/** * {@inheritdoc} * * @param FrontendInterface $frontend * @param array $options * @throws Exception */ public function __construct(FrontendInterface $frontend, array $options) { if (!isset($options['db']) || !$options['db'] instanceof DbAdapterInterface) { throw new Exception('Parameter "db" is required and it must be an instance of Phalcon\\Acl\\AdapterInterface'); } if (!isset($options['table']) || empty($options['table']) || !is_string($options['table'])) { throw new Exception("Parameter 'table' is required and it must be a non empty string"); } $this->db = $options['db']; $this->table = $this->db->escapeIdentifier($options['table']); unset($options['db'], $options['table']); parent::__construct($frontend, $options); }
/** * Class constructor. * * @param array $options Adapter config * @throws Exception */ public function __construct(array $options) { if (!isset($options['db']) || !$options['db'] instanceof DbAdapter) { throw new Exception('Parameter "db" is required and it must be an instance of Phalcon\\Acl\\AdapterInterface'); } $this->connection = $options['db']; foreach (['roles', 'resources', 'resourcesAccesses', 'accessList', 'rolesInherits'] as $table) { if (!isset($options[$table]) || empty($options[$table]) || !is_string($options[$table])) { throw new Exception("Parameter '{$table}' is required and it must be a non empty string"); } $this->{$table} = $this->connection->escapeIdentifier($options[$table]); } }
/** * {@inheritdoc} * Example: * <code> * //Does Andres have access to the customers resource to create? * $acl->isAllowed('Andres', 'Products', 'create'); * //Do guests have access to any resource to edit? * $acl->isAllowed('guests', '*', 'edit'); * </code> * * @param string $role * @param string $resource * @param string $access * @param array $parameters * @return bool */ public function isAllowed($role, $resource, $access, array $parameters = null) { $sql = implode(' ', ["SELECT " . $this->connection->escapeIdentifier('allowed') . " FROM {$this->accessList} AS a", 'WHERE roles_name IN (', 'SELECT ? ', "UNION SELECT roles_inherit FROM {$this->rolesInherits} WHERE roles_name = ?", "UNION SELECT '*'", ')', "AND resources_name IN (?, '*')", "AND access_name IN (?, '*')", "ORDER BY " . $this->connection->escapeIdentifier('allowed') . " DESC", 'LIMIT 1']); // fetch one entry... $allowed = $this->connection->fetchOne($sql, Db::FETCH_NUM, [$role, $role, $resource, $access]); if (is_array($allowed)) { return (bool) $allowed[0]; } /** * Return the default access action */ return $this->_defaultAccess; }
protected function assertProtectedPropertyEquals($propertyName, $tableName, DbAdapter $connection, Database $adapter) { $property = new ReflectionProperty(self::ADAPTER_CLASS, $propertyName); $property->setAccessible(true); $this->assertEquals($connection->escapeIdentifier($tableName), $property->getValue($adapter)); }
/** * {@inheritdoc} * @param integer $maxlifetime * * @return boolean */ public function gc($maxlifetime) { $options = $this->getOptions(); return $this->connection->execute(sprintf('DELETE FROM %s WHERE COALESCE(%s, %s) + %d < ?', $this->connection->escapeIdentifier($options['table']), $this->connection->escapeIdentifier($options['column_modified_at']), $this->connection->escapeIdentifier($options['column_created_at']), $maxlifetime), [time()]); }