AccessControlBase Class Reference
[Behaviour]

Base class for Access Control Cheching. More...

Inheritance diagram for AccessControlBase:

List of all members.

Public Member Functions
	__construct ($item_types=false)
	Pass types (=model names), the implementation is responsible of.
	is_allowed ($action, $item, $user, $params=false)
	Check if action on object is allowed for user.
	set_old_implementation (IAccessControl $implementation)
	Set old implementation.
Public Attributes
const	ALLOWED = 1
	If returned by do_is_allowed() functions, will set return value of is_allowed() to true.
const	NOT_ALLOWED = 0
	If returned by do_is_allowed() functions, will set return value of is_allowed() to false.
const	NOT_RESPONSIBLE = -1
	If returned by do_is_allowed() functions, will force delegate to be called (if any).
Protected Member Functions
	do_is_allowed ($action, $item, $user, $params=false)
	Overloadable.
	do_is_allowed_for_anonymous ($action, $item, $params=false)
	Overloadable.
	do_is_allowed_for_user ($action, $item, $user, $params=false)
	Overloadable.
	get_item_type ($item)
	Returns type of item.
	to_result ($bool)
	Convert Bool to tri-state.

---

Detailed Description

Base class for Access Control Cheching.

Definition at line 7 of file accesscontrolbase.cls.php.

---

Constructor & Destructor Documentation

AccessControlBase::__construct

(

$

item_types = false

)

Pass types (=model names), the implementation is responsible of.

Parameters:

string|array

$item_types

Definition at line 39 of file accesscontrolbase.cls.php.

                                                         {
                if (!empty($item_types)) {
                        $this->types = Arr::force($item_types, false);
                }
        }

---

Member Function Documentation

AccessControlBase::do_is_allowed	(	$	action,
		$	item,
		$	user,
		$	params = false
	)			[protected]

Overloadable.

Check if action on object is allowed for user

Parameters:

	string	$action The action to perform (edit, delete, ....)
	mixed	$item Item to perform the action on (may be a DataObject, e.g.)
	mixed	$user A user, role, ACO, depending on user management chosen

Returns:

int One of Constants ALLOWED, NOT_ALLOWED and NOT_RESPONSIBLE

Definition at line 80 of file accesscontrolbase.cls.php.

                                                                                 {
                // Check type based responsibility
                if (!empty($this->types)) {
                        $resposible = false;
                        $item_type = $this->get_item_type($item);
                        foreach($this->types as $type) {        
                                if ($type === $item_type) {
                                        $resposible = true;
                                        break;
                                }
                        }
                        if (!$resposible) {
                                return self::NOT_RESPONSIBLE;
                        }
                }

                // We are responsible
                if (!empty($user)) {
                        return $this->do_is_allowed_for_user($action, $item, $user, $params);
                }
                else {
                        return $this->do_is_allowed_for_anonymous($action, $item, $params);
                }
        }

AccessControlBase::do_is_allowed_for_anonymous	(	$	action,
		$	item,
		$	params = false
	)			[protected]

Overloadable.

Check if action on object is allowed for no user

User is always valid

Parameters:

	string	$action The action to perform (edit, delete, ....)
	mixed	$item Item to perform the action on (may be a DataObject, e.g.)

Returns:

int One of Constants ALLOWED, NOT_ALLOWED and NOT_RESPONSIBLE

Definition at line 128 of file accesscontrolbase.cls.php.

                                                                                        {
                return self::NOT_RESPONSIBLE;
        }

AccessControlBase::do_is_allowed_for_user	(	$	action,
		$	item,
		$	user,
		$	params = false
	)			[protected]

Overloadable.

Check if action on object is allowed for given user

User is always valid

Parameters:

	string	$action The action to perform (edit, delete, ....)
	mixed	$item Item to perform the action on (may be a DataObject, e.g.)
	mixed	$user A user, role, ACO, depending on user management chosen

Returns:

int One of Constants ALLOWED, NOT_ALLOWED and NOT_RESPONSIBLE

Definition at line 115 of file accesscontrolbase.cls.php.

                                                                                          {
                return self::NOT_RESPONSIBLE;
        }

AccessControlBase::get_item_type

(

$

item

)

[protected]

Returns type of item.

Parameters:

mixed

$item

Returns:

string

Definition at line 148 of file accesscontrolbase.cls.php.

                                                {
                $ret = $item;
                if ($item instanceof IDBTable) {
                        $ret = $item->get_table_name();
                }
                else if (is_object($item)) {
                        $ret = get_class($item); 
                }
                else if (is_null($item)) {
                        $ret = '';
                }
                return $ret;            
        }

AccessControlBase::is_allowed	(	$	action,
		$	item,
		$	user,
		$	params = false
	)

Check if action on object is allowed for user.

Parameters:

	string	$action The action to perform (edit, delete, ....)
	mixed	$item Item to perform the action on (may be a DataObject, e.g.)
	mixed	$user A user, role, ACO, depending on user management chosen

Returns:

bool

Implements IAccessControl.

Definition at line 53 of file accesscontrolbase.cls.php.

                                                                           {
                $ret = false;
                $result = $this->do_is_allowed($action, $item, $user, $params);
                if ($result === true) {
                        $result = self::ALLOWED;
                }
                switch ($result) {
                        case self::NOT_RESPONSIBLE:
                                if ($this->delegate) {
                                        $ret = $this->delegate->is_allowed($action, $item, $user, $params);
                                }
                                break; 
                        default:
                                $ret = ($result) ? true : false;
                                break;                  
                }
                return $ret;
        }

AccessControlBase::set_old_implementation

(

IAccessControl $

implementation

)

Set old implementation.

Requests not handled should be delegated to this

Parameters:

IAccessControl

$implementation

Implements IAccessControl.

Definition at line 167 of file accesscontrolbase.cls.php.

                                                                               {
                $this->delegate = $implementation;
        }

AccessControlBase::to_result

(

$

bool

)

[protected]

Convert Bool to tri-state.

Parameters:

bool

$bool

Returns:

int

Definition at line 138 of file accesscontrolbase.cls.php.

                                            {
                return ($bool) ? self::ALLOWED : self::NOT_ALLOWED;
        }

---

Member Data Documentation

const AccessControlBase::ALLOWED = 1

If returned by do_is_allowed() functions, will set return value of is_allowed() to true.

Definition at line 28 of file accesscontrolbase.cls.php.

const AccessControlBase::NOT_ALLOWED = 0

If returned by do_is_allowed() functions, will set return value of is_allowed() to false.

Definition at line 24 of file accesscontrolbase.cls.php.

const AccessControlBase::NOT_RESPONSIBLE = -1

If returned by do_is_allowed() functions, will force delegate to be called (if any).

Definition at line 32 of file accesscontrolbase.cls.php.

---

The documentation for this class was generated from the following file:

• gyro/core/behaviour/base/accesscontrolbase.cls.php