/**
* Check owing Role & Resource and match its with $roleName & $resourceName;
* if match was found depending on action allow or deny access to $resourceName for $roleName.
*
* @param string $needRuleName
* @param string $needRoleName
* @param string $needResourceName
*
* @return RuleResult|null null is returned if there is no matched Role & Resource in this rule.
* RuleResult otherwise.
*/
public function isAllowed($needRuleName, $needRoleName, $needResourceName)
{
static $roleCache = array();
static $resourceCache = array();
if ($needRuleName != 'RuleWide' && $this->name === $needRuleName || $this->isRuleMatched($needRuleName)) {
if (null !== $this->role) {
$roleNameTmp = $this->role->getName();
if (!isset($roleCache[$roleNameTmp])) {
$roles = iterator_to_array($this->role);
$roleCache[$roleNameTmp] = $roles;
} else {
$roles = $roleCache[$roleNameTmp];
}
} else {
$roles = array(null);
}
if (null !== $this->resource) {
$resourceNameTmp = $this->resource->getName();
if (!isset($resourceCache[$resourceNameTmp])) {
$resources = iterator_to_array($this->resource);
$resourceCache[$resourceNameTmp] = $resources;
} else {
$resources = $resourceCache[$resourceNameTmp];
}
} else {
$resources = array(null);
}
foreach ($roles as $role) {
if (null === $role || $role && $role->name === $needRoleName) {
$roleNameMatched = true;
} else {
$roleNameMatched = false;
}
foreach ($resources as $resource) {
if (null === $resource || $resource && $resource->name === $needResourceName) {
$resourceNameMatched = true;
} else {
$resourceNameMatched = false;
}
// Check if $role and $resource match to need role and resource.
$ruleResult = null;
if ($roleNameMatched === true && $resourceNameMatched === true) {
$ruleResult = new RuleResult($this, $needRoleName, $needResourceName);
}
if ($ruleResult) {
return $ruleResult;
}
}
}
}
return null;
}
public function testComplexGraph()
{
$acl = new Acl();
$u = new Role('U');
$u1 = new Role('U1');
$u2 = new Role('U2');
$u3 = new Role('U3');
$u->addChild($u1);
$u->addChild($u2);
$u->addChild($u3);
$r = new Resource('R');
$r1 = new Resource('R1');
$r2 = new Resource('R2');
$r3 = new Resource('R3');
$r4 = new Resource('R4');
$r5 = new Resource('R5');
$r->addChild($r1);
$r->addChild($r2);
$r->addChild($r3);
$r3->addChild($r4);
$r3->addChild($r5);
$a = new Rule('View');
$acl->addRule($u, $r, $a, true);
$this->assertTrue($acl->isAllowed('U', 'R', 'View'));
$this->assertTrue($acl->isAllowed('U', 'R1', 'View'));
$this->assertTrue($acl->isAllowed('U', 'R2', 'View'));
$this->assertTrue($acl->isAllowed('U', 'R3', 'View'));
$this->assertTrue($acl->isAllowed('U', 'R4', 'View'));
$this->assertTrue($acl->isAllowed('U', 'R5', 'View'));
$this->assertTrue($acl->isAllowed('U1', 'R', 'View'));
$this->assertTrue($acl->isAllowed('U1', 'R1', 'View'));
$this->assertTrue($acl->isAllowed('U1', 'R2', 'View'));
$this->assertTrue($acl->isAllowed('U1', 'R3', 'View'));
$this->assertTrue($acl->isAllowed('U1', 'R4', 'View'));
$this->assertTrue($acl->isAllowed('U1', 'R5', 'View'));
$this->assertTrue($acl->isAllowed('U2', 'R', 'View'));
$this->assertTrue($acl->isAllowed('U2', 'R1', 'View'));
$this->assertTrue($acl->isAllowed('U2', 'R2', 'View'));
$this->assertTrue($acl->isAllowed('U2', 'R3', 'View'));
$this->assertTrue($acl->isAllowed('U2', 'R4', 'View'));
$this->assertTrue($acl->isAllowed('U2', 'R5', 'View'));
$this->assertTrue($acl->isAllowed('U3', 'R', 'View'));
$this->assertTrue($acl->isAllowed('U3', 'R1', 'View'));
$this->assertTrue($acl->isAllowed('U3', 'R2', 'View'));
$this->assertTrue($acl->isAllowed('U3', 'R3', 'View'));
$this->assertTrue($acl->isAllowed('U3', 'R4', 'View'));
$this->assertTrue($acl->isAllowed('U3', 'R5', 'View'));
$a2 = new Rule('View');
$acl->addRule($u, $r3, $a2, false);
$this->assertTrue($acl->isAllowed('U', 'R', 'View'));
$this->assertTrue($acl->isAllowed('U', 'R1', 'View'));
$this->assertTrue($acl->isAllowed('U', 'R2', 'View'));
$this->assertFalse($acl->isAllowed('U', 'R3', 'View'));
$this->assertFalse($acl->isAllowed('U', 'R4', 'View'));
$this->assertFalse($acl->isAllowed('U', 'R5', 'View'));
$this->assertTrue($acl->isAllowed('U1', 'R', 'View'));
$this->assertTrue($acl->isAllowed('U1', 'R1', 'View'));
$this->assertTrue($acl->isAllowed('U1', 'R2', 'View'));
$this->assertFalse($acl->isAllowed('U1', 'R3', 'View'));
$this->assertFalse($acl->isAllowed('U1', 'R4', 'View'));
$this->assertFalse($acl->isAllowed('U1', 'R5', 'View'));
$this->assertTrue($acl->isAllowed('U2', 'R', 'View'));
$this->assertTrue($acl->isAllowed('U2', 'R1', 'View'));
$this->assertTrue($acl->isAllowed('U2', 'R2', 'View'));
$this->assertFalse($acl->isAllowed('U2', 'R3', 'View'));
$this->assertFalse($acl->isAllowed('U2', 'R4', 'View'));
$this->assertFalse($acl->isAllowed('U2', 'R5', 'View'));
$this->assertTrue($acl->isAllowed('U3', 'R', 'View'));
$this->assertTrue($acl->isAllowed('U3', 'R1', 'View'));
$this->assertTrue($acl->isAllowed('U3', 'R2', 'View'));
$this->assertFalse($acl->isAllowed('U3', 'R3', 'View'));
$this->assertFalse($acl->isAllowed('U3', 'R4', 'View'));
$this->assertFalse($acl->isAllowed('U3', 'R5', 'View'));
$a3 = new Rule('View');
$a4 = new Rule('View');
$acl->addRule($u2, $r4, $a3, true);
$acl->addRule($u2, $r5, $a4, true);
$this->assertTrue($acl->isAllowed('U', 'R', 'View'));
$this->assertTrue($acl->isAllowed('U', 'R1', 'View'));
$this->assertTrue($acl->isAllowed('U', 'R2', 'View'));
$this->assertFalse($acl->isAllowed('U', 'R3', 'View'));
$this->assertFalse($acl->isAllowed('U', 'R4', 'View'));
$this->assertFalse($acl->isAllowed('U', 'R5', 'View'));
$this->assertTrue($acl->isAllowed('U1', 'R', 'View'));
$this->assertTrue($acl->isAllowed('U1', 'R1', 'View'));
$this->assertTrue($acl->isAllowed('U1', 'R2', 'View'));
$this->assertFalse($acl->isAllowed('U1', 'R3', 'View'));
$this->assertFalse($acl->isAllowed('U1', 'R4', 'View'));
$this->assertFalse($acl->isAllowed('U1', 'R5', 'View'));
$this->assertTrue($acl->isAllowed('U2', 'R', 'View'));
$this->assertTrue($acl->isAllowed('U2', 'R1', 'View'));
$this->assertTrue($acl->isAllowed('U2', 'R2', 'View'));
$this->assertFalse($acl->isAllowed('U2', 'R3', 'View'));
$this->assertTrue($acl->isAllowed('U2', 'R4', 'View'));
$this->assertTrue($acl->isAllowed('U2', 'R5', 'View'));
$this->assertTrue($acl->isAllowed('U3', 'R', 'View'));
$this->assertTrue($acl->isAllowed('U3', 'R1', 'View'));
$this->assertTrue($acl->isAllowed('U3', 'R2', 'View'));
$this->assertFalse($acl->isAllowed('U3', 'R3', 'View'));
$this->assertFalse($acl->isAllowed('U3', 'R4', 'View'));
$this->assertFalse($acl->isAllowed('U3', 'R5', 'View'));
}