/**
* Create auth adapter
*
* @param string $rolefile File containing XML with users and roles
*/
public function __construct($rolefile)
{
$this->_acl = new Acl();
$xml = XmlSecurity::scanFile($rolefile);
/*
Roles file format:
<roles>
<role id=”admin”>
<user name=”user1” password=”pwd”/>
</role>
<role id=”hr”>
<user name=”user2” password=”pwd2”/>
</role>
</roles>
*/
foreach ($xml->role as $role) {
$this->_acl->addRole(new \fproject\amf\acl\Role((string) $role["id"]));
foreach ($role->user as $user) {
$this->_users[(string) $user["name"]] = array("password" => (string) $user["password"], "role" => (string) $role["id"]);
}
}
}
function initAcl(\fproject\amf\acl\Acl $acl)
{
$acl->allow("testrole", null, "hello");
$acl->allow("testrole2", null, "hello2");
return true;
}
/**
* Check if the ACL allows accessing the function or method
*
* @param string|object $object Object or class being accessed
* @param string $function Function or method being accessed
* @return bool
* @throws AmfException
* @throws AmfException
*/
protected function _checkAcl($object, $function)
{
if (!$this->_acl) {
return true;
}
if ($object) {
$class = is_object($object) ? get_class($object) : $object;
if (!$this->_acl->has($class)) {
$this->_acl->addResource(new Resource($class));
}
$call = array($object, "initAcl");
if (is_callable($call) && !call_user_func($call, $this->_acl)) {
// if initAcl returns false, no ACL check
return true;
}
} else {
$class = null;
}
$auth = Auth::getInstance();
if ($auth->hasIdentity()) {
$role = $auth->getIdentity()->role;
} else {
if ($this->_acl->hasRole(Constants::GUEST_ROLE)) {
$role = Constants::GUEST_ROLE;
} else {
throw new AmfException("Unauthenticated access not allowed");
}
}
if ($this->_acl->isAllowed($role, $class, $function)) {
return true;
} else {
throw new AmfException("Access not allowed");
}
}
