1<?php 2/** 3 * CakePHP(tm) : Rapid Development Framework (https://cakephp.org) 4 * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) 5 * 6 * Licensed under The MIT License 7 * For full copyright and license information, please see the LICENSE.txt 8 * Redistributions of files must retain the above copyright notice. 9 * 10 * @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) 11 * @link https://cakephp.org CakePHP(tm) Project 12 * @package Cake.Controller.Component 13 * @since CakePHP(tm) v 0.10.0.1076 14 * @license https://opensource.org/licenses/mit-license.php MIT License 15 */ 16 17App::uses('Component', 'Controller'); 18App::uses('AclInterface', 'Controller/Component/Acl'); 19 20/** 21 * Access Control List factory class. 22 * 23 * Uses a strategy pattern to allow custom ACL implementations to be used with the same component interface. 24 * You can define by changing `Configure::write('Acl.classname', 'DbAcl');` in your core.php. The adapter 25 * you specify must implement `AclInterface` 26 * 27 * @package Cake.Controller.Component 28 * @link https://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html 29 */ 30class AclComponent extends Component { 31 32/** 33 * Instance of an ACL class 34 * 35 * @var AclInterface 36 */ 37 protected $_Instance = null; 38 39/** 40 * Aro object. 41 * 42 * @var string 43 */ 44 public $Aro; 45 46/** 47 * Aco object 48 * 49 * @var string 50 */ 51 public $Aco; 52 53/** 54 * Constructor. Will return an instance of the correct ACL class as defined in `Configure::read('Acl.classname')` 55 * 56 * @param ComponentCollection $collection Collection instance. 57 * @param array $settings Settings list. 58 * @throws CakeException when Acl.classname could not be loaded. 59 */ 60 public function __construct(ComponentCollection $collection, $settings = array()) { 61 parent::__construct($collection, $settings); 62 $name = Configure::read('Acl.classname'); 63 if (!class_exists($name)) { 64 list($plugin, $name) = pluginSplit($name, true); 65 App::uses($name, $plugin . 'Controller/Component/Acl'); 66 if (!class_exists($name)) { 67 throw new CakeException(__d('cake_dev', 'Could not find %s.', $name)); 68 } 69 } 70 $this->adapter($name); 71 } 72 73/** 74 * Sets or gets the Adapter object currently in the AclComponent. 75 * 76 * `$this->Acl->adapter();` will get the current adapter class while 77 * `$this->Acl->adapter($obj);` will set the adapter class 78 * 79 * Will call the initialize method on the adapter if setting a new one. 80 * 81 * @param AclInterface|string $adapter Instance of AclInterface or a string name of the class to use. (optional) 82 * @return AclInterface|null Either null, or the adapter implementation. 83 * @throws CakeException when the given class is not an instance of AclInterface 84 */ 85 public function adapter($adapter = null) { 86 if ($adapter) { 87 if (is_string($adapter)) { 88 $adapter = new $adapter(); 89 } 90 if (!$adapter instanceof AclInterface) { 91 throw new CakeException(__d('cake_dev', 'AclComponent adapters must implement AclInterface')); 92 } 93 $this->_Instance = $adapter; 94 $this->_Instance->initialize($this); 95 return null; 96 } 97 return $this->_Instance; 98 } 99 100/** 101 * Pass-thru function for ACL check instance. Check methods 102 * are used to check whether or not an ARO can access an ACO 103 * 104 * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats 105 * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats 106 * @param string $action Action (defaults to *) 107 * @return bool Success 108 */ 109 public function check($aro, $aco, $action = "*") { 110 return $this->_Instance->check($aro, $aco, $action); 111 } 112 113/** 114 * Pass-thru function for ACL allow instance. Allow methods 115 * are used to grant an ARO access to an ACO. 116 * 117 * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats 118 * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats 119 * @param string $action Action (defaults to *) 120 * @return bool Success 121 */ 122 public function allow($aro, $aco, $action = "*") { 123 return $this->_Instance->allow($aro, $aco, $action); 124 } 125 126/** 127 * Pass-thru function for ACL deny instance. Deny methods 128 * are used to remove permission from an ARO to access an ACO. 129 * 130 * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats 131 * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats 132 * @param string $action Action (defaults to *) 133 * @return bool Success 134 */ 135 public function deny($aro, $aco, $action = "*") { 136 return $this->_Instance->deny($aro, $aco, $action); 137 } 138 139/** 140 * Pass-thru function for ACL inherit instance. Inherit methods 141 * modify the permission for an ARO to be that of its parent object. 142 * 143 * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats 144 * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats 145 * @param string $action Action (defaults to *) 146 * @return bool Success 147 */ 148 public function inherit($aro, $aco, $action = "*") { 149 return $this->_Instance->inherit($aro, $aco, $action); 150 } 151 152/** 153 * Pass-thru function for ACL grant instance. An alias for AclComponent::allow() 154 * 155 * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats 156 * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats 157 * @param string $action Action (defaults to *) 158 * @return bool Success 159 * @deprecated 3.0.0 Will be removed in 3.0. 160 */ 161 public function grant($aro, $aco, $action = "*") { 162 trigger_error(__d('cake_dev', '%s is deprecated, use %s instead', 'AclComponent::grant()', 'allow()'), E_USER_WARNING); 163 return $this->_Instance->allow($aro, $aco, $action); 164 } 165 166/** 167 * Pass-thru function for ACL grant instance. An alias for AclComponent::deny() 168 * 169 * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats 170 * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats 171 * @param string $action Action (defaults to *) 172 * @return bool Success 173 * @deprecated 3.0.0 Will be removed in 3.0. 174 */ 175 public function revoke($aro, $aco, $action = "*") { 176 trigger_error(__d('cake_dev', '%s is deprecated, use %s instead', 'AclComponent::revoke()', 'deny()'), E_USER_WARNING); 177 return $this->_Instance->deny($aro, $aco, $action); 178 } 179 180} 181