blob: a2356a921d3a8ba0ba26f89009500debb9059fca (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
<?php
/**
* TAuthorizationRule, TAuthorizationRuleCollection class file
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @link http://www.pradosoft.com/
* @copyright Copyright © 2005-2014 PradoSoft
* @license http://www.pradosoft.com/license/
* @package Prado\Security
*/
namespace Prado\Security;
/**
* TAuthorizationRuleCollection class.
* TAuthorizationRuleCollection represents a collection of authorization rules {@link TAuthorizationRule}.
* To check if a user is allowed, call {@link isUserAllowed}.
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @package Prado\Security
* @since 3.0
*/
class TAuthorizationRuleCollection extends TList
{
/**
* @param IUser the user to be authorized
* @param string verb, can be empty, 'post' or 'get'.
* @param string the request IP address
* @return boolean whether the user is allowed
*/
public function isUserAllowed($user,$verb,$ip)
{
if($user instanceof IUser)
{
$verb=strtolower(trim($verb));
foreach($this as $rule)
{
if(($decision=$rule->isUserAllowed($user,$verb,$ip))!==0)
return ($decision>0);
}
return true;
}
else
return false;
}
/**
* Inserts an item at the specified position.
* This overrides the parent implementation by performing additional
* operations for each newly added TAuthorizationRule object.
* @param integer the specified position.
* @param mixed new item
* @throws TInvalidDataTypeException if the item to be inserted is not a TAuthorizationRule object.
*/
public function insertAt($index,$item)
{
if($item instanceof TAuthorizationRule)
parent::insertAt($index,$item);
else
throw new TInvalidDataTypeException('authorizationrulecollection_authorizationrule_required');
}
}
|
