Packages

  • Nette
    • Application
      • Diagnostics
      • Responses
      • Routers
      • UI
    • Caching
      • Storages
    • ComponentModel
    • Config
      • Adapters
      • Extensions
    • Database
      • Diagnostics
      • Drivers
      • Reflection
      • Table
    • DI
      • Diagnostics
    • Diagnostics
    • Forms
      • Controls
      • Rendering
    • Http
    • Iterators
    • Latte
      • Macros
    • Loaders
    • Localization
    • Mail
    • Reflection
    • Security
      • Diagnostics
    • Templating
    • Utils
      • PhpGenerator
  • NetteModule
  • none

Classes

Interfaces

Exceptions

  • Overview
  • Package
  • Class
  • Tree
  • Deprecated
  • Other releases
  • Nette homepage

Class Permission

Access control list (ACL) functionality and privileges management.

This solution is mostly based on Zend_Acl (c) Zend Technologies USA Inc. (http://www.zend.com), new BSD license

Object
Extended by Permission implements IAuthorizator
Package: Nette\Security
Copyright: Copyright (c) 2005, 2007 Zend Technologies USA Inc.
Author: David Grudl
Located at Security/Permission.php
Methods summary
public Permission
# addRole( string $role, string|array $parents = NULL )

Adds a Role to the list. The most recently added parent takes precedence over parents that were previously added.

Adds a Role to the list. The most recently added parent takes precedence over parents that were previously added.

Parameters

$role
string
$parents
string|array

Returns

Permission

Throws

InvalidArgumentException
InvalidStateException
public boolean
# hasRole( string $role )

Returns TRUE if the Role exists in the list.

Returns TRUE if the Role exists in the list.

Parameters

$role
string

Returns

boolean
public array
# getRoles( )

Returns all Roles.

Returns all Roles.

Returns

array
public array
# getRoleParents( string $role )

Returns existing Role's parents ordered by ascending priority.

Returns existing Role's parents ordered by ascending priority.

Parameters

$role
string

Returns

array
public boolean
# roleInheritsFrom( string $role, string $inherit, boolean $onlyParents = FALSE )

Returns TRUE if $role inherits from $inherit. If $onlyParents is TRUE, then $role must inherit directly from $inherit.

Returns TRUE if $role inherits from $inherit. If $onlyParents is TRUE, then $role must inherit directly from $inherit.

Parameters

$role
string
$inherit
string
$onlyParents
boolean

Returns

boolean

Throws

InvalidStateException
public Permission
# removeRole( string $role )

Removes the Role from the list.

Removes the Role from the list.

Parameters

$role
string

Returns

Permission

Throws

InvalidStateException
public Permission
# removeAllRoles( )

Removes all Roles from the list.

Removes all Roles from the list.

Returns

Permission
public Permission
# addResource( string $resource, string $parent = NULL )

Adds a Resource having an identifier unique to the list.

Adds a Resource having an identifier unique to the list.

Parameters

$resource
string
$parent
string

Returns

Permission

Throws

InvalidArgumentException
InvalidStateException
public boolean
# hasResource( string $resource )

Returns TRUE if the Resource exists in the list.

Returns TRUE if the Resource exists in the list.

Parameters

$resource
string

Returns

boolean
public array
# getResources( )

Returns all Resources.

Returns all Resources.

Returns

array
public boolean
# resourceInheritsFrom( string $resource, string $inherit, boolean $onlyParent = FALSE )

Returns TRUE if $resource inherits from $inherit. If $onlyParents is TRUE, then $resource must inherit directly from $inherit.

Returns TRUE if $resource inherits from $inherit. If $onlyParents is TRUE, then $resource must inherit directly from $inherit.

Parameters

$resource
string
$inherit
string
$onlyParent
boolean

Returns

boolean

Throws

InvalidStateException
public Permission
# removeResource( string $resource )

Removes a Resource and all of its children.

Removes a Resource and all of its children.

Parameters

$resource
string

Returns

Permission

Throws

InvalidStateException
public Permission
# removeAllResources( )

Removes all Resources.

Removes all Resources.

Returns

Permission
public Permission
# allow( string|array|IAuthorizator::ALL $roles = IAuthorizator::ALL, string|array|IAuthorizator::ALL $resources = IAuthorizator::ALL, string|array|IAuthorizator::ALL $privileges = IAuthorizator::ALL, callable $assertion = NULL )

Allows one or more Roles access to [certain $privileges upon] the specified Resource(s). If $assertion is provided, then it must return TRUE in order for rule to apply.

Allows one or more Roles access to [certain $privileges upon] the specified Resource(s). If $assertion is provided, then it must return TRUE in order for rule to apply.

Parameters

$roles
string|array|IAuthorizator::ALL
roles
$resources
string|array|IAuthorizator::ALL
resources
$privileges
string|array|IAuthorizator::ALL
privileges
$assertion
callable
assertion

Returns

Permission
public Permission
# deny( string|array|IAuthorizator::ALL $roles = IAuthorizator::ALL, string|array|IAuthorizator::ALL $resources = IAuthorizator::ALL, string|array|IAuthorizator::ALL $privileges = IAuthorizator::ALL, callable $assertion = NULL )

Denies one or more Roles access to [certain $privileges upon] the specified Resource(s). If $assertion is provided, then it must return TRUE in order for rule to apply.

Denies one or more Roles access to [certain $privileges upon] the specified Resource(s). If $assertion is provided, then it must return TRUE in order for rule to apply.

Parameters

$roles
string|array|IAuthorizator::ALL
roles
$resources
string|array|IAuthorizator::ALL
resources
$privileges
string|array|IAuthorizator::ALL
privileges
$assertion
callable
assertion

Returns

Permission
public Permission
# removeAllow( string|array|IAuthorizator::ALL $roles = IAuthorizator::ALL, string|array|IAuthorizator::ALL $resources = IAuthorizator::ALL, string|array|IAuthorizator::ALL $privileges = IAuthorizator::ALL )

Removes "allow" permissions from the list in the context of the given Roles, Resources, and privileges.

Removes "allow" permissions from the list in the context of the given Roles, Resources, and privileges.

Parameters

$roles
string|array|IAuthorizator::ALL
roles
$resources
string|array|IAuthorizator::ALL
resources
$privileges
string|array|IAuthorizator::ALL
privileges

Returns

Permission
public Permission
# removeDeny( string|array|IAuthorizator::ALL $roles = IAuthorizator::ALL, string|array|IAuthorizator::ALL $resources = IAuthorizator::ALL, string|array|IAuthorizator::ALL $privileges = IAuthorizator::ALL )

Removes "deny" restrictions from the list in the context of the given Roles, Resources, and privileges.

Removes "deny" restrictions from the list in the context of the given Roles, Resources, and privileges.

Parameters

$roles
string|array|IAuthorizator::ALL
roles
$resources
string|array|IAuthorizator::ALL
resources
$privileges
string|array|IAuthorizator::ALL
privileges

Returns

Permission
protected Permission
# setRule( boolean $toAdd, boolean $type, string|array|IAuthorizator::ALL $roles, string|array|IAuthorizator::ALL $resources, string|array|IAuthorizator::ALL $privileges, callable $assertion = NULL )

Performs operations on Access Control List rules.

Performs operations on Access Control List rules.

Parameters

$toAdd
boolean
operation add?
$type
boolean
type
$roles
string|array|IAuthorizator::ALL
roles
$resources
string|array|IAuthorizator::ALL
resources
$privileges
string|array|IAuthorizator::ALL
privileges
$assertion
callable
assertion

Returns

Permission

Throws

InvalidStateException
public boolean
# isAllowed( string|IAuthorizator::ALL|IRole $role = IAuthorizator::ALL, string|IAuthorizator::ALL|IResource $resource = IAuthorizator::ALL, string|IAuthorizator::ALL $privilege = IAuthorizator::ALL )

Returns TRUE if and only if the Role has access to [certain $privileges upon] the Resource.

Returns TRUE if and only if the Role has access to [certain $privileges upon] the Resource.

This method checks Role inheritance using a depth-first traversal of the Role list. The highest priority parent (i.e., the parent most recently added) is checked first, and its respective parents are checked similarly before the lower-priority parents of the Role are checked.

Parameters

$role
string|IAuthorizator::ALL|IRole
role
$resource
string|IAuthorizator::ALL|IResource
resource
$privilege
string|IAuthorizator::ALL
privilege

Returns

boolean

Throws

InvalidStateException

Implementation of

IAuthorizator::isAllowed()
public mixed
# getQueriedRole( )

Returns real currently queried Role. Use by assertion.

Returns real currently queried Role. Use by assertion.

Returns

mixed
public mixed
# getQueriedResource( )

Returns real currently queried Resource. Use by assertion.

Returns real currently queried Resource. Use by assertion.

Returns

mixed
Methods inherited from Object
__call(), __callStatic(), __get(), __isset(), __set(), __unset(), extensionMethod(), getReflection()
Constants inherited from IAuthorizator
ALL, ALLOW, DENY
Magic properties summary
public read-only array $roles
#
public read-only array $resources
#
public read-only mixed $queriedRole
#
public read-only mixed $queriedResource
#
Magic properties inherited from Object
$reflection
Nette Framework 2.0.18 (for PHP 5.2, un-prefixed) API documentation generated by ApiGen 2.8.0