01.31 php saved
the_undefined
Tags add more
ACL and auth  
Note
SimpleAclComponent.

See http://www.thinkingphp.org/2006/10/03/a-lightweight-approach-to-acl-the-33-lines-of-magic/ for more information.
  1. <?php
  2.  
  3. /**
  4. * Created: Sun Sep 17 10:51:46 CEST 2006
  5. *
  6. * DESCRIPTION
  7. *
  8. * PHP versions 4 and 5
  9. *
  10. * Copyright (c) Felix Geisendörfer <info@fg-webdesign.de>
  11. *
  12. * Licensed under The MIT License
  13. * Redistributions of files must retain the above copyright notice.
  14. *
  15. * @copyright      Copyright (c) 2006, Felix Geisendörfer.
  16. * @link            http://www.fg-webdesign.de/
  17. * @link            http://www.thinkingphp.org/
  18. * @license   http://www.opensource.org/licenses/mit-license.php The MIT License
  19. */
  20. class SimpleAclComponent extends Object
  21. {
  22.     var $Controller;
  23.  
  24.     /**
  25.      * You can set this to false in your AppController's beforeFilter to deactivate this Component
  26.      *
  27.      * @var boolean
  28.      */
  29.     var $enabled = true;
  30.    
  31.     /**
  32.      * Here you can register a callback in case the User tries to access an action he's not
  33.      * allowed to access.
  34.      *
  35.      * @var mixed
  36.      */
  37.     var $actionDeniedCallback = null;     
  38.    
  39.     /**
  40.      * If $this->activeUser is empty, this component will be accessed to get the activeUser
  41.      * data. The component must support a function getActiveUser();.
  42.      *
  43.      * I would recommend you to use my SimpleAuth component for this job ; ).
  44.      *
  45.      * @var string
  46.      */
  47.     var $authComponent = 'SimpleAuth';
  48.    
  49.     /**
  50.      * Can contain the current User data
  51.      *
  52.      * @var unknown_type
  53.      */
  54.     var $activeUser = null;
  55.  
  56.     function startup(&$Controller)
  57.     {       
  58.         $this->Controller = &$Controller;
  59.        
  60.         // If the component got disabled, exit.
  61.         if ($this->enabled===false)
  62.             return;       
  63.        
  64.         // The name of the Controller and action we want to check permission for
  65.         $controller = $this->Controller->name;
  66.         $action     = $this->Controller->action;
  67.            
  68.         if (empty($this->activeUser) && (isset($this->Controller->{$this->authComponent})))
  69.             $this->activeUser = $this->Controller->{$this->authComponent}->getActiveUser();
  70.                
  71.         // Check if there is an action and if we are (not) allowed to access it.
  72.         if (!empty($this->Controller->action) && !$this->actionAllowed($controller, $action))
  73.         {
  74.             // If there is no actionDeniedCallback defined, invoke a simple default error template (errors/permission_denied.ctp)
  75.             if (!$this->actionDeniedCallback)
  76.             {
  77.                 header('HTTP/1.1 401 Unauthorized');
  78.                 $this->Controller->set(compact('controller', 'action'));
  79.            
  80.                 $this->Controller->viewPath = 'errors';           
  81.                 $this->Controller->render('permission_denied');
  82.                 exit;
  83.             }
  84.             else // Call the actionDeniedCallback
  85.                 return call_user_func_array($this->actionDeniedCallback, array($controller, $action, &$this));
  86.         }               
  87.     }
  88.    
  89.     function actionAllowed($controller, $action, $user = null)
  90.     {
  91.         if (empty($user) && !empty($this->activeUser))
  92.             $user = $this->activeUser;
  93.        
  94.         if (isset($user[$this->Controller->{$this->authComponent}->groupModel]))
  95.         {
  96.             $groupAllowed = $this->requestAllowed($controller, $action, $user[$this->Controller->{$this->authComponent}->groupModel]['controller_acl']);
  97.             $userAllowed = $this->requestAllowed($controller, $action, $user[$this->Controller->{$this->authComponent}->userModel]['controller_acl'], $groupAllowed);
  98.         }
  99.         else
  100.             $userAllowed = $this->requestAllowed($controller, $action, $user[$this->Controller->{$this->authComponent}->userModel]['controller_acl']);
  101.        
  102.         return $userAllowed;
  103.     }
  104.    
  105.     /**
  106.      * This function decides whether a given $objects's $property can be accessed based
  107.      * on a list of $rules. If the list of $rules is empty or doesn't match $object/$property
  108.      * the decision is made based on the $default value.
  109.      *
  110.      * @param string $object
  111.      * @param string $property
  112.      * @param string $rules
  113.      * @param boolean $allowedDefault
  114.      * @return boolean
  115.      */
  116.     function requestAllowed($object, $property, $rules, $default = false)
  117.     {
  118.         // The default value to return if no rule matching $object/$property can be found
  119.         $allowed = $default;
  120.        
  121.         // This Regex converts a string of rules like "objectA:actionA,objectB:actionB,..." into the array $matches.
  122.         preg_match_all('/([^:,]+):([^,:]+)/is', $rules, $matches, PREG_SET_ORDER);
  123.         foreach ($matches as $match)
  124.         {
  125.             list($rawMatch, $allowedObject, $allowedProperty) = $match;
  126.            
  127.             $allowedObject = str_replace('*', '.*', $allowedObject);
  128.             $allowedProperty = str_replace('*', '.*', $allowedProperty);
  129.            
  130.             if (substr($allowedObject, 0, 1)=='!')
  131.             {
  132.                 $allowedObject = substr($allowedObject, 1);
  133.                 $negativeCondition = true;
  134.             }
  135.             else
  136.                 $negativeCondition = false;
  137.            
  138.             if (preg_match('/^'.$allowedObject.'$/i', $object) &&
  139.                 preg_match('/^'.$allowedProperty.'$/i', $property))
  140.             {
  141.                 if ($negativeCondition)
  142.                     $allowed = false;
  143.                 else
  144.                     $allowed = true;
  145.             }
  146.         }       
  147.         return $allowed;
  148.     }
  149. }
  150.  
  151. ?>
Parsed in 0.177 seconds, using GeSHi 1.0.7.14

Modify this Paste