public static function getInstance() { if (is_null(self::$acl)) { self::$acl = new GangliaAcl(); } return self::$acl; }
/** * Check if current user has a privilege (view, edit, etc) on a resource. * If resource is unspecified, we assume GangliaAcl::ALL. * * Examples * checkAccess( GangliaAcl::ALL_CLUSTERS, GangliaAcl::EDIT, $conf ); // user has global edit? * checkAccess( GangliaAcl::ALL_CLUSTERS, GangliaAcl::VIEW, $conf ); // user has global view? * checkAccess( $cluster, GangliaAcl::EDIT, $conf ); // user can edit current cluster? * checkAccess( 'cluster1', GangliaAcl::EDIT, $conf ); // user has edit privilege on cluster1? * checkAccess( 'cluster1', GangliaAcl::VIEW, $conf ); // user has view privilege on cluster1? */ function checkAccess($resource, $privilege, $conf) { if (!is_array($conf)) { trigger_error('checkAccess: $conf is not an array.', E_USER_ERROR); } if (!isset($conf['auth_system'])) { trigger_error("checkAccess: \$conf['auth_system'] is not defined.", E_USER_ERROR); } switch ($conf['auth_system']) { case 'readonly': $out = $privilege == GangliaAcl::VIEW; break; case 'enabled': // TODO: 'edit' needs to check for writeability of data directory. error log if edit is allowed but we're unable to due to fs problems. $acl = GangliaAcl::getInstance(); $auth = GangliaAuth::getInstance(); if (!$auth->isAuthenticated()) { $user = GangliaAcl::GUEST; } else { $user = $auth->getUser(); } if (!$acl->has($resource)) { $resource = GangliaAcl::ALL_CLUSTERS; } $out = false; if ($acl->hasRole($user)) { $out = (bool) $acl->isAllowed($user, $resource, $privilege); } // error_log("checkAccess() user=$user, resource=$resource, priv=$privilege == $out"); break; case 'disabled': $out = true; break; default: trigger_error("Invalid value '" . $conf['auth_system'] . "' for \$conf['auth_system'].", E_USER_ERROR); return false; } return $out; }
public function testGetInstance() { $obj1 = GangliaAcl::getInstance(); $obj2 = GangliaAcl::getInstance(); $this->assertEquals($obj1, $obj2); }