Last active
December 28, 2015 17:29
-
-
Save marcvdm/7536701 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php namespace Cartalyst\Sentry\Permissions; | |
/** | |
* Part of the Sentry package. | |
* | |
* NOTICE OF LICENSE | |
* | |
* Licensed under the 3-clause BSD License. | |
* | |
* This source file is subject to the 3-clause BSD License that is | |
* bundled with this package in the LICENSE file. It is also available at | |
* the following URL: http://www.opensource.org/licenses/BSD-3-Clause | |
* | |
* @package Sentry | |
* @version 3.0.0 | |
* @author Cartalyst LLC | |
* @license BSD License (3-clause) | |
* @copyright (c) 2011 - 2013, Cartalyst LLC | |
* @link http://cartalyst.com | |
*/ | |
use Cartalyst\Sentry\Users\UserInterface; | |
class StrictPermissions implements PermissionsInterface { | |
/** | |
* User permissions. | |
* | |
* @var array | |
*/ | |
protected $userPermissions = array(); | |
/** | |
* Group permissions. | |
* | |
* @var array | |
*/ | |
protected $groupPermissions = array(); | |
/** | |
* Flag for whether user permissions have been loaded. | |
* | |
* @var bool | |
*/ | |
protected $loadedUserPermissions = false; | |
/** | |
* Flag for whether group permissions have been loaded. | |
* | |
* @var bool | |
*/ | |
protected $loadedGroupPermissions = false; | |
/** | |
* Create a new Eloquent permissions instance. | |
* | |
* @param \Cartalyst\Sentry\Users\UserInterface $user | |
*/ | |
public function __construct(UserInterface $user) | |
{ | |
$this->user = $user; | |
} | |
/** | |
* {@inheritDoc} | |
*/ | |
public function hasAccess($permissions) | |
{ | |
// Load the user permissions | |
$this->loadUserPermissions(); | |
// Default the access to false | |
$hasAccess = false; | |
foreach ((array) $permissions as $permission) | |
{ | |
// Get the permission from the user | |
$userAccess = $this->checkPermission($this->userPermissions,$permission); | |
if ($userAccess === false) | |
{ | |
return false; | |
} | |
else if($userAccess === true) | |
{ | |
$hasAccess = true; | |
// We skip the group permissions because the permission | |
// for this user was explicitly set | |
continue; | |
} | |
// If we have come this far we will load the group permissions | |
$this->loadGroupPermissions(); | |
// Get the permission from the groups | |
$groupAccess = $this->checkGroupPermission($permission); | |
if ($groupAccess === false) | |
{ | |
return false; | |
} | |
else if($groupAccess === true) | |
{ | |
$hasAccess = true; | |
} | |
} | |
return $hasAccess; | |
} | |
/** | |
* {@inheritDoc} | |
*/ | |
public function hasAnyAccess($permissions) | |
{ | |
// Load the user permission | |
$this->loadUserPermissions(); | |
// Default the access to false | |
$hasAccess = false; | |
foreach ((array) $permissions as $permission) | |
{ | |
// Get the permission from the user | |
$userAccess = $this->checkPermission($this->userPermissions,$permission); | |
if ($userAccess === true) | |
{ | |
return true; | |
} | |
else if($userAccess === false) | |
{ | |
continue; | |
} | |
// If we have come this far we will load the group permissions | |
$this->loadGroupPermissions(); | |
// Get the permission from the groups | |
$groupAccess = $this->checkGroupPermission($permission); | |
if ($groupAccess === true) | |
{ | |
return true; | |
} | |
} | |
return $hasAccess; | |
} | |
/** | |
* Checks a permission in the given array, including wildcard permissions. | |
* | |
* @param array $permissionsArray | |
* @param string $permission | |
* @return bool|null | |
*/ | |
public function checkPermission($permissionsArray,$permission) | |
{ | |
// If the permission exists we just give that back | |
if(array_key_exists($permission,$permissionsArray)) | |
{ | |
return (bool)$permissionsArray[$permission]; | |
} | |
foreach ($permissionsArray as $key => $value) | |
{ | |
if (str_is($permission, $key)) | |
{ | |
return (bool)$value; | |
} | |
} | |
return null; | |
} | |
/** | |
* Loads the User permissions from the User instance. | |
* | |
* @return void | |
*/ | |
public function loadUserPermissions() | |
{ | |
if($this->loadedUserPermissions === false) | |
{ | |
$this->userPermissions = (array)$this->user->permissions; | |
$this->loadedUserPermissions = true; | |
} | |
} | |
/** | |
* Loads the Group permissions from the User instance. | |
* | |
* @return void | |
*/ | |
public function loadGroupPermissions() | |
{ | |
// If the group permissions are not set yet we will loop through them | |
if($this->loadedGroupPermissions === false) | |
{ | |
foreach ($this->user->groups as $group) | |
{ | |
foreach($group->permissions as $key => $value) | |
{ | |
// If the permission does not exists yet or when the permission is set to true | |
// we can overrule it by the value. This way we make sure that false stays false | |
if(!array_key_exists($key,$this->groupPermissions) OR $this->groupPermissions === true) | |
{ | |
$this->groupPermissions[$key] = $value; | |
} | |
} | |
} | |
$this->loadedGroupPermissions = true; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment