/** * Adds a Role having an identifier unique to the registry * * The $parents parameter may be a reference to, or the string identifier for, * a Role existing in the registry, or $parents may be passed as an array of * these - mixing string identifiers and objects is ok - to indicate the Roles * from which the newly added Role will directly inherit. * * In order to resolve potential ambiguities with conflicting rules inherited * from different parents, the most recently added parent takes precedence over * parents that were previously added. In other words, the first parent added * will have the least priority, and the last parent added will have the * highest priority. * * @param RoleInterface $role * @param RoleInterface|string|array $parents * @throws AclRoleRegistryException * @return RoleRegistry Provides a fluent interface */ public function add(RoleInterface $role, $parents = null) { $roleId = $role->getRoleId(); if ($this->has($roleId)) { throw new AclRoleRegistryException("Role id '{$roleId}' already exists in the registry"); } $roleParents = array(); if (null !== $parents) { if (!is_array($parents)) { $parents = array($parents); } foreach ($parents as $parent) { try { if ($parent instanceof RoleInterface) { $roleParentId = $parent->getRoleId(); } else { $roleParentId = $parent; } $roleParent = $this->get($roleParentId); } catch (AclRoleRegistryException $e) { throw new AclRoleRegistryException("Parent Role id '{$roleParentId}' does not exist"); } $roleParents[$roleParentId] = $roleParent; $this->_roles[$roleParentId]['children'][$roleId] = $role; } } $this->_roles[$roleId] = array('instance' => $role, 'parents' => $roleParents, 'children' => array()); return $this; }
/** * Returns the rules associated with a Resource and a Role, or null if no such rules exist * * If either $resource or $role is null, this means that the rules returned are for all Resources or all Roles, * respectively. Both can be null to return the default rule set for all Resources and all Roles. * * If the $create parameter is true, then a rule set is first created and then returned to the caller. * * @param ResourceInterface $resource * @param AclRole $role * @param boolean $create * @return array|null */ protected function &_getRules(Resource $resource = null, RoleInterface $role = null, $create = false) { // create a reference to null $null = null; $nullRef =& $null; // follow $resource do { if (null === $resource) { $visitor =& $this->_rules['allResources']; break; } $resourceId = $resource->getResourceId(); if (!isset($this->_rules['byResourceId'][$resourceId])) { if (!$create) { return $nullRef; } $this->_rules['byResourceId'][$resourceId] = array(); } $visitor =& $this->_rules['byResourceId'][$resourceId]; } while (false); // follow $role if (null === $role) { if (!isset($visitor['allRoles'])) { if (!$create) { return $nullRef; } $visitor['allRoles']['byPrivilegeId'] = array(); } return $visitor['allRoles']; } $roleId = $role->getRoleId(); if (!isset($visitor['byRoleId'][$roleId])) { if (!$create) { return $nullRef; } $visitor['byRoleId'][$roleId]['byPrivilegeId'] = array(); } return $visitor['byRoleId'][$roleId]; }