protected function _aclRules($module, $controller, $action, $stack, $get = array()) { $applicationAcl = Saf_Acl::getInstance(); $url = ('default' != $module ? "{$module}/" : '') . ('index' != $controller || 'index' != $action || count($stack) ? "{$controller}/" : '') . (('index' != $action || count($stack)) && '' != $action ? "{$action}/" : '') . (count($stack) ? implode('/', $stack) . '/' : ''); $getStack = array(); foreach ($get as $getKey => $getValue) { if (!in_array($getKey, self::$_redactedKeys)) { $getStack[] = urldecode($getKey) . '=' . urlencode($getValue); } } $get = $getStack ? '?' . implode('&', $getStack) : ''; //Saf_Debug::outdata((array($url,$module,$controller,$action,$stack)); $forward = Saf_UrlRewrite::encodeForward($url . $get); $redirectUrl = 'login/' . ($forward ? "?{$forward}" : ''); $whoCan = $applicationAcl->who($module, $controller, $action, $stack); switch ($whoCan) { case Saf_Acl::ACL_WHO_ANYUSER: case Saf_Acl::ACL_WHO_USER: if (!Saf_Auth::isLoggedIn()) { throw new Saf_Exception_Redirect($redirectUrl); } break; case Saf_Acl::ACL_WHO_SOMEUSER: if (!Saf_Auth::isLoggedIn()) { throw new Saf_Exception_Redirect($redirectUrl); } else { throw new Saf_Exception_NotAllowed('Insufficient permissions for operation.'); } break; case Saf_Acl::ACL_WHO_ANYONE: break; case Saf_Acl::ACL_WHO_OTHERUSER: if (!$username) { throw new Saf_Exception_NotAllowed('Insufficient permissions for operation.'); } //#TODO #1.3.0 verify this works preoprly break; case Saf_Acl::ACL_WHO_NOONE: throw new Saf_Exception_NotAllowed('Operation Not Allowed.'); default: throw new Saf_Exception_NotImplemented('Operation Not Supported.'); } }
public static function init($acl) { self::$_instance = $acl; }