protected function _aclRules($module, $controller, $action, $stack, $get = array())
{
$applicationAcl = Saf_Acl::getInstance();
$url = ('default' != $module ? "{$module}/" : '') . ('index' != $controller || 'index' != $action || count($stack) ? "{$controller}/" : '') . (('index' != $action || count($stack)) && '' != $action ? "{$action}/" : '') . (count($stack) ? implode('/', $stack) . '/' : '');
$getStack = array();
foreach ($get as $getKey => $getValue) {
if (!in_array($getKey, self::$_redactedKeys)) {
$getStack[] = urldecode($getKey) . '=' . urlencode($getValue);
}
}
$get = $getStack ? '?' . implode('&', $getStack) : '';
//Saf_Debug::outdata((array($url,$module,$controller,$action,$stack));
$forward = Saf_UrlRewrite::encodeForward($url . $get);
$redirectUrl = 'login/' . ($forward ? "?{$forward}" : '');
$whoCan = $applicationAcl->who($module, $controller, $action, $stack);
switch ($whoCan) {
case Saf_Acl::ACL_WHO_ANYUSER:
case Saf_Acl::ACL_WHO_USER:
if (!Saf_Auth::isLoggedIn()) {
throw new Saf_Exception_Redirect($redirectUrl);
}
break;
case Saf_Acl::ACL_WHO_SOMEUSER:
if (!Saf_Auth::isLoggedIn()) {
throw new Saf_Exception_Redirect($redirectUrl);
} else {
throw new Saf_Exception_NotAllowed('Insufficient permissions for operation.');
}
break;
case Saf_Acl::ACL_WHO_ANYONE:
break;
case Saf_Acl::ACL_WHO_OTHERUSER:
if (!$username) {
throw new Saf_Exception_NotAllowed('Insufficient permissions for operation.');
}
//#TODO #1.3.0 verify this works preoprly
break;
case Saf_Acl::ACL_WHO_NOONE:
throw new Saf_Exception_NotAllowed('Operation Not Allowed.');
default:
throw new Saf_Exception_NotImplemented('Operation Not Supported.');
}
}
public static function init($acl)
{
self::$_instance = $acl;
}
