/** * It will check the data structure from self::getAuths and try to find a rule for this scenario * Depending if its allow or deny, it will return a boolean. * By default, access is denied, so if what it's looking for isn't found, then it will be denied. * * @param string $p_sController * @param string $p_sMethod * @return boolean */ function verifyUrlAuth($p_sController, $p_sMethod = '') { $aAuthData = $this->getAuths($p_sController); // We need rules for the controller. if (array_key_exists($p_sController, $aAuthData)) { $aAuthData = $aAuthData[$p_sController]; $bFound = false; // Firstly we loop through all method bound rules foreach ($aAuthData as $key => $aAuth) { if ($aAuth['method'] == '') { continue; } if ($aAuth['method'] == $p_sMethod) { $bFound = true; } } // Secondly we move onto global controller rules. if a method rule hasn't been found already if ($bFound !== true) { foreach ($aAuthData as $key => $aAuth) { if ($aAuth['method'] == '') { $bFound = true; } } } if ($bFound === true) { if (getRoleType() == $aAuth['role_name']) { return $aAuth['type'] == 'allow' ? true : false; } return false; } } return false; }
/** * Check wether a user has access to a resource * */ function hasAccess($p_sController = false, $p_sMethod = false, $p_sRole = false, $p_bThrow = false) { if ($p_sController === false) { $p_sController = strtolower(PPI_Dispatch::getInstance()->getControllerName()); } if ($p_sMethod === false) { $sMethodName = PPI_Model_Input::getInstance()->get(strtolower($p_sController)); $p_sMethod = $sMethodName == '' ? 'index' : $sMethodName; } if ($p_sRole === false) { $p_sRole = getRoleType(); } $aRules = $this->getRules(); if (array_key_exists($p_sController, $aRules)) { $aRule = $aRules[$p_sController]; // Look for a direct roletype match if (array_key_exists($p_sRole, $aRule['roles'])) { if ($aRule['roles'][$p_sRole] == 'allow') { return true; } // No match do lets try to find a match through the inheritence chain } else { // Go through the roles and if we find a greater ALLOW then we return true $iRoleID = getRoleID(); foreach ($aRule['roles'] as $sRoleName => $sAccessType) { if (getRoleIDFromName($sRoleName) > $iRoleID) { return $sAccessType == 'deny' ? false : true; } } } } if ($p_bThrow === true) { throw new PPI_Exception("Access denied for user: {$p_sRole} to resource {$p_sController}/{$p_sMethod}"); } return false; }