1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150:
<?php
namespace Coast;
use Closure;
class Acl
{
const NONE = null;
const ALLOW = true;
const DENY = false;
protected $_roles = [];
public function role($name, array $value = null)
{
if (func_num_args() > 1) {
$value += [
'extend' => null,
'rules' => [],
];
if (isset($value['extend']) && !isset($this->_roles[$value['extend']])) {
throw new Exception("Role '{$value['extend']}' does not exist");
}
$this->_roles[$name] = $value;
return $this;
}
return isset($this->_roles[$name])
? $this->_roles[$name]
: null;
}
public function roles(array $roles = null)
{
if (func_num_args() > 0) {
foreach ($roles as $name => $value) {
$this->role($name, $value);
}
return $this;
}
return $this->_roles;
}
public function rule($role, $resource, $operations, $action)
{
if (!isset($this->_roles[$role])) {
throw new Exception("Role '{$role}' does not exist");
}
if (!is_array($operations)) {
$operations = array_map('trim', explode(',', $operations));
}
if ($action instanceof Closure) {
$action = $action->bindTo($this);
}
$this->_roles[$role]['rules'][] = [
$resource,
$operations,
$action,
];
return $this;
}
public function rules($role, array $rules = null)
{
if (func_num_args() > 1) {
foreach ($rules as $rule) {
call_user_func_array([$this, 'rule'], array_merge([$role], $rule));
}
return $this;
}
return $this->_roles[$role]['rules'];
}
public function allow($role, $resource, $operations)
{
return $this->rule($role, $resource, $operations, $action, self::ALLOW);
}
public function deny($role, $resource, $operations)
{
return $this->rule($role, $resource, $operations, $action, self::DENY);
}
public function func($role, $resource, $operations, Closure $func)
{
return $this->rule($role, $resource, $operations, $action, $func);
}
public function check($role, $resource, $operation, array $params = array())
{
if (!isset($this->_roles[$role])) {
throw new Exception("Role '{$role}' does not exist");
}
$role = $this->_roles[$role];
$value = $role;
$rules = $value['rules'];
while (isset($value['extend'])) {
$value = $this->_roles[$value['extend']];
$rules = array_merge($value['rules'], $rules);
}
$action = self::NONE;
end($rules);
do {
$rule = current($rules);
if ($resource != $rule[0]) {
continue;
}
if ($rule[1] !== ['*'] && !in_array($operation, $rule[1])) {
continue;
}
$action = $rule[2];
$action = $action instanceof Closure
? call_user_func_array($action, array_merge([$role], $params))
: $action;
if ($action !== self::NONE) {
break;
}
} while (prev($rules));
return $action;
}
public function isAllow($role, $resource, $operation, array $params = array())
{
return $this->check($role, $resource, $operation, $params) === self::ALLOW;
}
public function isDeny($role, $resource, $operation, array $params = array())
{
return $this->check($role, $resource, $operation, $params) === self::DENY;
}
public function isNone($role, $resource, $operation, array $params = array())
{
return $this->check($role, $resource, $operation, $params) === self::NONE;
}
public function __invoke($role, $resource, $operation, array $params = array())
{
return $this->check($role, $resource, $operation, $params);
}
}