/**
* Adds a Role having an identifier unique to the registry
*
* The $parents parameter may be a reference to, or the string identifier for,
* a Role existing in the registry, or $parents may be passed as an array of
* these - mixing string identifiers and objects is ok - to indicate the Roles
* from which the newly added Role will directly inherit.
*
* In order to resolve potential ambiguities with conflicting rules inherited
* from different parents, the most recently added parent takes precedence over
* parents that were previously added. In other words, the first parent added
* will have the least priority, and the last parent added will have the
* highest priority.
*
* @param RoleInterface $role
* @param RoleInterface|string|array $parents
* @throws AclRoleRegistryException
* @return RoleRegistry Provides a fluent interface
*/
public function add(RoleInterface $role, $parents = null)
{
$roleId = $role->getRoleId();
if ($this->has($roleId)) {
throw new AclRoleRegistryException("Role id '{$roleId}' already exists in the registry");
}
$roleParents = array();
if (null !== $parents) {
if (!is_array($parents)) {
$parents = array($parents);
}
foreach ($parents as $parent) {
try {
if ($parent instanceof RoleInterface) {
$roleParentId = $parent->getRoleId();
} else {
$roleParentId = $parent;
}
$roleParent = $this->get($roleParentId);
} catch (AclRoleRegistryException $e) {
throw new AclRoleRegistryException("Parent Role id '{$roleParentId}' does not exist");
}
$roleParents[$roleParentId] = $roleParent;
$this->_roles[$roleParentId]['children'][$roleId] = $role;
}
}
$this->_roles[$roleId] = array('instance' => $role, 'parents' => $roleParents, 'children' => array());
return $this;
}
/**
* Returns the rules associated with a Resource and a Role, or null if no such rules exist
*
* If either $resource or $role is null, this means that the rules returned are for all Resources or all Roles,
* respectively. Both can be null to return the default rule set for all Resources and all Roles.
*
* If the $create parameter is true, then a rule set is first created and then returned to the caller.
*
* @param ResourceInterface $resource
* @param AclRole $role
* @param boolean $create
* @return array|null
*/
protected function &_getRules(Resource $resource = null, RoleInterface $role = null, $create = false)
{
// create a reference to null
$null = null;
$nullRef =& $null;
// follow $resource
do {
if (null === $resource) {
$visitor =& $this->_rules['allResources'];
break;
}
$resourceId = $resource->getResourceId();
if (!isset($this->_rules['byResourceId'][$resourceId])) {
if (!$create) {
return $nullRef;
}
$this->_rules['byResourceId'][$resourceId] = array();
}
$visitor =& $this->_rules['byResourceId'][$resourceId];
} while (false);
// follow $role
if (null === $role) {
if (!isset($visitor['allRoles'])) {
if (!$create) {
return $nullRef;
}
$visitor['allRoles']['byPrivilegeId'] = array();
}
return $visitor['allRoles'];
}
$roleId = $role->getRoleId();
if (!isset($visitor['byRoleId'][$roleId])) {
if (!$create) {
return $nullRef;
}
$visitor['byRoleId'][$roleId]['byPrivilegeId'] = array();
}
return $visitor['byRoleId'][$roleId];
}
