Rewrite of the authentication and authorization system

2015-12-05 20:31:27 -05:00
parent 346b8312e5
commit e9fedf3e5c
255 changed files with 14114 additions and 9820 deletions
--- a/app/Core/Security/AccessMap.php
+++ b/app/Core/Security/AccessMap.php
@@ -18,6 +18,14 @@ class AccessMap
     */
    private $defaultRole = '';

+    /**
+     * Role hierarchy
+     *
+     * @access private
+     * @var array
+     */
+    private $hierarchy = array();
+
    /**
     * Access map
     *
@@ -39,16 +47,77 @@ class AccessMap
        return $this;
    }

+    /**
+     * Define role hierarchy
+     *
+     * @access public
+     * @param  string $role
+     * @param  array  $subroles
+     * @return Acl
+     */
+    public function setRoleHierarchy($role, array $subroles)
+    {
+        foreach ($subroles as $subrole) {
+            if (isset($this->hierarchy[$subrole])) {
+                $this->hierarchy[$subrole][] = $role;
+            } else {
+                $this->hierarchy[$subrole] = array($role);
+            }
+        }
+
+        return $this;
+    }
+
+    /**
+     * Get computed role hierarchy
+     *
+     * @access public
+     * @param  string  $role
+     * @return array
+     */
+    public function getRoleHierarchy($role)
+    {
+        $roles = array($role);
+
+        if (isset($this->hierarchy[$role])) {
+            $roles = array_merge($roles, $this->hierarchy[$role]);
+        }
+
+        return $roles;
+    }
+
    /**
     * Add new access rules
     *
     * @access public
-     * @param  string $controller
-     * @param  string $method
-     * @param  array  $roles
+     * @param  string $controller  Controller class name
+     * @param  mixed  $methods     List of method name or just one method
+     * @param  string $role        Lowest role required
     * @return Acl
     */
-    public function add($controller, $method, array $roles)
+    public function add($controller, $methods, $role)
+    {
+        if (is_array($methods)) {
+            foreach ($methods as $method) {
+                $this->addRule($controller, $method, $role);
+            }
+        } else {
+            $this->addRule($controller, $methods, $role);
+        }
+
+        return $this;
+    }
+
+    /**
+     * Add new access rule
+     *
+     * @access private
+     * @param  string $controller
+     * @param  string $method
+     * @param  string $role
+     * @return Acl
+     */
+    private function addRule($controller, $method, $role)
    {
        $controller = strtolower($controller);
        $method = strtolower($method);
@@ -57,11 +126,7 @@ class AccessMap
            $this->map[$controller] = array();
        }

-        if (! isset($this->map[$controller][$method])) {
-            $this->map[$controller][$method] = array();
-        }
-
-        $this->map[$controller][$method] = $roles;
+        $this->map[$controller][$method] = $role;

        return $this;
    }
@@ -79,14 +144,12 @@ class AccessMap
        $controller = strtolower($controller);
        $method = strtolower($method);

-        if (isset($this->map[$controller][$method])) {
-            return $this->map[$controller][$method];
+        foreach (array($method, '*') as $key) {
+            if (isset($this->map[$controller][$key])) {
+                return $this->getRoleHierarchy($this->map[$controller][$key]);
+            }
        }

-        if (isset($this->map[$controller]['*'])) {
-            return $this->map[$controller]['*'];
-        }
-
-        return array($this->defaultRole);
+        return $this->getRoleHierarchy($this->defaultRole);
    }
 }