Skip to content

Instantly share code, notes, and snippets.

@marcvdm
Last active December 28, 2015 17:29
Show Gist options
  • Save marcvdm/7536701 to your computer and use it in GitHub Desktop.
Save marcvdm/7536701 to your computer and use it in GitHub Desktop.
<?php namespace Cartalyst\Sentry\Permissions;
/**
* Part of the Sentry package.
*
* NOTICE OF LICENSE
*
* Licensed under the 3-clause BSD License.
*
* This source file is subject to the 3-clause BSD License that is
* bundled with this package in the LICENSE file. It is also available at
* the following URL: http://www.opensource.org/licenses/BSD-3-Clause
*
* @package Sentry
* @version 3.0.0
* @author Cartalyst LLC
* @license BSD License (3-clause)
* @copyright (c) 2011 - 2013, Cartalyst LLC
* @link http://cartalyst.com
*/
use Cartalyst\Sentry\Users\UserInterface;
class StrictPermissions implements PermissionsInterface {
/**
* User permissions.
*
* @var array
*/
protected $userPermissions = array();
/**
* Group permissions.
*
* @var array
*/
protected $groupPermissions = array();
/**
* Flag for whether user permissions have been loaded.
*
* @var bool
*/
protected $loadedUserPermissions = false;
/**
* Flag for whether group permissions have been loaded.
*
* @var bool
*/
protected $loadedGroupPermissions = false;
/**
* Create a new Eloquent permissions instance.
*
* @param \Cartalyst\Sentry\Users\UserInterface $user
*/
public function __construct(UserInterface $user)
{
$this->user = $user;
}
/**
* {@inheritDoc}
*/
public function hasAccess($permissions)
{
// Load the user permissions
$this->loadUserPermissions();
// Default the access to false
$hasAccess = false;
foreach ((array) $permissions as $permission)
{
// Get the permission from the user
$userAccess = $this->checkPermission($this->userPermissions,$permission);
if ($userAccess === false)
{
return false;
}
else if($userAccess === true)
{
$hasAccess = true;
// We skip the group permissions because the permission
// for this user was explicitly set
continue;
}
// If we have come this far we will load the group permissions
$this->loadGroupPermissions();
// Get the permission from the groups
$groupAccess = $this->checkGroupPermission($permission);
if ($groupAccess === false)
{
return false;
}
else if($groupAccess === true)
{
$hasAccess = true;
}
}
return $hasAccess;
}
/**
* {@inheritDoc}
*/
public function hasAnyAccess($permissions)
{
// Load the user permission
$this->loadUserPermissions();
// Default the access to false
$hasAccess = false;
foreach ((array) $permissions as $permission)
{
// Get the permission from the user
$userAccess = $this->checkPermission($this->userPermissions,$permission);
if ($userAccess === true)
{
return true;
}
else if($userAccess === false)
{
continue;
}
// If we have come this far we will load the group permissions
$this->loadGroupPermissions();
// Get the permission from the groups
$groupAccess = $this->checkGroupPermission($permission);
if ($groupAccess === true)
{
return true;
}
}
return $hasAccess;
}
/**
* Checks a permission in the given array, including wildcard permissions.
*
* @param array $permissionsArray
* @param string $permission
* @return bool|null
*/
public function checkPermission($permissionsArray,$permission)
{
// If the permission exists we just give that back
if(array_key_exists($permission,$permissionsArray))
{
return (bool)$permissionsArray[$permission];
}
foreach ($permissionsArray as $key => $value)
{
if (str_is($permission, $key))
{
return (bool)$value;
}
}
return null;
}
/**
* Loads the User permissions from the User instance.
*
* @return void
*/
public function loadUserPermissions()
{
if($this->loadedUserPermissions === false)
{
$this->userPermissions = (array)$this->user->permissions;
$this->loadedUserPermissions = true;
}
}
/**
* Loads the Group permissions from the User instance.
*
* @return void
*/
public function loadGroupPermissions()
{
// If the group permissions are not set yet we will loop through them
if($this->loadedGroupPermissions === false)
{
foreach ($this->user->groups as $group)
{
foreach($group->permissions as $key => $value)
{
// If the permission does not exists yet or when the permission is set to true
// we can overrule it by the value. This way we make sure that false stays false
if(!array_key_exists($key,$this->groupPermissions) OR $this->groupPermissions === true)
{
$this->groupPermissions[$key] = $value;
}
}
}
$this->loadedGroupPermissions = true;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment