Permission
class Permission implements Authorizator
Access control list (ACL) functionality and privileges management.
This solution is mostly based on Zend_Acl (c) Zend Technologies USA Inc. (https://www.zend.com), new BSD license
Methods
Adds a Role to the list. The most recently added parent takes precedence over parents that were previously added.
Returns true if the Role exists in the list.
Returns all Roles.
Returns existing Role's parents ordered by ascending priority.
Returns true if $role inherits from $inherit. If $onlyParents is true, then $role must inherit directly from $inherit.
Removes the Role from the list.
Removes all Roles from the list.
Adds a Resource having an identifier unique to the list.
Returns true if the Resource exists in the list.
Returns all Resources.
Returns true if $resource inherits from $inherit. If $onlyParents is true, then $resource must inherit directly from $inherit.
Removes a Resource and all of its children.
Removes all Resources.
Allows one or more Roles access to [certain $privileges upon] the specified Resource(s).
Denies one or more Roles access to [certain $privileges upon] the specified Resource(s).
Removes "allow" permissions from the list in the context of the given Roles, Resources, and privileges.
Removes "deny" restrictions from the list in the context of the given Roles, Resources, and privileges.
Performs operations on Access Control List rules.
Returns true if and only if the Role has access to [certain $privileges upon] the Resource.
Returns real currently queried Role. Use by assertion.
Returns real currently queried Resource. Use by assertion.
Details
at line 59
Permission
addRole(string $role, string|array|null $parents = null)
Adds a Role to the list. The most recently added parent takes precedence over parents that were previously added.
at line 92
bool
hasRole(string $role)
Returns true if the Role exists in the list.
at line 117
array
getRoles()
Returns all Roles.
at line 126
array
getRoleParents(string $role)
Returns existing Role's parents ordered by ascending priority.
at line 138
bool
roleInheritsFrom(string $role, string $inherit, bool $onlyParents = false)
Returns true if $role inherits from $inherit. If $onlyParents is true, then $role must inherit directly from $inherit.
at line 164
Permission
removeRole(string $role)
Removes the Role from the list.
at line 201
Permission
removeAllRoles()
Removes all Roles from the list.
at line 228
Permission
addResource(string $resource, string|null $parent = null)
Adds a Resource having an identifier unique to the list.
at line 253
bool
hasResource(string $resource)
Returns true if the Resource exists in the list.
at line 278
array
getResources()
Returns all Resources.
at line 290
bool
resourceInheritsFrom(string $resource, string $inherit, bool $onlyParent = false)
Returns true if $resource inherits from $inherit. If $onlyParents is true, then $resource must inherit directly from $inherit.
at line 323
Permission
removeResource(string $resource)
Removes a Resource and all of its children.
at line 354
Permission
removeAllResources()
Removes all Resources.
at line 380
Permission
allow(string|string[]|null $roles = self::ALL, string|string[]|null $resources = self::ALL, string|string[]|null $privileges = self::ALL, callable|null $assertion = null)
Allows one or more Roles access to [certain $privileges upon] the specified Resource(s).
If $assertion is provided, then it must return true in order for rule to apply.
at line 399
Permission
deny(string|string[]|null $roles = self::ALL, string|string[]|null $resources = self::ALL, string|string[]|null $privileges = self::ALL, callable|null $assertion = null)
Denies one or more Roles access to [certain $privileges upon] the specified Resource(s).
If $assertion is provided, then it must return true in order for rule to apply.
at line 417
Permission
removeAllow(string|string[]|null $roles = self::ALL, string|string[]|null $resources = self::ALL, string|string[]|null $privileges = self::ALL)
Removes "allow" permissions from the list in the context of the given Roles, Resources, and privileges.
at line 431
Permission
removeDeny(string|string[]|null $roles = self::ALL, string|string[]|null $resources = self::ALL, string|string[]|null $privileges = self::ALL)
Removes "deny" restrictions from the list in the context of the given Roles, Resources, and privileges.
at line 445
protected Permission
setRule(bool $toAdd, bool $type, string|string[]|null $roles, string|string[]|null $resources, string|string[]|null $privileges, callable|null $assertion = null)
Performs operations on Access Control List rules.
at line 563
bool
isAllowed(string|null $role = self::ALL, string|null $resource = self::ALL, string|null $privilege = self::ALL)
Returns true if and only if the Role has access to [certain $privileges upon] the Resource.
This method checks Role inheritance using a depth-first traversal of the Role list. The highest priority parent (i.e., the parent most recently added) is checked first, and its respective parents are checked similarly before the lower-priority parents of the Role are checked.
at line 624
mixed
getQueriedRole()
Returns real currently queried Role. Use by assertion.
at line 633
mixed
getQueriedResource()
Returns real currently queried Resource. Use by assertion.
Traits
Strict class for better experience.