/** * Check if the ACL allows accessing the function or method * * @param string|object $object Object or class being accessed * @param string $function Function or method being accessed * @return bool * @throws AmfException * @throws AmfException */ protected function _checkAcl($object, $function) { if (!$this->_acl) { return true; } if ($object) { $class = is_object($object) ? get_class($object) : $object; if (!$this->_acl->has($class)) { $this->_acl->addResource(new Resource($class)); } $call = array($object, "initAcl"); if (is_callable($call) && !call_user_func($call, $this->_acl)) { // if initAcl returns false, no ACL check return true; } } else { $class = null; } $auth = Auth::getInstance(); if ($auth->hasIdentity()) { $role = $auth->getIdentity()->role; } else { if ($this->_acl->hasRole(Constants::GUEST_ROLE)) { $role = Constants::GUEST_ROLE; } else { throw new AmfException("Unauthenticated access not allowed"); } } if ($this->_acl->isAllowed($role, $class, $function)) { return true; } else { throw new AmfException("Access not allowed"); } }