/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } if (!$resource instanceof WatcherModel) { throw new Exception('Resource must be an instance of WatcherModel'); } switch ($resource->scope) { case 'user': return $role->id == $resource->scopeId; case 'apiId': if (!$role instanceof \Application\Model\CurrentUserModel || !$role->isApiAuthUser()) { return FALSE; } return $role->apiId == $resource->scopeId; case 'token': if (Zend_Auth::getInstance()->hasIdentity() && ($ident = Zend_Auth::getInstance()->getIdentity()) && isset($ident['token'])) { return $ident['token'] === $resource->scopeId; } return false; case 'organization': return $role->organizationId === $resource->scopeId; } return false; }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which * the authorization query applies. If the $role, $resource, or $privilege * parameters are null, it means that the query applies to all Roles, * Resources, or privileges, respectively. * * @param Zend_Acl $acl * @param Zend_Acl_Role_Interface $role * @param Zend_Acl_Resource_Interface $resource * @param string $privilege * @return boolean */ public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // We need specific objects to check against each other if (NULL === $role || NULL === $resource) { return false; } // Ensure we're handled User models if (!$role instanceof UserModel) { throw new Exception('Role must be an instance of UserModel'); } if ($resource instanceof WatcherModel) { if ($role instanceof \Application\Model\CurrentUserModel && $role->isApiAuthUser()) { return $role->apiId == $resource->owner; } return $role->id === $resource->owner; } if ($resource instanceof UserConfigModel) { return $role->id === $resource->userId; } if (!$resource instanceof UserModel) { throw new Exception('Resource must be an instance of UserModel'); } return $role->getId() === $resource->getId(); }