/** * Checks whether the provider can be accessed by this consumer. * * @param Doozr_Acl_Service $acl The provider ACL * @param string $action The action to check * * @author Benjamin Carl <*****@*****.**> * @return bool TRUE if is allowed, otherwise FALSE * @access public * @throws Doozr_Exception_Service */ public function isAllowed(Doozr_Acl_Service $acl, $action) { if ($this->getType() === self::TYPE_CONSUMER && $acl->getType() === self::TYPE_PROVIDER) { return $acl->hasPermission($action) && $acl->grant($this->getPermissions(), $action); } else { throw new Doozr_Exception_Service('Type mismatch! Only Consumer ca be allowed to access Provider.'); } }
/** * Authorizes an consumer ACL service object against an provider ACL service * object to check if resource is allowed for current consumer... * * @author Benjamin Carl <*****@*****.**> * @return bool TRUE if authorized, otherwise FALSE * @access protected * @throws Doozr_Base_Model_Rest_Exception */ protected function authorize(Doozr_Acl_Service $aclConsumer, Doozr_Acl_Service $aclProvider) { // Check if login is required and if - if user is logged in ... if ($aclProvider->isLoginRequired() === true && $aclConsumer->isLoggedIn() === false) { throw new Doozr_Base_Model_Rest_Exception('Authorization required.', 403); } elseif ($aclConsumer->isAllowed($aclProvider, Doozr_Acl_Service::ACTION_CREATE) === false) { // Not enough rights ... throw new Doozr_Base_Model_Rest_Exception('Authorization required.', 401); } else { $status = true; } return $status; }