Docs For Class ACL

Class ACL

Description

Access Control List class

The default Habari ACL class implements groups, and group permissions Users are assigned to one or more groups. Groups are assigned one or more permissions. Membership in any group that grants a permission means you have that permission. Membership in any group that denies that permission denies the user that permission, even if another group grants that permission.

Located in /system/classes/acl.php (line 17)

Class Constant Summary

ACCESS_NONEXISTANT_PERMISSION = true

Method Summary

static bool access_check (mixed $access_given, mixed $access_check)

static mixed access_id (string $name)

static mixed access_name (ID $id)

static array all_permissions ([string $order = 'id'])

static mixed create_permission (string $name, string $description)

static Result deny_group (integer $group_id, mixed $token_id)

static Result deny_user (integer $user_id, mixed $token_id)

static bool destroy_permission (mixed $permission)

static Result grant_group (integer $group_id, mixed $token_id, [string $access = 'full'])

static Result grant_user (integer $user_id, integer $token_id, [string $access = 'full'])

static bool group_can (mixed $group, mixed $permission, [string $access = 'full'])

static string normalize_permission (string $name)

static the revoke_group_permission (integer $group_id, mixed $token_id)

static the revoke_user_permission (integer $user_id, mixed $token_id)

static string token_description (mixed $permission)

static bool token_exists (mixed $permission)

static int token_id (string $name)

static string token_name (int $id)

static bool user_can (mixed $user, mixed $permission, [string $access = 'full'])

static void __static ()

Methods

static method access_check (line 76)

Check access. Implements hierarchy of access terms.

return: Returns true if the given access meets exceeds the access to check against
access: public

static bool access_check (mixed $access_given, mixed $access_check)

mixed $access_given: The ID or name of the access given
mixed $access_check: The ID or name of the access to check against

static method access_id (line 47)

Convert a permission access name (read, write, full, denied) into an ID

return: the ID of the permission, or boolean FALSE if it does not exist
access: public

static mixed access_id (string $name)

string $name: The access name

static method access_name (line 61)

Convert a permission access ID into a name

return: the name of the permission, or boolean FALSE if it does not exist
access: public

static mixed access_name (ID $id)

ID $id: The access ID

static method all_permissions (line 176)

Get an array of QueryRecord objects containing all permissions

return: an array of QueryRecord objects containing all permissions
access: public

static array all_permissions ([string $order = 'id'])

string $order: the order in which to sort the returning array

static method create_permission (line 108)

Create a new permission, and save it to the permission tokens table

return: the ID of the newly created permission, or boolean FALSE
access: public

static mixed create_permission (string $name, string $description)

string $name: The name of the permission
string $description: The description of the permission

static method deny_group (line 389)

Deny permission to a group

return: of the DB query
access: public

static Result deny_group (integer $group_id, mixed $token_id)

integer $group_id: The group ID
mixed $token_id: The name or ID of the permission token

static method deny_user (line 400)

Deny permission to a user

return: of the DB query
access: public

static Result deny_user (integer $user_id, mixed $token_id)

integer $user_id: The user ID
mixed $token_id: The name or ID of the permission token

static method destroy_permission (line 138)

Remove a permission, and any assignments of it

return: whether the permission was deleted or not
access: public

static bool destroy_permission (mixed $permission)

mixed $permission: a permission ID or name

static method grant_group (line 350)

Grant a permission to a group

return: of the DB query
access: public

static Result grant_group (integer $group_id, mixed $token_id, [string $access = 'full'])

integer $group_id: The group ID
mixed $token_id: The name or ID of the permission token to grant
string $access: The kind of access to assign the group

static method grant_user (line 372)

Grant a permission to a user

return: of the DB query
access: public

static Result grant_user (integer $user_id, integer $token_id, [string $access = 'full'])

integer $user_id: The user ID
integer $token_id: The name or ID of the permission token to grant
string $access: The kind of access to assign the group

static method group_can (line 254)

Determine whether a group can perform a specific action

return: Whether the group can perform the action
access: public

static bool group_can (mixed $group, mixed $permission, [string $access = 'full'])

mixed $group: A group ID or name
mixed $permission: An action ID or name
string $access: Check for 'read', 'write', or 'full' access

static method normalize_permission (line 442)

Convert a permission name into a valid format

return: The permission with spaces converted to underscores and all lowercase
access: public

static string normalize_permission (string $name)

string $name: The name of a permission

static method revoke_group_permission (line 411)

Remove a permission from the group permissions table

return: result of the DB query
access: public

static the revoke_group_permission (integer $group_id, mixed $token_id)

integer $group_id: The group ID
mixed $token_id: The name or ID of the permission token

static method revoke_user_permission (line 428)

Remove a permission from the user permissions table

return: result of the DB query
access: public

static the revoke_user_permission (integer $user_id, mixed $token_id)

integer $user_id: The user ID
mixed $token_id: The name or ID of the permission token

static method token_description (line 219)

Fetch a permission token's description from the DB

return: the description of the permission
access: public

static string token_description (mixed $permission)

mixed $permission: a permission name or ID

static method token_exists (line 235)

Determine whether a permission token exists

return: whether the permission exists or not
access: public

static bool token_exists (mixed $permission)

mixed $permission: a permission name or ID

static method token_id (line 205)

Get a permission token's ID by its name

return: the permission's ID
access: public

static int token_id (string $name)

string $name: the name of the permission

static method token_name (line 191)

Get a permission token's name by its ID

return: the name of the permission, or boolean FALSE
access: public

static string token_name (int $id)

int $id: a permission ID

static method user_can (line 279)

Determine whether a user can perform a specific action

return: Whether the user can perform the action
access: public

static bool user_can (mixed $user, mixed $permission, [string $access = 'full'])

mixed $user: A user object, user ID or a username
mixed $permission: A permission ID or name
string $access: Check for 'read', 'write', or 'full' access

static method __static (line 32)

Static initializer to fill the $access_ids array

access: public

static void __static ()

Class Constants

ACCESS_NONEXISTANT_PERMISSION = true (line 24)

How to handle a permission request for a permission that is not in the permission list.

For example, if you request $user->can('some non-existant permission') then this value is returned. It's true at the moment because that allows access to all features for upgrading users.

todo: Decide if this is a setting we need or want to change, or perhaps it should be an option.

Documentation generated on Thu, 30 Oct 2008 20:31:00 +0100 by phpDocumentor 1.3.2