public function in($what, $key)
{
if ($this->_allowed !== null) return;
if ($what == 'allow')
{
$this->_onlyDenied = false;
if ($key[0] == ':') // Pseudo key
{
if ($key == ':loggedIn')
{
if (UserSession::get() != null)
{
$this->_allowed = true;
}
}
}
else
{
if ($u = UserSession::get())
{
if (Acl::isAllowed(UserSession::get()->username, $key))
{
$this->_allowed = true;
}
}
}
}
else if ($what == 'deny')
{
if ($key[0] == ':') // Pseudo key
{
if ($key == ':anonymous')
{
if (UserSession::get() == null)
{
$this->_allowed = false;
}
}
}
else
{
if (Acl::isAllowed(UserSession::get()->username, $key))
{
$this->_allowed = false;
}
}
}
else if ($what == 'owns')
{
if ($this->_allowed !== null) return;
$this->_onlyDenied = false;
if (UserSession::get())
{
$this->_allowed = Acl::owns(UserSession::get()->username, $key) ? true : $this->_allowed;
}
}
}
public function testOwns()
{
$o = new MyMoreSpecificModel;
$o->username = '******';
$this->assertTrue(Acl::owns('me', $o));
$this->assertFalse(Acl::owns('not-me', $o));
$this->assertFalse(Acl::owns('not-me', new UserSession('a', 'a'))); // Class is not registered
}