/**
* {@inheritdoc}
*
* @param FrontendInterface $frontend
* @param array $options
* @throws Exception
*/
public function __construct(FrontendInterface $frontend, array $options)
{
if (!isset($options['db']) || !$options['db'] instanceof DbAdapterInterface) {
throw new Exception('Parameter "db" is required and it must be an instance of Phalcon\\Acl\\AdapterInterface');
}
if (!isset($options['table']) || empty($options['table']) || !is_string($options['table'])) {
throw new Exception("Parameter 'table' is required and it must be a non empty string");
}
$this->db = $options['db'];
$this->table = $this->db->escapeIdentifier($options['table']);
unset($options['db'], $options['table']);
parent::__construct($frontend, $options);
}
/**
* Class constructor.
*
* @param array $options Adapter config
* @throws Exception
*/
public function __construct(array $options)
{
if (!isset($options['db']) || !$options['db'] instanceof DbAdapter) {
throw new Exception('Parameter "db" is required and it must be an instance of Phalcon\\Acl\\AdapterInterface');
}
$this->connection = $options['db'];
foreach (['roles', 'resources', 'resourcesAccesses', 'accessList', 'rolesInherits'] as $table) {
if (!isset($options[$table]) || empty($options[$table]) || !is_string($options[$table])) {
throw new Exception("Parameter '{$table}' is required and it must be a non empty string");
}
$this->{$table} = $this->connection->escapeIdentifier($options[$table]);
}
}
/**
* {@inheritdoc}
* Example:
* <code>
* //Does Andres have access to the customers resource to create?
* $acl->isAllowed('Andres', 'Products', 'create');
* //Do guests have access to any resource to edit?
* $acl->isAllowed('guests', '*', 'edit');
* </code>
*
* @param string $role
* @param string $resource
* @param string $access
* @param array $parameters
* @return bool
*/
public function isAllowed($role, $resource, $access, array $parameters = null)
{
$sql = implode(' ', ["SELECT " . $this->connection->escapeIdentifier('allowed') . " FROM {$this->accessList} AS a", 'WHERE roles_name IN (', 'SELECT ? ', "UNION SELECT roles_inherit FROM {$this->rolesInherits} WHERE roles_name = ?", "UNION SELECT '*'", ')', "AND resources_name IN (?, '*')", "AND access_name IN (?, '*')", "ORDER BY " . $this->connection->escapeIdentifier('allowed') . " DESC", 'LIMIT 1']);
// fetch one entry...
$allowed = $this->connection->fetchOne($sql, Db::FETCH_NUM, [$role, $role, $resource, $access]);
if (is_array($allowed)) {
return (bool) $allowed[0];
}
/**
* Return the default access action
*/
return $this->_defaultAccess;
}
protected function assertProtectedPropertyEquals($propertyName, $tableName, DbAdapter $connection, Database $adapter)
{
$property = new ReflectionProperty(self::ADAPTER_CLASS, $propertyName);
$property->setAccessible(true);
$this->assertEquals($connection->escapeIdentifier($tableName), $property->getValue($adapter));
}
/**
* {@inheritdoc}
* @param integer $maxlifetime
*
* @return boolean
*/
public function gc($maxlifetime)
{
$options = $this->getOptions();
return $this->connection->execute(sprintf('DELETE FROM %s WHERE COALESCE(%s, %s) + %d < ?', $this->connection->escapeIdentifier($options['table']), $this->connection->escapeIdentifier($options['column_modified_at']), $this->connection->escapeIdentifier($options['column_created_at']), $maxlifetime), [time()]);
}
