Gentics Portal.Node PHP API
 All Classes Namespaces Functions Variables Pages
RightsFilter.php
1 <?php
2 /**
3 * Rights filter class file.
4 *
5 * @author Christoffer Niska <cniska@live.com>
6 * @copyright Copyright &copy; 2010 Christoffer Niska
7 * @since 0.7
8 */
9 class RightsFilter extends CFilter
10 {
11  protected $_allowedActions = array();
12 
13  /**
14  * Performs the pre-action filtering.
15  * @param CFilterChain $filterChain the filter chain that the filter is on.
16  * @return boolean whether the filtering process should continue and the action
17  * should be executed.
18  */
19  protected function preFilter($filterChain)
20  {
21  // By default we assume that the user is allowed access
22  $allow = true;
23 
24  $user = Yii::app()->getUser();
25  $controller = $filterChain->controller;
26  $action = $filterChain->action;
27 
28  // Check if the action should be allowed
29  if( $this->_allowedActions!=='*' && in_array($action->id, $this->_allowedActions)===false )
30  {
31  // Initialize the authorization item as an empty string
32  $authItem = '';
33 
34  // Append the module id to the authorization item name
35  // in case the controller called belongs to a module
36  if( ($module = $controller->getModule())!==null )
37  $authItem .= ucfirst($module->id).'.';
38 
39  // Append the controller id to the authorization item name
40  $authItem .= ucfirst($controller->id);
41 
42  // Check if user has access to the controller
43  if( $user->checkAccess($authItem.'.*')!==true )
44  {
45  // Append the action id to the authorization item name
46  $authItem .= '.'.ucfirst($action->id);
47 
48  // Check if the user has access to the controller action
49  if( $user->checkAccess($authItem)!==true )
50  $allow = false;
51  }
52  }
53 
54  // User is not allowed access, deny access
55  if( $allow===false )
56  {
57  $controller->accessDenied();
58  return false;
59  }
60 
61  // Authorization item did not exist or the user had access, allow access
62  return true;
63  }
64 
65  /**
66  * Sets the allowed actions.
67  * @param string $allowedActions the actions that are always allowed separated by commas,
68  * you may also use star (*) to represent all actions.
69  */
70  public function setAllowedActions($allowedActions)
71  {
72  if( $allowedActions==='*' )
73  $this->_allowedActions = $allowedActions;
74  else
75  $this->_allowedActions = preg_split('/[\s,]+/', $allowedActions, -1, PREG_SPLIT_NO_EMPTY);
76  }
77 }