1: <?php
2:
3: 4: 5: 6: 7: 8: 9: 10:
11:
12: namespace App\Model;
13:
14: use Nette,
15: Nette\Object,
16: App\Lib\Table,
17: App\Lib\Statics\Cons;
18:
19: 20: 21:
22: class Permission extends Object {
23:
24: 25: 26: 27:
28: private $rules = array();
29:
30: 31: 32: 33:
34: protected $roles;
35:
36: 37: 38: 39:
40: protected $resources;
41:
42: 43: 44: 45:
46: private $source;
47:
48: 49: 50: 51: 52: 53: 54:
55: public function __construct(Database $database, Roles $roles, Resources $resources) {
56: $this->roles = $roles;
57: $this->resources = $resources;
58: $this->source = (new Table(Cons::TABLE_ACL, $database));
59: foreach ($this->source->data as $activeRow) {
60: $this->addPermision($activeRow);
61: }
62: }
63:
64: 65: 66: 67: 68:
69: public function isRole($role) {
70: return $this->roles->hasRole($role);
71: }
72:
73: 74: 75: 76: 77:
78: public function isResource($resource) {
79: return $this->resources->hasResource($resource);
80: }
81:
82: 83: 84: 85: 86: 87: 88:
89: public function allow($role, $resource, $privileges) {
90: $this->setRule($role, $resource, $privileges, TRUE);
91: return $this;
92: }
93:
94: 95: 96: 97: 98: 99: 100:
101: public function deny($role, $resource, $privileges) {
102: $this->setRule($role, $resource, $privileges, FALSE);
103: return $this;
104: }
105:
106: protected function getRules() {
107: return $this->rules;
108: }
109:
110: 111: 112: 113: 114: 115: 116:
117: protected function setRule($role, $resource, $privileges, $type) {
118: if (!$this->isrole($role)) {
119: throw new Nette\InvalidStateException("Role '$role' neexistuje.");
120: }
121: if (!$this->isResource($resource)) {
122: throw new Nette\InvalidStateException("Zdroj '$resource' neexistuje.");
123: }
124: $rules = & $this->rule($resource, $role, TRUE);
125: foreach (((is_array($privileges)) ? $privileges : array($privileges)) as $privilege) {
126: $rules[$privilege] = $type;
127: }
128: }
129:
130: 131: 132: 133: 134: 135: 136:
137: protected function &rule($resource, $role, $add = FALSE) {
138: if ($add) {
139: return $this->addRule($resource, $role);
140: } else {
141: return $this->getRule($resource, $role);
142: }
143: }
144:
145: 146: 147: 148: 149:
150: private function addPermision($activeRow) {
151: $privileges = $this->setPrivileges($activeRow);
152: if (count($privileges)) {
153: $this->allow(
154: $activeRow[Cons::TABLE_ACL . '_' . Cons::TABLE_ROLES][Cons::COLUMN_PATH], $activeRow[Cons::TABLE_ACL . '_' . Cons::TABLE_RESOURCES][Cons::COLUMN_PATH], $privileges
155: );
156: }
157: }
158:
159: 160: 161: 162: 163: 164:
165: private function setPrivileges($activeRow) {
166: $privileges = array();
167: (!$activeRow[Cons::DELETE])? : $privileges[] = Cons::DELETE;
168: (!$activeRow[Cons::WRITE])? : $privileges[] = Cons::WRITE;
169: (!$activeRow[Cons::CREATE])? : $privileges[] = Cons::CREATE;
170: (!$activeRow[Cons::READ])? : $privileges[] = Cons::READ;
171: return $privileges;
172: }
173:
174: 175: 176: 177: 178: 179:
180: private function & addRule($resource, $role) {
181:
182: $visitor = & $this->rules[$resource];
183: $visitor[$role] = array();
184: return $visitor[$role];
185: }
186:
187: 188: 189: 190: 191: 192:
193: private function & getRule($resource, $role) {
194: $null = NULL;
195: if (!isset($this->rules[$resource])) {
196: return $null;
197: } else {
198: $step = & $this->rules[$resource];
199: }
200: if (!isset($step[$role])) {
201: return $null;
202: }
203: return $step[$role];
204: }
205: }
206: