/**
* Inject the ACL with the grant specified by a single rule set.
*
* @param AclAuthorization $acl
* @param string $grantType
* @param array $ruleSet
* @return void
*/
private static function injectGrant(AclAuthorization $acl, $grantType, array $ruleSet)
{
// Add new resource to ACL
$resource = $ruleSet['resource'];
$acl->addResource($ruleSet['resource']);
// Deny guest specified privileges to resource
$privileges = isset($ruleSet['privileges']) ? $ruleSet['privileges'] : null;
// null privileges means no permissions were setup; nothing to do
if (null === $privileges) {
return;
}
$acl->{$grantType}('guest', $resource, $privileges);
}
public static function factory(array $config)
{
// Determine whether we are whitelisting or blacklisting
$denyByDefault = false;
if (array_key_exists('deny_by_default', $config)) {
$denyByDefault = (bool) $config['deny_by_default'];
unset($config['deny_by_default']);
}
// By default, create an open ACL
$acl = new AclAuthorization();
$acl->addRole('guest');
$acl->allow();
$grant = 'deny';
if ($denyByDefault) {
$acl->deny('guest', null, null);
$grant = 'allow';
}
foreach ($config as $set) {
if (!is_array($set) || !isset($set['resource'])) {
continue;
}
// Add new resource to ACL
$resource = $set['resource'];
$acl->addResource($set['resource']);
// Deny guest specified privileges to resource
$privileges = isset($set['privileges']) ? $set['privileges'] : null;
// "null" privileges means no permissions were setup; nothing to do
if (null === $privileges) {
continue;
}
$acl->{$grant}('guest', $resource, $privileges);
}
return $acl;
}
