Class NPermission

Access control list (ACL) functionality and privileges management.

This solution is mostly based on Zend_Acl (c) Zend Technologies USA Inc. (http://www.zend.com), new BSD license

NObject

NPermission implements IAuthorizator

Package: Nette\Security
Copyright: Copyright (c) 2005, 2007 Zend Technologies USA Inc.
Author: David Grudl
Located at Security/Permission.php

Methods summary
`public NPermission`	# `addRole( string $role, string\|array $parents = NULL )` Adds a Role to the list. The most recently added parent takes precedence over parents that were previously added. Adds a Role to the list. The most recently added parent takes precedence over parents that were previously added. Parameters `$role` `string` `$parents` `string\|array` Returns `NPermission` Throws `InvalidArgumentException` `InvalidStateException`
`public boolean`	# `hasRole( string $role )` Returns TRUE if the Role exists in the list. Returns TRUE if the Role exists in the list. Parameters `$role` `string` Returns `boolean`
`public array`	# `getRoles( )` Returns all Roles. Returns all Roles. Returns `array`
`public array`	# `getRoleParents( string $role )` Returns existing Role's parents ordered by ascending priority. Returns existing Role's parents ordered by ascending priority. Parameters `$role` `string` Returns `array`
`public boolean`	# `roleInheritsFrom( string $role, string $inherit, boolean $onlyParents = FALSE )` Returns TRUE if $role inherits from $inherit. If $onlyParents is TRUE, then $role must inherit directly from $inherit. Returns TRUE if $role inherits from $inherit. If $onlyParents is TRUE, then $role must inherit directly from $inherit. Parameters `$role` `string` `$inherit` `string` `$onlyParents` `boolean` Returns `boolean` Throws `InvalidStateException`
`public NPermission`	# `removeRole( string $role )` Removes the Role from the list. Removes the Role from the list. Parameters `$role` `string` Returns `NPermission` Throws `InvalidStateException`
`public NPermission`	# `removeAllRoles( )` Removes all Roles from the list. Removes all Roles from the list. Returns `NPermission`
`public NPermission`	# `addResource( string $resource, string $parent = NULL )` Adds a Resource having an identifier unique to the list. Adds a Resource having an identifier unique to the list. Parameters `$resource` `string` `$parent` `string` Returns `NPermission` Throws `InvalidArgumentException` `InvalidStateException`
`public boolean`	# `hasResource( string $resource )` Returns TRUE if the Resource exists in the list. Returns TRUE if the Resource exists in the list. Parameters `$resource` `string` Returns `boolean`
`public array`	# `getResources( )` Returns all Resources. Returns all Resources. Returns `array`
`public boolean`	# `resourceInheritsFrom( string $resource, string $inherit, boolean $onlyParent = FALSE )` Returns TRUE if $resource inherits from $inherit. If $onlyParents is TRUE, then $resource must inherit directly from $inherit. Returns TRUE if $resource inherits from $inherit. If $onlyParents is TRUE, then $resource must inherit directly from $inherit. Parameters `$resource` `string` `$inherit` `string` `$onlyParent` `boolean` Returns `boolean` Throws `InvalidStateException`
`public NPermission`	# `removeResource( string $resource )` Removes a Resource and all of its children. Removes a Resource and all of its children. Parameters `$resource` `string` Returns `NPermission` Throws `InvalidStateException`
`public NPermission`	# `removeAllResources( )` Removes all Resources. Removes all Resources. Returns `NPermission`
`public NPermission`	# `allow( string\|array\|IAuthorizator::ALL $roles = IAuthorizator::ALL, string\|array\|IAuthorizator::ALL $resources = IAuthorizator::ALL, string\|array\|IAuthorizator::ALL $privileges = IAuthorizator::ALL, callable $assertion = NULL )` Allows one or more Roles access to [certain $privileges upon] the specified Resource(s). If $assertion is provided, then it must return TRUE in order for rule to apply. Allows one or more Roles access to [certain $privileges upon] the specified Resource(s). If $assertion is provided, then it must return TRUE in order for rule to apply. Parameters `$roles` `string\|array\|IAuthorizator::ALL` roles `$resources` `string\|array\|IAuthorizator::ALL` resources `$privileges` `string\|array\|IAuthorizator::ALL` privileges `$assertion` `callable` assertion Returns `NPermission`
`public NPermission`	# `deny( string\|array\|IAuthorizator::ALL $roles = IAuthorizator::ALL, string\|array\|IAuthorizator::ALL $resources = IAuthorizator::ALL, string\|array\|IAuthorizator::ALL $privileges = IAuthorizator::ALL, callable $assertion = NULL )` Denies one or more Roles access to [certain $privileges upon] the specified Resource(s). If $assertion is provided, then it must return TRUE in order for rule to apply. Denies one or more Roles access to [certain $privileges upon] the specified Resource(s). If $assertion is provided, then it must return TRUE in order for rule to apply. Parameters `$roles` `string\|array\|IAuthorizator::ALL` roles `$resources` `string\|array\|IAuthorizator::ALL` resources `$privileges` `string\|array\|IAuthorizator::ALL` privileges `$assertion` `callable` assertion Returns `NPermission`
`public NPermission`	# `removeAllow( string\|array\|IAuthorizator::ALL $roles = IAuthorizator::ALL, string\|array\|IAuthorizator::ALL $resources = IAuthorizator::ALL, string\|array\|IAuthorizator::ALL $privileges = IAuthorizator::ALL )` Removes "allow" permissions from the list in the context of the given Roles, Resources, and privileges. Removes "allow" permissions from the list in the context of the given Roles, Resources, and privileges. Parameters `$roles` `string\|array\|IAuthorizator::ALL` roles `$resources` `string\|array\|IAuthorizator::ALL` resources `$privileges` `string\|array\|IAuthorizator::ALL` privileges Returns `NPermission`
`public NPermission`	# `removeDeny( string\|array\|IAuthorizator::ALL $roles = IAuthorizator::ALL, string\|array\|IAuthorizator::ALL $resources = IAuthorizator::ALL, string\|array\|IAuthorizator::ALL $privileges = IAuthorizator::ALL )` Removes "deny" restrictions from the list in the context of the given Roles, Resources, and privileges. Removes "deny" restrictions from the list in the context of the given Roles, Resources, and privileges. Parameters `$roles` `string\|array\|IAuthorizator::ALL` roles `$resources` `string\|array\|IAuthorizator::ALL` resources `$privileges` `string\|array\|IAuthorizator::ALL` privileges Returns `NPermission`
`protected NPermission`	# `setRule( boolean $toAdd, boolean $type, string\|array\|IAuthorizator::ALL $roles, string\|array\|IAuthorizator::ALL $resources, string\|array\|IAuthorizator::ALL $privileges, callable $assertion = NULL )` Performs operations on Access Control List rules. Performs operations on Access Control List rules. Parameters `$toAdd` `boolean` operation add? `$type` `boolean` type `$roles` `string\|array\|IAuthorizator::ALL` roles `$resources` `string\|array\|IAuthorizator::ALL` resources `$privileges` `string\|array\|IAuthorizator::ALL` privileges `$assertion` `callable` assertion Returns `NPermission` Throws `InvalidStateException`
`public boolean`	# `isAllowed( string\|IAuthorizator::ALL\|IRole $role = IAuthorizator::ALL, string\|IAuthorizator::ALL\|IResource $resource = IAuthorizator::ALL, string\|IAuthorizator::ALL $privilege = IAuthorizator::ALL )` Returns TRUE if and only if the Role has access to [certain $privileges upon] the Resource. Returns TRUE if and only if the Role has access to [certain $privileges upon] the Resource. This method checks Role inheritance using a depth-first traversal of the Role list. The highest priority parent (i.e., the parent most recently added) is checked first, and its respective parents are checked similarly before the lower-priority parents of the Role are checked. Parameters `$role` `string\|IAuthorizator::ALL\|IRole` role `$resource` `string\|IAuthorizator::ALL\|IResource` resource `$privilege` `string\|IAuthorizator::ALL` privilege Returns `boolean` Throws `InvalidStateException` Implementation of `IAuthorizator::isAllowed()`
`public mixed`	# `getQueriedRole( )` Returns real currently queried Role. Use by assertion. Returns real currently queried Role. Use by assertion. Returns `mixed`
`public mixed`	# `getQueriedResource( )` Returns real currently queried Resource. Use by assertion. Returns real currently queried Resource. Use by assertion. Returns `mixed`

Methods inherited from NObject
`__call(), __callStatic(), __get(), __isset(), __set(), __unset(), extensionMethod(), getReflection()`

Constants inherited from IAuthorizator
`ALL, ALLOW, DENY`

Magic properties summary
`public read-only array`	`$roles`	#
`public read-only array`	`$resources`	#
`public read-only mixed`	`$queriedRole`	#
`public read-only mixed`	`$queriedResource`	#

Magic properties inherited from NObject
`$reflection`

Packages

Classes

Interfaces

Exceptions

Class NPermission

Parameters

Returns

Throws

Parameters

Returns

Returns

Parameters

Returns

Parameters

Returns

Throws

Parameters

Returns

Throws

Returns

Parameters

Returns

Throws

Parameters

Returns

Returns

Parameters

Returns

Throws

Parameters

Returns

Throws

Returns

Parameters

Returns

Parameters

Returns

Parameters

Returns

Parameters

Returns

Parameters

Returns

Throws

Parameters

Returns

Throws

Implementation of

Returns

Returns