marcvdm/gist:7536701

## gistfile1.php
<?php namespace Cartalyst\Sentry\Permissions;
/**
 * Part of the Sentry package.
 *
 * NOTICE OF LICENSE
 *
 * Licensed under the 3-clause BSD License.
 *
 * This source file is subject to the 3-clause BSD License that is
 * bundled with this package in the LICENSE file.  It is also available at
 * the following URL: http://www.opensource.org/licenses/BSD-3-Clause
 *
 * @package    Sentry
 * @version    3.0.0
 * @author     Cartalyst LLC
 * @license    BSD License (3-clause)
 * @copyright  (c) 2011 - 2013, Cartalyst LLC
 * @link       http://cartalyst.com
 */

use Cartalyst\Sentry\Users\UserInterface;

class StrictPermissions implements PermissionsInterface {

	/**
	 * User permissions.
	 *
	 * @var array
	 */
	protected $userPermissions = array();

	/**
	 * Group permissions.
	 *
	 * @var array
	 */
	protected $groupPermissions = array();

	/**
	 * Flag for whether user permissions have been loaded.
	 *
	 * @var bool
	 */
	protected $loadedUserPermissions = false;

	/**
	 * Flag for whether group permissions have been loaded.
	 *
	 * @var bool
	 */
	protected $loadedGroupPermissions = false;

	/**
	 * Create a new Eloquent permissions instance.
	 *
	 * @param  \Cartalyst\Sentry\Users\UserInterface  $user
	 */
	public function __construct(UserInterface $user)
	{
		$this->user = $user;
	}

	/**
	 * {@inheritDoc}
	 */
	public function hasAccess($permissions)
	{
		// Load the user permissions
		$this->loadUserPermissions();

		// Default the access to false
		$hasAccess = false;

		foreach ((array) $permissions as $permission)
		{
			// Get the permission from the user
			$userAccess = $this->checkPermission($this->userPermissions,$permission);

			if ($userAccess === false)
			{
				return false;
			}
			else if($userAccess === true)
			{
				$hasAccess = true;

				// We skip the group permissions because the permission
				// for this user was explicitly set
				continue;
			}

			// If we have come this far we will load the group permissions
			$this->loadGroupPermissions();

			// Get the permission from the groups
			$groupAccess = $this->checkGroupPermission($permission);

			if ($groupAccess === false)
			{
				return false;
			}
			else if($groupAccess === true)
			{
				$hasAccess = true;
			}
		}

		return $hasAccess;
	}

	/**
	 * {@inheritDoc}
	 */
	public function hasAnyAccess($permissions)
	{
		// Load the user permission
		$this->loadUserPermissions();

		// Default the access to false
		$hasAccess = false;

		foreach ((array) $permissions as $permission)
		{
			// Get the permission from the user
			$userAccess = $this->checkPermission($this->userPermissions,$permission);

			if ($userAccess === true)
			{
				return true;
			}
			else if($userAccess === false)
			{
				continue;
			}

			// If we have come this far we will load the group permissions
			$this->loadGroupPermissions();

			// Get the permission from the groups
			$groupAccess = $this->checkGroupPermission($permission);

			if ($groupAccess === true)
			{
				return true;
			}
		}

		return $hasAccess;
	}

	/**
	 * Checks a permission in the given array, including wildcard permissions.
	 *
	 * @param array $permissionsArray
	 * @param string $permission
	 * @return bool|null
	 */
	public function checkPermission($permissionsArray,$permission)
	{
		// If the permission exists we just give that back
		if(array_key_exists($permission,$permissionsArray))
		{
			return (bool)$permissionsArray[$permission];
		}

		foreach ($permissionsArray as $key => $value)
		{
			if (str_is($permission, $key))
			{
				return (bool)$value;
			}
		}

		return null;
	}

	/**
	 * Loads the User permissions from the User instance.
	 *
	 * @return void
	 */
	public function loadUserPermissions()
	{
		if($this->loadedUserPermissions === false)
		{
			$this->userPermissions = (array)$this->user->permissions;
			$this->loadedUserPermissions = true;
		}
	}

	/**
	 * Loads the Group permissions from the User instance.
	 *
	 * @return void
	 */
	public function loadGroupPermissions()
	{
		// If the group permissions are not set yet we will loop through them
		if($this->loadedGroupPermissions === false)
		{
			foreach ($this->user->groups as $group)
			{
				foreach($group->permissions as $key => $value)
				{
					// If the permission does not exists yet or when the permission is set to true
					// we can overrule it by the value. This way we make sure that false stays false
					if(!array_key_exists($key,$this->groupPermissions) OR $this->groupPermissions === true)
					{
						$this->groupPermissions[$key] = $value;
					}
				}
			}
			$this->loadedGroupPermissions = true;
		}
	}
}
	<?php namespace Cartalyst\Sentry\Permissions;
	/**
	* Part of the Sentry package.
	*
	* NOTICE OF LICENSE
	*
	* Licensed under the 3-clause BSD License.
	*
	* This source file is subject to the 3-clause BSD License that is
	* bundled with this package in the LICENSE file. It is also available at
	* the following URL: http://www.opensource.org/licenses/BSD-3-Clause
	*
	* @package Sentry
	* @version 3.0.0
	* @author Cartalyst LLC
	* @license BSD License (3-clause)
	* @copyright (c) 2011 - 2013, Cartalyst LLC
	* @link http://cartalyst.com
	*/

	use Cartalyst\Sentry\Users\UserInterface;

	class StrictPermissions implements PermissionsInterface {

	/**
	* User permissions.
	*
	* @var array
	*/
	protected $userPermissions = array();

	/**
	* Group permissions.
	*
	* @var array
	*/
	protected $groupPermissions = array();

	/**
	* Flag for whether user permissions have been loaded.
	*
	* @var bool
	*/
	protected $loadedUserPermissions = false;

	/**
	* Flag for whether group permissions have been loaded.
	*
	* @var bool
	*/
	protected $loadedGroupPermissions = false;

	/**
	* Create a new Eloquent permissions instance.
	*
	* @param \Cartalyst\Sentry\Users\UserInterface $user
	*/
	public function __construct(UserInterface $user)
	{
	$this->user = $user;
	}

	/**
	* {@inheritDoc}
	*/
	public function hasAccess($permissions)
	{
	// Load the user permissions
	$this->loadUserPermissions();

	// Default the access to false
	$hasAccess = false;

	foreach ((array) $permissions as $permission)
	{
	// Get the permission from the user
	$userAccess = $this->checkPermission($this->userPermissions,$permission);

	if ($userAccess === false)
	{
	return false;
	}
	else if($userAccess === true)
	{
	$hasAccess = true;

	// We skip the group permissions because the permission
	// for this user was explicitly set
	continue;
	}

	// If we have come this far we will load the group permissions
	$this->loadGroupPermissions();

	// Get the permission from the groups
	$groupAccess = $this->checkGroupPermission($permission);

	if ($groupAccess === false)
	{
	return false;
	}
	else if($groupAccess === true)
	{
	$hasAccess = true;
	}
	}

	return $hasAccess;
	}

	/**
	* {@inheritDoc}
	*/
	public function hasAnyAccess($permissions)
	{
	// Load the user permission
	$this->loadUserPermissions();

	// Default the access to false
	$hasAccess = false;

	foreach ((array) $permissions as $permission)
	{
	// Get the permission from the user
	$userAccess = $this->checkPermission($this->userPermissions,$permission);

	if ($userAccess === true)
	{
	return true;
	}
	else if($userAccess === false)
	{
	continue;
	}

	// If we have come this far we will load the group permissions
	$this->loadGroupPermissions();

	// Get the permission from the groups
	$groupAccess = $this->checkGroupPermission($permission);

	if ($groupAccess === true)
	{
	return true;
	}
	}

	return $hasAccess;
	}

	/**
	* Checks a permission in the given array, including wildcard permissions.
	*
	* @param array $permissionsArray
	* @param string $permission
	* @return bool\|null
	*/
	public function checkPermission($permissionsArray,$permission)
	{
	// If the permission exists we just give that back
	if(array_key_exists($permission,$permissionsArray))
	{
	return (bool)$permissionsArray[$permission];
	}

	foreach ($permissionsArray as $key => $value)
	{
	if (str_is($permission, $key))
	{
	return (bool)$value;
	}
	}

	return null;
	}

	/**
	* Loads the User permissions from the User instance.
	*
	* @return void
	*/
	public function loadUserPermissions()
	{
	if($this->loadedUserPermissions === false)
	{
	$this->userPermissions = (array)$this->user->permissions;
	$this->loadedUserPermissions = true;
	}
	}

	/**
	* Loads the Group permissions from the User instance.
	*
	* @return void
	*/
	public function loadGroupPermissions()
	{
	// If the group permissions are not set yet we will loop through them
	if($this->loadedGroupPermissions === false)
	{
	foreach ($this->user->groups as $group)
	{
	foreach($group->permissions as $key => $value)
	{
	// If the permission does not exists yet or when the permission is set to true
	// we can overrule it by the value. This way we make sure that false stays false
	if(!array_key_exists($key,$this->groupPermissions) OR $this->groupPermissions === true)
	{
	$this->groupPermissions[$key] = $value;
	}
	}
	}
	$this->loadedGroupPermissions = true;
	}
	}
	}