/**
* Method to check if a user is authorised to perform an action, optionally on an asset.
*
* @param integer Id of the user for which to check authorisation.
* @param string The name of the action to authorise.
* @param mixed Integer asset id or the name of the asset as a string. Defaults to the global asset node.
* @return boolean True if authorised.
* @since 1.6
*/
public static function check($userId, $action, $asset = null)
{
if (self::$isRoot) {
return true;
} else {
// Sanitize inputs.
$userId = (int) $userId;
$action = strtolower(preg_replace('#[\\s\\-]+#', '.', trim($action)));
$asset = strtolower(preg_replace('#[\\s\\-]+#', '.', trim($asset)));
// Default to the root asset node.
if (empty($asset)) {
$asset = 1;
}
// Get the rules for the asset recursively to root if not already retrieved.
if (empty(self::$assetRules[$asset])) {
self::$assetRules[$asset] = self::getAssetRules($asset, true);
}
// Get all groups against which the user is mapped.
$identities = self::getGroupsByUser($userId);
array_unshift($identities, $userId * -1);
// Make sure we only check for core.admin once during the run.
if (self::$isRoot === null) {
if (self::getAssetRules(1)->allow('core.admin', $identities)) {
self::$isRoot = true;
return true;
} else {
self::$isRoot = false;
}
}
return self::$assetRules[$asset]->allow($action, $identities);
}
}
