3 * Zend Framework (http://framework.zend.com/)
5 * @link http://github.com/zendframework/zf2 for the canonical source repository
6 * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
7 * @license http://framework.zend.com/license/new-bsd New BSD License
10 namespace Zend\Permissions\Rbac
;
12 use RecursiveIteratorIterator
;
14 class Rbac
extends AbstractIterator
17 * flag: whether or not to create roles automatically if
22 protected $createMissingRoles = false;
25 * @param bool $createMissingRoles
26 * @return \Zend\Permissions\Rbac\Rbac
28 public function setCreateMissingRoles($createMissingRoles)
30 $this->createMissingRoles
= $createMissingRoles;
38 public function getCreateMissingRoles()
40 return $this->createMissingRoles
;
46 * @param string|RoleInterface $child
47 * @param array|RoleInterface|null $parents
49 * @throws Exception\InvalidArgumentException
51 public function addRole($child, $parents = null)
53 if (is_string($child)) {
54 $child = new Role($child);
56 if (!$child instanceof RoleInterface
) {
57 throw new Exception\
InvalidArgumentException(
58 'Child must be a string or implement Zend\Permissions\Rbac\RoleInterface'
63 if (!is_array($parents)) {
64 $parents = array($parents);
66 foreach ($parents as $parent) {
67 if ($this->createMissingRoles
&& !$this->hasRole($parent)) {
68 $this->addRole($parent);
70 $this->getRole($parent)->addChild($child);
74 $this->children
[] = $child;
80 * Is a child with $name registered?
82 * @param \Zend\Permissions\Rbac\RoleInterface|string $objectOrName
85 public function hasRole($objectOrName)
88 $this->getRole($objectOrName);
91 } catch (Exception\InvalidArgumentException
$e) {
99 * @param \Zend\Permissions\Rbac\RoleInterface|string $objectOrName
100 * @return RoleInterface
101 * @throws Exception\InvalidArgumentException
103 public function getRole($objectOrName)
105 if (!is_string($objectOrName) && !$objectOrName instanceof RoleInterface
) {
106 throw new Exception\
InvalidArgumentException(
107 'Expected string or implement \Zend\Permissions\Rbac\RoleInterface'
111 $it = new RecursiveIteratorIterator($this, RecursiveIteratorIterator
::CHILD_FIRST
);
112 foreach ($it as $leaf) {
113 if ((is_string($objectOrName) && $leaf->getName() == $objectOrName) ||
$leaf == $objectOrName) {
118 throw new Exception\
InvalidArgumentException(sprintf(
119 'No child with name "%s" could be found',
120 is_object($objectOrName) ?
$objectOrName->getName() : $objectOrName
125 * Determines if access is granted by checking the role and child roles for permission.
127 * @param RoleInterface|string $role
128 * @param string $permission
129 * @param AssertionInterface|Callable|null $assert
132 public function isGranted($role, $permission, $assert = null)
135 if ($assert instanceof AssertionInterface
) {
136 if (!$assert->assert($this)) {
139 } elseif (is_callable($assert)) {
140 if (!$assert($this)) {
144 throw new Exception\
InvalidArgumentException(
145 'Assertions must be a Callable or an instance of Zend\Permissions\Rbac\AssertionInterface'
150 if ($this->getRole($role)->hasPermission($permission)) {