/**
* Checks whether the provider can be accessed by this consumer.
*
* @param Doozr_Acl_Service $acl The provider ACL
* @param string $action The action to check
*
* @author Benjamin Carl <*****@*****.**>
* @return bool TRUE if is allowed, otherwise FALSE
* @access public
* @throws Doozr_Exception_Service
*/
public function isAllowed(Doozr_Acl_Service $acl, $action)
{
if ($this->getType() === self::TYPE_CONSUMER && $acl->getType() === self::TYPE_PROVIDER) {
return $acl->hasPermission($action) && $acl->grant($this->getPermissions(), $action);
} else {
throw new Doozr_Exception_Service('Type mismatch! Only Consumer ca be allowed to access Provider.');
}
}
/**
* Authorizes an consumer ACL service object against an provider ACL service
* object to check if resource is allowed for current consumer...
*
* @author Benjamin Carl <*****@*****.**>
* @return bool TRUE if authorized, otherwise FALSE
* @access protected
* @throws Doozr_Base_Model_Rest_Exception
*/
protected function authorize(Doozr_Acl_Service $aclConsumer, Doozr_Acl_Service $aclProvider)
{
// Check if login is required and if - if user is logged in ...
if ($aclProvider->isLoginRequired() === true && $aclConsumer->isLoggedIn() === false) {
throw new Doozr_Base_Model_Rest_Exception('Authorization required.', 403);
} elseif ($aclConsumer->isAllowed($aclProvider, Doozr_Acl_Service::ACTION_CREATE) === false) {
// Not enough rights ...
throw new Doozr_Base_Model_Rest_Exception('Authorization required.', 401);
} else {
$status = true;
}
return $status;
}
