interface/modules/zend_modules/library/Zend/Permissions/Rbac/Rbac.php

   1 <?php
   2 /**
   3  * Zend Framework (http://framework.zend.com/)
   4  *
   5  * @link      http://github.com/zendframework/zf2 for the canonical source repository
   6  * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
   7  * @license   http://framework.zend.com/license/new-bsd New BSD License
   8  */
   9
  10 namespace Zend\Permissions\Rbac;
  11
  12 use RecursiveIteratorIterator;
  13
  14 class Rbac extends AbstractIterator
  15 {
  16     /**
  17      * flag: whether or not to create roles automatically if
  18      * they do not exist.
  19      *
  20      * @var bool
  21      */
  22     protected $createMissingRoles = false;
  23
  24     /**
  25      * @param  bool                     $createMissingRoles
  26      * @return \Zend\Permissions\Rbac\Rbac
  27      */
  28     public function setCreateMissingRoles($createMissingRoles)
  29     {
  30         $this->createMissingRoles = $createMissingRoles;
  31
  32         return $this;
  33     }
  34
  35     /**
  36      * @return bool
  37      */
  38     public function getCreateMissingRoles()
  39     {
  40         return $this->createMissingRoles;
  41     }
  42
  43     /**
  44      * Add a child.
  45      *
  46      * @param  string|RoleInterface               $child
  47      * @param  array|RoleInterface|null           $parents
  48      * @return self
  49      * @throws Exception\InvalidArgumentException
  50      */
  51     public function addRole($child, $parents = null)
  52     {
  53         if (is_string($child)) {
  54             $child = new Role($child);
  55         }
  56         if (!$child instanceof RoleInterface) {
  57             throw new Exception\InvalidArgumentException(
  58                 'Child must be a string or implement Zend\Permissions\Rbac\RoleInterface'
  59             );
  60         }
  61
  62         if ($parents) {
  63             if (!is_array($parents)) {
  64                 $parents = array($parents);
  65             }
  66             foreach ($parents as $parent) {
  67                 if ($this->createMissingRoles && !$this->hasRole($parent)) {
  68                     $this->addRole($parent);
  69                 }
  70                 $this->getRole($parent)->addChild($child);
  71             }
  72         }
  73
  74         $this->children[] = $child;
  75
  76         return $this;
  77     }
  78
  79     /**
  80      * Is a child with $name registered?
  81      *
  82      * @param  \Zend\Permissions\Rbac\RoleInterface|string $objectOrName
  83      * @return bool
  84      */
  85     public function hasRole($objectOrName)
  86     {
  87         try {
  88             $this->getRole($objectOrName);
  89
  90             return true;
  91         } catch (Exception\InvalidArgumentException $e) {
  92             return false;
  93         }
  94     }
  95
  96     /**
  97      * Get a child.
  98      *
  99      * @param  \Zend\Permissions\Rbac\RoleInterface|string $objectOrName
 100      * @return RoleInterface
 101      * @throws Exception\InvalidArgumentException
 102      */
 103     public function getRole($objectOrName)
 104     {
 105         if (!is_string($objectOrName) && !$objectOrName instanceof RoleInterface) {
 106             throw new Exception\InvalidArgumentException(
 107                 'Expected string or implement \Zend\Permissions\Rbac\RoleInterface'
 108             );
 109         }
 110
 111         $it = new RecursiveIteratorIterator($this, RecursiveIteratorIterator::CHILD_FIRST);
 112         foreach ($it as $leaf) {
 113             if ((is_string($objectOrName) && $leaf->getName() == $objectOrName) || $leaf == $objectOrName) {
 114                 return $leaf;
 115             }
 116         }
 117
 118         throw new Exception\InvalidArgumentException(sprintf(
 119             'No child with name "%s" could be found',
 120             is_object($objectOrName) ? $objectOrName->getName() : $objectOrName
 121         ));
 122     }
 123
 124     /**
 125      * Determines if access is granted by checking the role and child roles for permission.
 126      *
 127      * @param  RoleInterface|string             $role
 128      * @param  string                           $permission
 129      * @param  AssertionInterface|Callable|null $assert
 130      * @return bool
 131      */
 132     public function isGranted($role, $permission, $assert = null)
 133     {
 134         if ($assert) {
 135             if ($assert instanceof AssertionInterface) {
 136                 if (!$assert->assert($this)) {
 137                     return false;
 138                 }
 139             } elseif (is_callable($assert)) {
 140                 if (!$assert($this)) {
 141                     return false;
 142                 }
 143             } else {
 144                 throw new Exception\InvalidArgumentException(
 145                     'Assertions must be a Callable or an instance of Zend\Permissions\Rbac\AssertionInterface'
 146                 );
 147             }
 148         }
 149
 150         if ($this->getRole($role)->hasPermission($permission)) {
 151             return true;
 152         }
 153
 154         return false;
 155     }
 156 }