aliroAuthoriser Class Reference

List of all members.

Public Member Functions

 clearCache ()
 getAllRoles ($addSpecial=false)
 getTranslatedRole ($role)
 minimizeRoleSet ($roleset)
 getAccessorRoles ($type, $id)
 checkPermission ($a_type, $a_id, $action, $s_type='*', $s_id='*')
 checkUserPermission ($action, $s_type='*', $s_id='*')
 checkControl ($a_type, $a_id, $action, $s_type='*', $s_id='*')
 checkGrant ($a_type, $a_id, $action, $s_type='*', $s_id='*')
 checkRolePermission ($role, $action, $s_type, $s_id)
 checkRoleControl ($role, $action, $s_type, $s_id)
 checkRoleGrant ($role, $action, $s_type, $s_id)
 getRefusedList ($a_type, $a_id, $s_type, $actionlist)
 getRefusedListSQL ($a_type, $a_id, $s_type, $actionlist, $keyname)
 listPermissions ($a_type, $a_id, $action)
listUserPermissions ($action)
 listAccessors ($accessor_type, $role)
 acl_check ($aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value=NULL, $axo_value=NULL)
 getAroGroup ($id)
 get_group_name ($gid)
 get_group_children_tree ($root_id=null, $root_name=null, $inclusive=true)
 get_object_groups ($object_section_value, $object_value, $object_type=NULL)
 get_group_children ($root_id=null, $root_name=null, $inclusive=true)

Static Public Member Functions

static getInstance ()

Private Member Functions

 __construct ()
 __clone ()
 getSubjectData ($subject, $id, $action)
 mergeAccessorResults ($type, $id)
 blanket ($action, $type)
 specific ($action, $type, $id)
 accessorPermissionOrControl ($mask, $a_type, $a_id, $action, $s_type='*', $s_id='*')
 rolePermissionOrControl ($mask, $roles, $actions, $s_type, $s_id)

Private Attributes

 $subj_found = array()
 $permissions = array()
 $access_found = array()
 $access_roles = array()
 $linked_roles = array()
 $auth_vars = array ('subj_found', 'permissions', 'access_found', 'access_roles')
 $old_groupids = array ('Registered' => 18, 'Author' => 19, 'Editor' => 20, 'Publisher' => 21, 'Manager' => 23, 'Administrator' => 24, 'Super Administrator' => 25)
 $handler = null
 $database = null

Static Private Attributes

static $instance = __CLASS__

Detailed Description

Definition at line 133 of file aliroAuthoriser.php.

Constructor & Destructor Documentation

aliroAuthoriser::__construct (  )  [private]

Definition at line 148 of file aliroAuthoriser.php.

References aliroCoreDatabase::getInstance(), aliroAuthoriserCache::getInstance(), and aliroSessionFactory::getSession().

00148                                     {
00149         // Make sure session started
00150         aliroSessionFactory::getSession();
00151         // Use session data as the source for cached user related data
00152         foreach ($this->auth_vars as $one_var) {
00153             if (!isset($_SESSION['aliro_auth'][$one_var])) $_SESSION['aliro_auth'][$one_var] = array();
00154             $this->$one_var =& $_SESSION['aliro_auth'][$one_var];
00155         }
00156         $this->handler = aliroAuthoriserCache::getInstance();
00157         $this->linked_roles = $this->handler->getLinkedRoles();
00158         $this->database = aliroCoreDatabase::getInstance();
00159     }

Member Function Documentation

aliroAuthoriser::__clone (  )  [private]

Definition at line 161 of file aliroAuthoriser.php.

00161                                 {
00162         // Enforce singleton class
00163     }

static aliroAuthoriser::getInstance (  )  [static]

Definition at line 165 of file aliroAuthoriser.php.

Referenced by aliroComponentControllers::__construct(), aliroAuthorisationAdmin::__construct(), aliroMenuHandler::addMenus(), aliroModuleHandler::getVisibleKeys(), aliroAbstractRequest::invokeRetroCode(), aliroAdminScreenArea::loadModules(), aliroFullAdminMenu::showLevel(), and aliroAdminMenuHandler::showLevel().

00165                                           {
00166         return is_object(self::$instance) ? self::$instance : (self::$instance = new self::$instance());
00167     }

aliroAuthoriser::clearCache (  ) 

Definition at line 169 of file aliroAuthoriser.php.

00169                                   {
00170         $this->subj_found = $this->permissions = $this->access_found = $this->access_roles = $this->refused_cache = array();
00171     }

aliroAuthoriser::getAllRoles ( addSpecial = false  ) 

Definition at line 173 of file aliroAuthoriser.php.

Referenced by get_group_children_tree(), and get_object_groups().

00173                                                     {
00174         return $this->handler->getAllRoles($addSpecial);
00175     }

aliroAuthoriser::getTranslatedRole ( role  ) 

Definition at line 177 of file aliroAuthoriser.php.

00177                                               {
00178         return $this->handler->getTranslatedRole($role);
00179     }

aliroAuthoriser::minimizeRoleSet ( roleset  ) 

Definition at line 181 of file aliroAuthoriser.php.

00181                                                {
00182         if (0 == count($roleset)) return $roleset;
00183         $first = array_shift($roleset);
00184         foreach ($roleset as $key=>$role) {
00185             if (isset($this->linked_roles[$first][$role])) unset ($roleset[$key]);
00186             if (isset($this->linked_roles[$role][$first])) return $this->minimizeRoleSet ($roleset);
00187         }
00188         array_unshift($roleset, $first);
00189         return $roleset;
00190     }

aliroAuthoriser::getSubjectData ( subject,
id,
action 
) [private]

Definition at line 192 of file aliroAuthoriser.php.

Referenced by accessorPermissionOrControl(), and rolePermissionOrControl().

00192                                                              {
00193         $stamp = time();
00194         if (isset($this->subj_found[$subject][$action][$id]) AND (($stamp - $this->subj_found[$subject][$action][$id]) < _ALIRO_AUTHORISER_SESSION_CACHE_TIME)) return;
00195         if (isset($this->subj_found[$subject][$action]['*']) AND ($stamp - $this->subj_found[$subject][$action]['*'] < _ALIRO_AUTHORISER_SESSION_CACHE_TIME)) return;
00196         $this->database->setQuery("SELECT COUNT(*) FROM `#__permissions` WHERE `subject_type`='$subject' AND (`action`='$action' OR `action`='*')");
00197         if ($this->database->loadResult() < 100) {
00198             $this->database->setQuery("SELECT `role`, `control`, `subject_id`, `action` FROM `#__permissions` WHERE `subject_type`='$subject' AND (`action`='$action' OR `action`='*')");
00199             $new_permissions = $this->database->loadObjectList();
00200             unset($this->subj_found[$subject][$action]);
00201             $this->subj_found[$subject][$action]['*'] = $stamp;
00202         }
00203         else {
00204             $this->database->setQuery("SELECT role, control, subject_id, action FROM #__permissions WHERE subject_type='$subject' AND (subject_id='$id' OR subject_id='*') AND (action='$action' OR action='*')");
00205             $new_permissions = $this->database->loadObjectList();
00206             unset($this->subj_found[$subject][$action][$id]);
00207         }
00208         if ($new_permissions) {
00209             foreach ($new_permissions as $permit) {
00210                 $this->permissions[$subject][$permit->action][$permit->subject_id][$permit->role] = $permit->control;
00211                 $this->subj_found[$subject][$permit->action][$permit->subject_id] = $stamp;
00212             }
00213         }
00214     }

aliroAuthoriser::getAccessorRoles ( type,
id 
)

Definition at line 216 of file aliroAuthoriser.php.

References mergeAccessorResults().

Referenced by accessorPermissionOrControl(), getAroGroup(), getRefusedList(), and listPermissions().

00216                                                   {
00217         if ('aUser' == $type AND ('0' == $id OR '*' == $id)) return $this->handler->getUserRoles($id);
00218         if (isset($this->access_found[$type][$id])) {
00219             if ((time() - $this->access_found[$type][$id]) < _ALIRO_AUTHORISER_SESSION_CACHE_TIME) {
00220                 return $this->mergeAccessorResults($type, $id);
00221             }
00222             unset ($this->access_found);
00223             $this->access_roles = array();
00224         }
00225         $sql = "SELECT role, access_id FROM #__assignments AS a WHERE a.access_type='$type'";
00226         $sql .= isset($this->access_found[$type]) ? " AND a.access_id='$id'" : " AND (a.access_id='$id' OR a.access_id='*' OR a.access_id='+')";
00227         $this->database->setQuery($sql);
00228         if ($results = $this->database->loadObjectList()) {
00229             foreach ($results as $result) {
00230                 $this->access_roles[$type][$result->access_id][$result->role] = 1;
00231             }
00232         }
00233         $this->access_found[$type][$id] = time();
00234         return $this->mergeAccessorResults($type, $id);
00235     }

aliroAuthoriser::mergeAccessorResults ( type,
id 
) [private]

Definition at line 237 of file aliroAuthoriser.php.

Referenced by getAccessorRoles().

00237                                                        {
00238         if (isset($this->access_roles[$type][$id])) $result = $this->access_roles[$type][$id];
00239         else $result = array();
00240         if (isset($this->access_roles[$type]['*'])) $result = array_merge($result, $this->access_roles[$type]['*']);
00241         if ($id AND isset($this->access_roles[$type]['+'])) $result = array_merge($result, $this->access_roles[$type]['+']);
00242         if ('aUser' == $type AND $id) $result['Registered'] = 1;
00243         if (count($result)) return array_keys ($result);
00244         else return array();
00245     }

aliroAuthoriser::blanket ( action,
type 
) [private]

Definition at line 247 of file aliroAuthoriser.php.

Referenced by accessorPermissionOrControl().

00247                                               {
00248         return (isset($this->permissions[$type][$action]['*']) AND count($this->permissions[$type][$action]['*']));
00249     }

aliroAuthoriser::specific ( action,
type,
id 
) [private]

Definition at line 251 of file aliroAuthoriser.php.

Referenced by accessorPermissionOrControl().

00251                                                     {
00252         return (isset($this->permissions[$type][$action][$id]) AND count($this->permissions[$type][$action][$id]));
00253     }

aliroAuthoriser::accessorPermissionOrControl ( mask,
a_type,
a_id,
action,
s_type = '*',
s_id = '*' 
) [private]

Definition at line 255 of file aliroAuthoriser.php.

References blanket(), getAccessorRoles(), getSubjectData(), rolePermissionOrControl(), and specific().

Referenced by checkControl(), checkGrant(), and checkPermission().

00255                                                                                                            {
00256         $this->getSubjectData ($s_type, $s_id, $action);
00257         if ('*' != $s_type AND 2 == $mask AND !$this->blanket($action, $s_type) AND !($this->specific($action, $s_type, $s_id))) return 1;
00258         if ((!isset($this->permissions[$s_type][$action][$s_id]) OR 0 == count($this->permissions[$s_type][$action][$s_id]))
00259         AND (!isset($this->permissions[$s_type][$action]['*']) OR 0 == count($this->permissions[$s_type][$action]['*']))) return 1;
00260         $roles = $this->getAccessorRoles ($a_type, $a_id);
00261         return $this->rolePermissionOrControl ($mask, $roles, $action, $s_type, $s_id);
00262     }

aliroAuthoriser::checkPermission ( a_type,
a_id,
action,
s_type = '*',
s_id = '*' 
)

Definition at line 264 of file aliroAuthoriser.php.

References accessorPermissionOrControl().

Referenced by checkUserPermission().

00264                                                                                       {
00265         return $this->accessorPermissionOrControl(2, $a_type, $a_id, $action, $s_type, $s_id);
00266     }

aliroAuthoriser::checkUserPermission ( action,
s_type = '*',
s_id = '*' 
)

Definition at line 268 of file aliroAuthoriser.php.

References checkPermission(), and aliroUser::getInstance().

Referenced by acl_check().

00268                                                                           {
00269         $user = aliroUser::getInstance();
00270         return $this->checkPermission ('aUser', $user->id, $action, $s_type, $s_id);
00271     }

aliroAuthoriser::checkControl ( a_type,
a_id,
action,
s_type = '*',
s_id = '*' 
)

Definition at line 273 of file aliroAuthoriser.php.

References accessorPermissionOrControl().

00273                                                                                    {
00274         return $this->accessorPermissionOrControl(1, $a_type, $a_id, $action, $s_type, $s_id);
00275     }

aliroAuthoriser::checkGrant ( a_type,
a_id,
action,
s_type = '*',
s_id = '*' 
)

Definition at line 277 of file aliroAuthoriser.php.

References accessorPermissionOrControl().

00277                                                                                  {
00278         return $this->accessorPermissionOrControl(4, $a_type, $a_id, $action, $s_type, $s_id);
00279     }

aliroAuthoriser::rolePermissionOrControl ( mask,
roles,
actions,
s_type,
s_id 
) [private]

Definition at line 281 of file aliroAuthoriser.php.

References getSubjectData().

Referenced by accessorPermissionOrControl(), checkRoleControl(), checkRoleGrant(), and checkRolePermission().

00281                                                                                        {
00282         foreach ((array) $roles as $role) {
00283             foreach ((array) $actions as $action) if ($this->handler->canRoleAccessAll ($role, $action, $mask)) return 1;
00284         }
00285         foreach ((array) $actions as $action) $this->getSubjectData ($s_type, $s_id, $action);
00286         if (in_array('Visitor', (array) $roles)) {
00287             foreach ((array) $actions as $action) {
00288                 if (empty($this->permissions[$s_type][$action][$s_id])) return 1;
00289             }
00290         }
00291         if (count((array) $roles)) foreach ($this->permissions[$s_type] as $act=>$level2) {
00292                 if (!in_array($act, (array) $actions) AND !in_array('*', (array) $actions)) continue;
00293             foreach ($level2 as $id=>$level3) {
00294                 if ($id != $s_id AND $id != '*') continue;
00295                 foreach ($level3 as $role=>$control)
00296                     if (in_array($role, (array) $roles) AND ($mask & $control)) {
00297                         return 1;
00298                     }
00299             }
00300         }
00301         return 0;
00302     }

aliroAuthoriser::checkRolePermission ( role,
action,
s_type,
s_id 
)

Definition at line 304 of file aliroAuthoriser.php.

References rolePermissionOrControl().

00304                                                                           {
00305         return $this->rolePermissionOrControl(2, $role, $action, $s_type, $s_id);
00306     }

aliroAuthoriser::checkRoleControl ( role,
action,
s_type,
s_id 
)

Definition at line 308 of file aliroAuthoriser.php.

References rolePermissionOrControl().

00308                                                                        {
00309         return $this->rolePermissionOrControl(1, $role, $action, $s_type, $s_id);
00310     }

aliroAuthoriser::checkRoleGrant ( role,
action,
s_type,
s_id 
)

Definition at line 312 of file aliroAuthoriser.php.

References rolePermissionOrControl().

00312                                                                      {
00313         return $this->rolePermissionOrControl(4, $role, $action, $s_type, $s_id);
00314     }

aliroAuthoriser::getRefusedList ( a_type,
a_id,
s_type,
actionlist 
)

Definition at line 316 of file aliroAuthoriser.php.

References getAccessorRoles().

Referenced by getRefusedListSQL().

00316                                                                    {
00317         $roles = $this->getAccessorRoles($a_type, $a_id);
00318         $actions = explode(',', $actionlist);
00319         foreach ($actions as $i=>$action) $actions[$i] = trim($action);
00320         $alist = implode("','", $actions);
00321         $this->database->setQuery("SELECT role, subject_id, action FROM #__permissions WHERE subject_type = '$s_type' AND action IN('$alist')");
00322         $results = $this->database->loadObjectList();
00323         if ($results) foreach ($results as $result) $ids[$result->subject_id][$result->action][] = $result->role;
00324         if (isset($ids)) {
00325             $refused = array_keys($ids);
00326             foreach ($ids as $id=>$actionset) {
00327                 foreach ($actions as $action) if (!isset($actionset[$action])) $permits[$id] = 1;
00328                 if (!isset($permits[$id])) foreach ($actionset as $action=>$permittedroles) {
00329                     if (count(array_intersect($permittedroles, $roles))) $permits[$id] = 1;
00330                 }
00331             }
00332             if (isset($permits)) $refused = array_diff ($refused, array_keys($permits));
00333         }
00334         else $refused = array();
00335         return $refused;
00336     }

aliroAuthoriser::getRefusedListSQL ( a_type,
a_id,
s_type,
actionlist,
keyname 
)

Definition at line 338 of file aliroAuthoriser.php.

References getRefusedList().

00338                                                                                        {
00339         $refused = $this->getRefusedList ($a_type, $a_id, $s_type, $actionlist);
00340         if (count($refused)) {
00341             $excludelist = implode("','", $refused);
00342             return " CAST($keyname AS CHAR) NOT IN ('$excludelist')";
00343         }
00344         return '';
00345     }

aliroAuthoriser::listPermissions ( a_type,
a_id,
action 
)

Definition at line 347 of file aliroAuthoriser.php.

References getAccessorRoles().

Referenced by listUserPermissions().

00347                                                               {
00348         $roles = $this->getAccessorRoles ($a_type, $a_id);
00349         $role_list = "IN ('".implode("','", $roles)."')";
00350         $this->database->setQuery("SELECT DISTINCT subject_type FROM #__permissions WHERE role $role_list AND action='$action' AND (control & 2) ORDER BY subject_type");
00351         $subjects = $this->database->loadResultArray();
00352         return $subjects;
00353     }

& aliroAuthoriser::listUserPermissions ( action  ) 

Definition at line 355 of file aliroAuthoriser.php.

References aliroUser::getInstance(), and listPermissions().

00355                                                    {
00356         $user = aliroUser::getInstance();
00357         $results = $this->listPermissions ('aUser', $user->id, $action);
00358         return $results;
00359     }

aliroAuthoriser::listAccessors ( accessor_type,
role 
)

Definition at line 361 of file aliroAuthoriser.php.

00361                                                           {
00362         $this->database->setQuery("SELECT access_id FROM #__assignments WHERE access_type = '$accessor_type' AND role = '$role'");
00363         $result = $this->database->loadResultArray();
00364         return $result ? $result : array();
00365     }

aliroAuthoriser::acl_check ( aco_section_value,
aco_value,
aro_section_value,
aro_value,
axo_section_value = NULL,
axo_value = NULL 
)

Definition at line 368 of file aliroAuthoriser.php.

References checkUserPermission().

00369                                                                                   {
00370         if ($axo_section_value == 'components') return $this->checkUserPermission ($aro_value, 'aliroComponent', $axo_value);
00371         return false;
00372     }

aliroAuthoriser::getAroGroup ( id  ) 

Definition at line 374 of file aliroAuthoriser.php.

References getAccessorRoles().

00374                                       {
00375         $old_roles = array_keys ($this->old_groupids);
00376         array_unshift($old_roles, '');
00377         $roles = $this->getAccessorRoles('aUser', $id);
00378         $max = 0;
00379         foreach ($roles as $role) {
00380             $key  = array_search($role, $old_roles);
00381             if ($key AND $key > $max) $max = $key;
00382         }
00383         $result = new stdClass();
00384         $result->name = $old_roles[$max];
00385         return $result;
00386     }

aliroAuthoriser::get_group_name ( gid  ) 

Definition at line 388 of file aliroAuthoriser.php.

00388                                           {
00389         if (is_int($gid)) {
00390             $group = array_search($gid, $this->old_groupids);
00391             return $group;
00392         }
00393         return $gid;
00394     }

aliroAuthoriser::get_group_children_tree ( root_id = null,
root_name = null,
inclusive = true 
)

Definition at line 396 of file aliroAuthoriser.php.

References getAllRoles(), and aliroHTML::makeOption().

00396                                                                                               {
00397         if (null == $root_id AND true == $inclusive) {
00398             if ('Registered' == $root_name) {
00399                 $result = unserialize('a:4:{i:0;O:8:"stdClass":2:{s:5:"value";s:2:"18";s:4:"text";s:17:"-&nbsp;Registered";}i:1;O:8:"stdClass":2:{s:5:"value";s:2:"19";s:4:"text";s:49:"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;Author";}i:2;O:8:"stdClass":2:{s:5:"value";s:2:"20";s:4:"text";s:85:"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;Editor";}i:3;O:8:"stdClass":2:{s:5:"value";s:2:"21";s:4:"text";s:124:"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;Publisher";}}');
00400                 return $result;
00401             }
00402             if ('Public Backend' == $root_name) {
00403                 $result = unserialize('a:4:{i:0;O:8:"stdClass":2:{s:5:"value";s:2:"30";s:4:"text";s:21:"-&nbsp;Public Backend";}i:1;O:8:"stdClass":2:{s:5:"value";s:2:"23";s:4:"text";s:50:"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;Manager";}i:2;O:8:"stdClass":2:{s:5:"value";s:2:"24";s:4:"text";s:92:"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;Administrator";}i:3;O:8:"stdClass":2:{s:5:"value";s:2:"25";s:4:"text";s:134:"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;Super Administrator";}}');
00404                 return $result;
00405             }
00406             trigger_error('Aliro emulation of get_group_children_tree needs extending');
00407         }
00408         else {
00409             foreach ($this->getAllRoles(true) as $i=>$role) $option[] = aliroHTML::makeOption($role, $role);
00410             return isset($option) ? $option : array();
00411         }
00412     }

aliroAuthoriser::get_object_groups ( object_section_value,
object_value,
object_type = NULL 
)

Definition at line 414 of file aliroAuthoriser.php.

References getAllRoles().

00414                                                                                                 {
00415         return $this->getAllRoles(true);
00416     }

aliroAuthoriser::get_group_children ( root_id = null,
root_name = null,
inclusive = true 
)

Definition at line 418 of file aliroAuthoriser.php.

00418                                                                                          {
00419         return array();
00420     }

Member Data Documentation

aliroAuthoriser::$instance = __CLASS__ [static, private]

Definition at line 134 of file aliroAuthoriser.php.

aliroAuthoriser::$subj_found = array() [private]

Definition at line 136 of file aliroAuthoriser.php.

aliroAuthoriser::$permissions = array() [private]

Definition at line 137 of file aliroAuthoriser.php.

aliroAuthoriser::$access_found = array() [private]

Definition at line 138 of file aliroAuthoriser.php.

aliroAuthoriser::$access_roles = array() [private]

Definition at line 139 of file aliroAuthoriser.php.

aliroAuthoriser::$linked_roles = array() [private]

Definition at line 141 of file aliroAuthoriser.php.

aliroAuthoriser::$auth_vars = array ('subj_found', 'permissions', 'access_found', 'access_roles') [private]

Definition at line 142 of file aliroAuthoriser.php.

aliroAuthoriser::$old_groupids = array ('Registered' => 18, 'Author' => 19, 'Editor' => 20, 'Publisher' => 21, 'Manager' => 23, 'Administrator' => 24, 'Super Administrator' => 25) [private]

Definition at line 143 of file aliroAuthoriser.php.

aliroAuthoriser::$handler = null [private]

Definition at line 145 of file aliroAuthoriser.php.

aliroAuthoriser::$database = null [private]

Definition at line 146 of file aliroAuthoriser.php.

The documentation for this class was generated from the following file:
Generated on Thu Apr 17 13:03:29 2008 for ALIRO by  doxygen 1.5.5