/**
* 檢查該actor是否能夠管理該resource。也就是allow的管理版
* @param KALSActor $actor
* @return boolean
*/
function is_admin($actor = NULL)
{
if (get_ignore_authorize()) {
return TRUE;
}
$actor = $this->_filter_actor($actor);
$is_admin = FALSE;
$resource = $this->resource;
switch ($resource->get_type_id()) {
case 1:
$action = $this->action_factory->create(1);
$is_admin = $this->allow($action);
break;
case 2:
$action = $this->action_factory->create(2);
$is_admin = $this->allow($action);
break;
case 3:
$author = $resource->get_user();
$is_admin = $author->equals($actor);
if ($is_admin === FALSE && $this->throw_exception) {
handle_error($this->lang->line('action.annotation.administration.exception'));
return FALSE;
}
break;
default:
$is_admin = FALSE;
}
return $is_admin;
}
/**
* 檢查Actor及其所屬群組是否有在這個Policy中。
* @param KALS_actor $actor
* @return boolean
*/
function allow($actor)
{
//加入Context的Ignore Authorize
if (get_ignore_authorize()) {
return TRUE;
}
if (is_null($actor)) {
return $this->action->default_allow;
}
$actors = $actor->get_parent_groups();
array_push($actors, $actor);
$passed = FALSE;
foreach ($actors as $a) {
if ($this->in_actors($a)) {
$passed = TRUE;
break;
}
}
return $passed;
}
