public static function isAllowed($model, $action)
{
// commandline always have full-access
if (Context::isTrusted() || $model instanceof Auth && $model->isTrustedAction()) {
return true;
}
$is_allowed = false;
$instance = static::getInstance();
$collection_name = $instance->getCollectioName($model);
$instance->token = AuthToken::current();
$roles = $instance->getConfig($collection_name, $action);
// Ensure array type for roles
if (!is_array($roles)) {
$roles = array($roles);
}
foreach ($roles as $role) {
// At least one of the configured roles must match
if ($is_allowed) {
break;
}
if (in_array($role, $instance->builtInRoles)) {
$is_allowed = call_user_func_array(array($instance, 'check' . ucfirst($role)), array($model));
} else {
$is_allowed = $instance->checkRole($role);
}
}
return $is_allowed;
}
protected function isAuthenticated()
{
$auth_token = AuthToken::current();
return $auth_token && $auth_token->auth_id == $this->_id;
}
