/** * 檢查該actor是否能夠管理該resource。也就是allow的管理版 * @param KALSActor $actor * @return boolean */ function is_admin($actor = NULL) { if (get_ignore_authorize()) { return TRUE; } $actor = $this->_filter_actor($actor); $is_admin = FALSE; $resource = $this->resource; switch ($resource->get_type_id()) { case 1: $action = $this->action_factory->create(1); $is_admin = $this->allow($action); break; case 2: $action = $this->action_factory->create(2); $is_admin = $this->allow($action); break; case 3: $author = $resource->get_user(); $is_admin = $author->equals($actor); if ($is_admin === FALSE && $this->throw_exception) { handle_error($this->lang->line('action.annotation.administration.exception')); return FALSE; } break; default: $is_admin = FALSE; } return $is_admin; }
/** * 檢查Actor及其所屬群組是否有在這個Policy中。 * @param KALS_actor $actor * @return boolean */ function allow($actor) { //加入Context的Ignore Authorize if (get_ignore_authorize()) { return TRUE; } if (is_null($actor)) { return $this->action->default_allow; } $actors = $actor->get_parent_groups(); array_push($actors, $actor); $passed = FALSE; foreach ($actors as $a) { if ($this->in_actors($a)) { $passed = TRUE; break; } } return $passed; }