/** * Adds a Role having an identifier unique to the registry * * The $parents parameter may be a reference to, or the string identifier for, * a Role existing in the registry, or $parents may be passed as an array of * these - mixing string identifiers and objects is ok - to indicate the Roles * from which the newly added Role will directly inherit. * * In order to resolve potential ambiguities with conflicting rules inherited * from different parents, the most recently added parent takes precedence over * parents that were previously added. In other words, the first parent added * will have the least priority, and the last parent added will have the * highest priority. * * @param \Zend\Acl\Role\RoleInterface $role * @param \Zend\Acl\Role\RoleInterface|string|array $parents * @throws \Zend\Acl\Exception\InvalidArgumentException * @return Registry Provides a fluent interface */ public function add(Role\RoleInterface $role, $parents = null) { $roleId = $role->getRoleId(); if ($this->has($roleId)) { throw new Acl\Exception\InvalidArgumentException("Role id '{$roleId}' already exists in the registry"); } $roleParents = array(); if (null !== $parents) { if (!is_array($parents)) { $parents = array($parents); } foreach ($parents as $parent) { try { if ($parent instanceof Role\RoleInterface) { $roleParentId = $parent->getRoleId(); } else { $roleParentId = $parent; } $roleParent = $this->get($roleParentId); } catch (\Exception $e) { throw new Acl\Exception\InvalidArgumentException("Parent Role id '{$roleParentId}' does not exist", 0, $e); } $roleParents[$roleParentId] = $roleParent; $this->_roles[$roleParentId]['children'][$roleId] = $role; } } $this->_roles[$roleId] = array('instance' => $role, 'parents' => $roleParents, 'children' => array()); return $this; }
/** * Returns true if and only if the Role exists in the registry * * The $role parameter can either be a Role or a Role identifier. * * @param RoleInterface|string $role * @return boolean */ public function has($role) { if ($role instanceof RoleInterface) { $roleId = $role->getRoleId(); } else { $roleId = (string) $role; } return isset($this->roles[$roleId]); }
/** * Returns the rules associated with a Resource and a Role, or null if no such rules exist * * If either $resource or $role is null, this means that the rules returned are for all Resources or all Roles, * respectively. Both can be null to return the default rule set for all Resources and all Roles. * * If the $create parameter is true, then a rule set is first created and then returned to the caller. * * @param ResourceInterface $resource * @param RoleInterface $role * @param boolean $create * @return array|null */ protected function &getRules(ResourceInterface $resource = null, RoleInterface $role = null, $create = false) { // create a reference to null $null = null; $nullRef =& $null; // follow $resource do { if (null === $resource) { $visitor =& $this->rules['allResources']; break; } $resourceId = $resource->getResourceId(); if (!isset($this->rules['byResourceId'][$resourceId])) { if (!$create) { return $nullRef; } $this->rules['byResourceId'][$resourceId] = array(); } $visitor =& $this->rules['byResourceId'][$resourceId]; } while (false); // follow $role if (null === $role) { if (!isset($visitor['allRoles'])) { if (!$create) { return $nullRef; } $visitor['allRoles']['byPrivilegeId'] = array(); } return $visitor['allRoles']; } $roleId = $role->getRoleId(); if (!isset($visitor['byRoleId'][$roleId])) { if (!$create) { return $nullRef; } $visitor['byRoleId'][$roleId]['byPrivilegeId'] = array(); } return $visitor['byRoleId'][$roleId]; }