1: <?php
2:
3: 4: 5: 6: 7: 8: 9: 10:
11:
12: namespace App\Model;
13:
14: use Nette\Security\IAuthorizator;
15:
16: 17: 18:
19: class Acl extends Permission implements IAuthorizator {
20:
21: 22: 23: 24:
25: private $queriedRole;
26:
27: 28: 29: 30:
31: private $queriedResource;
32:
33: 34: 35: 36:
37: public function __construct(Database $database, Roles $roles, Resources $resources) {
38: parent::__construct($database, $roles, $resources);
39: }
40:
41: 42: 43: 44: 45: 46: 47:
48: public function isAllowed($role, $resource, $privilege) {
49: if (!$this->setQueried($role, $resource)){
50: return False;
51: }
52: $result = $this->searchResourceRole($resource, $role, $privilege);
53: $this->queriedResource = $this->queriedRole = NULL;
54: return ($result !== NULL)? $result : FALSE;
55: }
56: 57: 58: 59:
60: public function getQueriedRole() {
61: return $this->queriedRole;
62: }
63: 64: 65: 66:
67: public function getQueriedResource() {
68: return $this->queriedResource;
69: }
70: 71: 72: 73: 74: 75: 76:
77: private function searchResourceRole($resource, $role, $privilege){
78: $result = $this->searchRolePrivilege($resource, $role, $privilege);
79: if ($result === NULL || $result === FALSE){
80: foreach ($this->queriedResource['childs'] as $childResource){
81: if(TRUE === ($result = $this->searchRolePrivilege($childResource,$role, $privilege))){
82: break;
83: }
84: }
85: }
86: return $result;
87: }
88:
89: 90: 91: 92: 93: 94: 95:
96: private function searchRolePrivilege($resource, $role, $privilege){
97: $result = $this->searchPrivilege($resource, $role, $privilege);
98: if ($result === NULL || $result === FALSE){
99: $queriedRole = $this->roles->roles[$role];
100: foreach ($queriedRole['childs'] as $childRole){
101: if(TRUE === ($result = $this->searchRolePrivilege($resource,$childRole, $privilege))){
102: break;
103: }
104: }
105: }
106: return $result;
107: }
108:
109: 110: 111: 112: 113: 114: 115:
116: private function searchPrivilege($resource, $role, $privilege){
117: $rules = & $this->rule($resource, $role);
118: return isset($rules[$privilege]) ? : FALSE;
119: }
120:
121: 122: 123: 124: 125: 126: 127:
128: private function setQueried($role, $resource) {
129: if (parent::isRole($role) && parent::isResource($resource)) {
130: $this->queriedRole = $this->roles->roles[$role];
131: $this->queriedResource = $this->resources->resources[$resource];
132: return TRUE;
133: }
134: return FALSE;
135: }
136: }
137: