Namespaces

  • Nette
    • Application
      • Diagnostics
      • Responses
      • Routers
      • UI
    • Caching
      • Storages
    • ComponentModel
    • Config
      • Adapters
      • Extensions
    • Database
      • Diagnostics
      • Drivers
      • Reflection
      • Table
    • DI
      • Diagnostics
    • Diagnostics
    • Forms
      • Controls
      • Rendering
    • Http
    • Iterators
    • Latte
      • Macros
    • Loaders
    • Localization
    • Mail
    • Reflection
    • Security
      • Diagnostics
    • Templating
    • Utils
      • PhpGenerator
  • NetteModule
  • none

Classes

  • Identity
  • Permission
  • SimpleAuthenticator
  • User

Interfaces

  • IAuthenticator
  • IAuthorizator
  • IIdentity
  • IResource
  • IRole
  • IUserStorage

Exceptions

  • AuthenticationException
  • Overview
  • Namespace
  • Class
  • Tree
  • Deprecated
  • Other releases
  • Nette homepage
  1: <?php
  2: 
  3: /**
  4:  * This file is part of the Nette Framework (https://nette.org)
  5:  * Copyright (c) 2004 David Grudl (http://davidgrudl.com)
  6:  */
  7: 
  8: namespace Nette\Security;
  9: 
 10: use Nette;
 11: 
 12: 
 13: /**
 14:  * User authentication and authorization.
 15:  *
 16:  * @author     David Grudl
 17:  *
 18:  * @property-read bool $loggedIn
 19:  * @property-read IIdentity $identity
 20:  * @property-read mixed $id
 21:  * @property   IAuthenticator $authenticator
 22:  * @property-read int $logoutReason
 23:  * @property-read array $roles
 24:  * @property   IAuthorizator $authorizator
 25:  */
 26: class User extends Nette\Object
 27: {
 28:      /** @deprecated */
 29:     const MANUAL = IUserStorage::MANUAL,
 30:         INACTIVITY = IUserStorage::INACTIVITY,
 31:         BROWSER_CLOSED = IUserStorage::BROWSER_CLOSED;
 32: 
 33:     /** @var string  default role for unauthenticated user */
 34:     public $guestRole = 'guest';
 35: 
 36:     /** @var string  default role for authenticated user without own identity */
 37:     public $authenticatedRole = 'authenticated';
 38: 
 39:     /** @var array of function(User $sender); Occurs when the user is successfully logged in */
 40:     public $onLoggedIn;
 41: 
 42:     /** @var array of function(User $sender); Occurs when the user is logged out */
 43:     public $onLoggedOut;
 44: 
 45:     /** @var IUserStorage Session storage for current user */
 46:     private $storage;
 47: 
 48:     /** @var IAuthenticator */
 49:     private $authenticator;
 50: 
 51:     /** @var IAuthorizator */
 52:     private $authorizator;
 53: 
 54:     /** @var Nette\DI\Container */
 55:     private $context;
 56: 
 57: 
 58:     public function __construct(IUserStorage $storage, Nette\DI\Container $context)
 59:     {
 60:         $this->storage = $storage;
 61:         $this->context = $context; // with IAuthenticator, IAuthorizator
 62:     }
 63: 
 64: 
 65:     /**
 66:      * @return IUserStorage
 67:      */
 68:     public function getStorage()
 69:     {
 70:         return $this->storage;
 71:     }
 72: 
 73: 
 74:     /********************* Authentication ****************d*g**/
 75: 
 76: 
 77:     /**
 78:      * Conducts the authentication process. Parameters are optional.
 79:      * @param  mixed optional parameter (e.g. username or IIdentity)
 80:      * @param  mixed optional parameter (e.g. password)
 81:      * @return void
 82:      * @throws AuthenticationException if authentication was not successful
 83:      */
 84:     public function login($id = NULL, $password = NULL)
 85:     {
 86:         $this->logout(TRUE);
 87:         if (!$id instanceof IIdentity) {
 88:             $id = $this->getAuthenticator()->authenticate(func_get_args());
 89:         }
 90:         $this->storage->setIdentity($id);
 91:         $this->storage->setAuthenticated(TRUE);
 92:         $this->onLoggedIn($this);
 93:     }
 94: 
 95: 
 96:     /**
 97:      * Logs out the user from the current session.
 98:      * @param  bool  clear the identity from persistent storage?
 99:      * @return void
100:      */
101:     public function logout($clearIdentity = FALSE)
102:     {
103:         if ($this->isLoggedIn()) {
104:             $this->onLoggedOut($this);
105:             $this->storage->setAuthenticated(FALSE);
106:         }
107:         if ($clearIdentity) {
108:             $this->storage->setIdentity(NULL);
109:         }
110:     }
111: 
112: 
113:     /**
114:      * Is this user authenticated?
115:      * @return bool
116:      */
117:     public function isLoggedIn()
118:     {
119:         return $this->storage->isAuthenticated();
120:     }
121: 
122: 
123:     /**
124:      * Returns current user identity, if any.
125:      * @return IIdentity|NULL
126:      */
127:     public function getIdentity()
128:     {
129:         return $this->storage->getIdentity();
130:     }
131: 
132: 
133:     /**
134:      * Returns current user ID, if any.
135:      * @return mixed
136:      */
137:     public function getId()
138:     {
139:         $identity = $this->getIdentity();
140:         return $identity ? $identity->getId() : NULL;
141:     }
142: 
143: 
144:     /**
145:      * Sets authentication handler.
146:      * @return self
147:      */
148:     public function setAuthenticator(IAuthenticator $handler)
149:     {
150:         $this->authenticator = $handler;
151:         return $this;
152:     }
153: 
154: 
155:     /**
156:      * Returns authentication handler.
157:      * @return IAuthenticator
158:      */
159:     public function getAuthenticator()
160:     {
161:         return $this->authenticator ?: $this->context->getByType('Nette\Security\IAuthenticator');
162:     }
163: 
164: 
165:     /**
166:      * Enables log out after inactivity.
167:      * @param  string|int|DateTime number of seconds or timestamp
168:      * @param  bool  log out when the browser is closed?
169:      * @param  bool  clear the identity from persistent storage?
170:      * @return self
171:      */
172:     public function setExpiration($time, $whenBrowserIsClosed = TRUE, $clearIdentity = FALSE)
173:     {
174:         $flags = ($whenBrowserIsClosed ? IUserStorage::BROWSER_CLOSED : 0) | ($clearIdentity ? IUserStorage::CLEAR_IDENTITY : 0);
175:         $this->storage->setExpiration($time, $flags);
176:         return $this;
177:     }
178: 
179: 
180:     /**
181:      * Why was user logged out?
182:      * @return int
183:      */
184:     public function getLogoutReason()
185:     {
186:         return $this->storage->getLogoutReason();
187:     }
188: 
189: 
190:     /********************* Authorization ****************d*g**/
191: 
192: 
193:     /**
194:      * Returns a list of effective roles that a user has been granted.
195:      * @return array
196:      */
197:     public function getRoles()
198:     {
199:         if (!$this->isLoggedIn()) {
200:             return array($this->guestRole);
201:         }
202: 
203:         $identity = $this->getIdentity();
204:         return $identity && $identity->getRoles() ? $identity->getRoles() : array($this->authenticatedRole);
205:     }
206: 
207: 
208:     /**
209:      * Is a user in the specified effective role?
210:      * @param  string
211:      * @return bool
212:      */
213:     public function isInRole($role)
214:     {
215:         return in_array($role, $this->getRoles(), TRUE);
216:     }
217: 
218: 
219:     /**
220:      * Has a user effective access to the Resource?
221:      * If $resource is NULL, then the query applies to all resources.
222:      * @param  string  resource
223:      * @param  string  privilege
224:      * @return bool
225:      */
226:     public function isAllowed($resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL)
227:     {
228:         $authorizator = $this->getAuthorizator();
229:         foreach ($this->getRoles() as $role) {
230:             if ($authorizator->isAllowed($role, $resource, $privilege)) {
231:                 return TRUE;
232:             }
233:         }
234: 
235:         return FALSE;
236:     }
237: 
238: 
239:     /**
240:      * Sets authorization handler.
241:      * @return self
242:      */
243:     public function setAuthorizator(IAuthorizator $handler)
244:     {
245:         $this->authorizator = $handler;
246:         return $this;
247:     }
248: 
249: 
250:     /**
251:      * Returns current authorization handler.
252:      * @return IAuthorizator
253:      */
254:     public function getAuthorizator()
255:     {
256:         return $this->authorizator ?: $this->context->getByType('Nette\Security\IAuthorizator');
257:     }
258: 
259: 
260:     /********************* deprecated ****************d*g**/
261: 
262:     /** @deprecated */
263:     function setNamespace($namespace)
264:     {
265:         trigger_error(__METHOD__ . '() is deprecated; use getStorage()->setNamespace() instead.', E_USER_WARNING);
266:         $this->storage->setNamespace($namespace);
267:         return $this;
268:     }
269: 
270:     /** @deprecated */
271:     function getNamespace()
272:     {
273:         trigger_error(__METHOD__ . '() is deprecated; use getStorage()->getNamespace() instead.', E_USER_WARNING);
274:         return $this->storage->getNamespace();
275:     }
276: 
277:     /** @deprecated */
278:     function setAuthenticationHandler($v)
279:     {
280:         trigger_error(__METHOD__ . '() is deprecated; use setAuthenticator() instead.', E_USER_WARNING);
281:         return $this->setAuthenticator($v);
282:     }
283: 
284:     /** @deprecated */
285:     function setAuthorizationHandler($v)
286:     {
287:         trigger_error(__METHOD__ . '() is deprecated; use setAuthorizator() instead.', E_USER_WARNING);
288:         return $this->setAuthorizator($v);
289:     }
290: 
291: }
292:
Nette 2.0 API documentation generated by ApiGen 2.8.0