isAllowed(string $roleName, string $resourceName, string $permissionName)
Definition AclList.php:203
Ubiquity\security\acl\models\AclList\elementExistByName
elementExistByName(string $name, array $inArray)
Definition AclList.php:61
Ubiquity\security\acl\models\AclList\getRolePermissionsOn
getRolePermissionsOn(string $roleName, $resourceName=' *')
Definition AclList.php:184
Ubiquity\security\acl\models\AclList\getElementByName
getElementByName(string $name, array $inArray, string $type)
Definition AclList.php:52
Ubiquity\security\acl\models\AclList\getProvider
getProvider(string $providerClass)
Definition AclList.php:222
Ubiquity\security\acl\models\Permission
Ubiquity\security\acl\models$Permission This class is part of Ubiquity.
Definition Permission.php:12
Ubiquity\security\acl\models\Resource
Ubiquity\security\acl\models$Resource This class is part of Ubiquity.
Definition Resource.php:12
Ubiquity\security\acl\models\Role
Ubiquity\security\acl\models$Role This class is part of Ubiquity.
Definition Role.php:12
Ubiquity\security\acl\persistence\AclCacheProvider
Ubiquity\security\acl\persistence$AclCacheProvider This class is part of Ubiquity.
Definition AclCacheProvider.php:20
Ubiquity\security\acl\persistence\AclProviderInterface
Ubiquity\security\acl\persistence$AclProviderInterface This class is part of Ubiquity.
Definition AclProviderInterface.php:18