/** * Main ACL check function. Checks to see if the ARO (access request object) has access to the * ACO (access control object). * * @param string $aro ARO * @param string $aco ACO * @param string $action Action * @return bool true if access is granted, false otherwise */ public function check($aro, $aco, $action = "*") { $allow = $this->options['policy']; $prioritizedAros = $this->Aro->roles($aro); if ($action && $action !== "*") { $aco .= '/' . $action; } $path = $this->Aco->path($aco); if (empty($path)) { return $allow; } foreach ($path as $node) { foreach ($prioritizedAros as $aros) { if (!empty($node['allow'])) { $allow = $allow || count(array_intersect($node['allow'], $aros)); } if (!empty($node['deny'])) { $allow = $allow && !count(array_intersect($node['deny'], $aros)); } } } return $allow; }