Namespaces

  • Latte
    • Loaders
    • Macros
    • Runtime
  • Nette
    • Application
      • Responses
      • Routers
      • UI
    • Bridges
      • ApplicationDI
      • ApplicationLatte
      • ApplicationTracy
      • CacheDI
      • CacheLatte
      • DatabaseDI
      • DatabaseTracy
      • DITracy
      • FormsDI
      • FormsLatte
      • Framework
      • HttpDI
      • HttpTracy
      • MailDI
      • ReflectionDI
      • SecurityDI
      • SecurityTracy
    • Caching
      • Storages
    • ComponentModel
    • Database
      • Conventions
      • Drivers
      • Reflection
      • Table
    • DI
      • Config
        • Adapters
      • Extensions
    • Forms
      • Controls
      • Rendering
    • Http
    • Iterators
    • Loaders
    • Localization
    • Mail
    • Neon
    • PhpGenerator
    • Reflection
    • Security
    • Utils
  • none
  • Tracy
    • Bridges
      • Nette

Classes

  • Identity
  • Passwords
  • Permission
  • SimpleAuthenticator
  • User

Interfaces

  • IAuthenticator
  • IAuthorizator
  • IIdentity
  • IResource
  • IRole
  • IUserStorage

Exceptions

  • AuthenticationException
  • Overview
  • Namespace
  • Class
  • Tree
  • Deprecated
  • Other releases
  • Nette homepage

Class Permission

Access control list (ACL) functionality and privileges management.

This solution is mostly based on Zend_Acl (c) Zend Technologies USA Inc. (http://www.zend.com), new BSD license

Nette\Object
Extended by Nette\Security\Permission implements Nette\Security\IAuthorizator
Namespace: Nette\Security
Copyright: Copyright (c) 2005, 2007 Zend Technologies USA Inc.
Located at Security/Permission.php
Methods summary
public Nette\Security\Permission
# addRole( string $role, string|array $parents = NULL )

Adds a Role to the list. The most recently added parent takes precedence over parents that were previously added.

Adds a Role to the list. The most recently added parent takes precedence over parents that were previously added.

Parameters

$role
$parents

Returns

Nette\Security\Permission
self

Throws

Nette\InvalidArgumentException
Nette\InvalidArgumentException
Nette\InvalidStateException
Nette\InvalidStateException
public boolean
# hasRole( string $role )

Returns TRUE if the Role exists in the list.

Returns TRUE if the Role exists in the list.

Parameters

$role

Returns

boolean
bool
public array
# getRoles( )

Returns all Roles.

Returns all Roles.

Returns

array
array
public array
# getRoleParents( string $role )

Returns existing Role's parents ordered by ascending priority.

Returns existing Role's parents ordered by ascending priority.

Parameters

$role

Returns

array
array
public boolean
# roleInheritsFrom( string $role, string $inherit, boolean $onlyParents = FALSE )

Returns TRUE if $role inherits from $inherit. If $onlyParents is TRUE, then $role must inherit directly from $inherit.

Returns TRUE if $role inherits from $inherit. If $onlyParents is TRUE, then $role must inherit directly from $inherit.

Parameters

$role
$inherit
$onlyParents

Returns

boolean
bool

Throws

Nette\InvalidStateException
Nette\InvalidStateException
public Nette\Security\Permission
# removeRole( string $role )

Removes the Role from the list.

Removes the Role from the list.

Parameters

$role

Returns

Nette\Security\Permission
self

Throws

Nette\InvalidStateException
Nette\InvalidStateException
public Nette\Security\Permission
# removeAllRoles( )

Removes all Roles from the list.

Removes all Roles from the list.

Returns

Nette\Security\Permission
self
public Nette\Security\Permission
# addResource( string $resource, string $parent = NULL )

Adds a Resource having an identifier unique to the list.

Adds a Resource having an identifier unique to the list.

Parameters

$resource
$parent

Returns

Nette\Security\Permission
self

Throws

Nette\InvalidArgumentException
Nette\InvalidArgumentException
Nette\InvalidStateException
Nette\InvalidStateException
public boolean
# hasResource( string $resource )

Returns TRUE if the Resource exists in the list.

Returns TRUE if the Resource exists in the list.

Parameters

$resource

Returns

boolean
bool
public array
# getResources( )

Returns all Resources.

Returns all Resources.

Returns

array
array
public boolean
# resourceInheritsFrom( string $resource, string $inherit, boolean $onlyParent = FALSE )

Returns TRUE if $resource inherits from $inherit. If $onlyParents is TRUE, then $resource must inherit directly from $inherit.

Returns TRUE if $resource inherits from $inherit. If $onlyParents is TRUE, then $resource must inherit directly from $inherit.

Parameters

$resource
$inherit
$onlyParent

Returns

boolean
bool

Throws

Nette\InvalidStateException
Nette\InvalidStateException
public Nette\Security\Permission
# removeResource( string $resource )

Removes a Resource and all of its children.

Removes a Resource and all of its children.

Parameters

$resource

Returns

Nette\Security\Permission
self

Throws

Nette\InvalidStateException
Nette\InvalidStateException
public Nette\Security\Permission
# removeAllResources( )

Removes all Resources.

Removes all Resources.

Returns

Nette\Security\Permission
self
public Nette\Security\Permission
# allow( string|array|Nette\Security\IAuthorizator::ALL $roles = Nette\Security\IAuthorizator::ALL, string|array|Nette\Security\IAuthorizator::ALL $resources = Nette\Security\IAuthorizator::ALL, string|array|Nette\Security\IAuthorizator::ALL $privileges = Nette\Security\IAuthorizator::ALL, callable $assertion = NULL )

Allows one or more Roles access to [certain $privileges upon] the specified Resource(s). If $assertion is provided, then it must return TRUE in order for rule to apply.

Allows one or more Roles access to [certain $privileges upon] the specified Resource(s). If $assertion is provided, then it must return TRUE in order for rule to apply.

Parameters

$roles
roles
$resources
resources
$privileges
privileges
$assertion
assertion

Returns

Nette\Security\Permission
self
public Nette\Security\Permission
# deny( string|array|Nette\Security\IAuthorizator::ALL $roles = Nette\Security\IAuthorizator::ALL, string|array|Nette\Security\IAuthorizator::ALL $resources = Nette\Security\IAuthorizator::ALL, string|array|Nette\Security\IAuthorizator::ALL $privileges = Nette\Security\IAuthorizator::ALL, callable $assertion = NULL )

Denies one or more Roles access to [certain $privileges upon] the specified Resource(s). If $assertion is provided, then it must return TRUE in order for rule to apply.

Denies one or more Roles access to [certain $privileges upon] the specified Resource(s). If $assertion is provided, then it must return TRUE in order for rule to apply.

Parameters

$roles
roles
$resources
resources
$privileges
privileges
$assertion
assertion

Returns

Nette\Security\Permission
self
public Nette\Security\Permission
# removeAllow( string|array|Nette\Security\IAuthorizator::ALL $roles = Nette\Security\IAuthorizator::ALL, string|array|Nette\Security\IAuthorizator::ALL $resources = Nette\Security\IAuthorizator::ALL, string|array|Nette\Security\IAuthorizator::ALL $privileges = Nette\Security\IAuthorizator::ALL )

Removes "allow" permissions from the list in the context of the given Roles, Resources, and privileges.

Removes "allow" permissions from the list in the context of the given Roles, Resources, and privileges.

Parameters

$roles
roles
$resources
resources
$privileges
privileges

Returns

Nette\Security\Permission
self
public Nette\Security\Permission
# removeDeny( string|array|Nette\Security\IAuthorizator::ALL $roles = Nette\Security\IAuthorizator::ALL, string|array|Nette\Security\IAuthorizator::ALL $resources = Nette\Security\IAuthorizator::ALL, string|array|Nette\Security\IAuthorizator::ALL $privileges = Nette\Security\IAuthorizator::ALL )

Removes "deny" restrictions from the list in the context of the given Roles, Resources, and privileges.

Removes "deny" restrictions from the list in the context of the given Roles, Resources, and privileges.

Parameters

$roles
roles
$resources
resources
$privileges
privileges

Returns

Nette\Security\Permission
self
protected Nette\Security\Permission
# setRule( boolean $toAdd, boolean $type, string|array|Nette\Security\IAuthorizator::ALL $roles, string|array|Nette\Security\IAuthorizator::ALL $resources, string|array|Nette\Security\IAuthorizator::ALL $privileges, callable $assertion = NULL )

Performs operations on Access Control List rules.

Performs operations on Access Control List rules.

Parameters

$toAdd
add?
$type
type
$roles
roles
$resources
resources
$privileges
privileges
$assertion
assertion

Returns

Nette\Security\Permission
self

Throws

Nette\InvalidStateException
Nette\InvalidStateException
public boolean
# isAllowed( string|Nette\Security\IAuthorizator::ALL|Nette\Security\IRole $role = Nette\Security\IAuthorizator::ALL, string|Nette\Security\IAuthorizator::ALL|Nette\Security\IResource $resource = Nette\Security\IAuthorizator::ALL, string|Nette\Security\IAuthorizator::ALL $privilege = Nette\Security\IAuthorizator::ALL )

Returns TRUE if and only if the Role has access to [certain $privileges upon] the Resource.

Returns TRUE if and only if the Role has access to [certain $privileges upon] the Resource.

This method checks Role inheritance using a depth-first traversal of the Role list. The highest priority parent (i.e., the parent most recently added) is checked first, and its respective parents are checked similarly before the lower-priority parents of the Role are checked.

Parameters

$role
role
$resource
resource
$privilege
privilege

Returns

boolean
bool

Throws

Nette\InvalidStateException
Nette\InvalidStateException

Implementation of

Nette\Security\IAuthorizator::isAllowed()
public mixed
# getQueriedRole( )

Returns real currently queried Role. Use by assertion.

Returns real currently queried Role. Use by assertion.

Returns

mixed
mixed
public mixed
# getQueriedResource( )

Returns real currently queried Resource. Use by assertion.

Returns real currently queried Resource. Use by assertion.

Returns

mixed
mixed
Methods inherited from Nette\Object
__call(), __callStatic(), __get(), __isset(), __set(), __unset(), extensionMethod(), getReflection()
Constants inherited from Nette\Security\IAuthorizator
ALL, ALLOW, DENY
Magic properties inherited from Nette\Object
$reflection
Nette 2.3-20161221 API API documentation generated by ApiGen 2.8.0