Static Public Member Functions | Public Attributes

ACL Class Reference

List of all members.

Static Public Member Functions

static access_names ()
static access_check ($bitmask, $access)
static get_bitmask ($mask)
static create_token ($name, $description, $group, $crud=false)
static destroy_token ($token)
static all_tokens ($order= 'id')
static token_name ($id)
static token_id ($name)
static token_description ($permission)
static token_exists ($permission)
static group_can ($group, $token_id, $access= 'full')
static group_cannot ($group, $token_id)
static user_can ($user, $token_id, $access= 'full')
static user_cannot ($user, $token_id)
static get_user_token_access ($user, $token)
static user_tokens ($user, $access= 'full', $posts_only=false)
static get_group_token_access ($group, $token_id)
static grant_group ($group_id, $token_id, $access= 'full')
static grant_user ($user_id, $token_id, $access= 'full')
static deny_group ($group_id, $token_id)
static deny_user ($user_id, $token_id)
static revoke_group_token ($group_id, $token_id)
static revoke_user_token ($user_id, $token_id)
static normalize_token ($name)
static clear_caches ()
static create_default_tokens ()
static rebuild_permissions ($user=null)
static __static ()
static _filter_token_description_display ($token)
static _filter_token_group_display ($group)
static _filter_permission_display ($permission)

Public Attributes

const ACCESS_NONEXISTENT_PERMISSION = 0
const CACHE_NULL = -1

Detailed Description

Access Control List class

The default Habari ACL class implements groups, and group permissions Users are assigned to one or more groups. Groups are assigned one or more permissions. Membership in any group that grants a permission means you have that permission. Membership in any group that denies that permission denies the user that permission, even if another group grants that permission.

Definition at line 22 of file acl.php.


Member Function Documentation

static ACL::__static (  )  [static]

Dummy function to inject strings into the .pot Register plugin hooks

Definition at line 888 of file acl.php.

static ACL::_filter_permission_display ( permission  )  [static]

function _filter_permission_display Filter to localize permission names

Parameters:
string Original name
Returns:
string The localized permission name

Definition at line 960 of file acl.php.

static ACL::_filter_token_description_display ( token  )  [static]

function _filter_token_description_display Filter to localize token descriptions

Parameters:
string Token to get the description of
Returns:
string The localized token description

Definition at line 901 of file acl.php.

static ACL::_filter_token_group_display ( group  )  [static]

function _filter_token_group_display Filter to localize token group name

Parameters:
string Original group name of the token
Returns:
string The localized token group name

Definition at line 942 of file acl.php.

static ACL::access_check ( bitmask,
access 
) [static]

Check a permission bitmask for a particular access type.

Parameters:
Bitmask $bitmask The permission bitmask
mixed $access The name of the access to check against (read, write, full)
Returns:
bool Returns true if the given access meets exceeds the access to check against

Definition at line 50 of file acl.php.

Referenced by AdminPostsHandler::ajax_posts(), AdminPostsHandler::ajax_update_posts(), UserGroup::can(), AdminCommentsHandler::comment_access_filter(), Undelete::filter_post_delete_allow(), Post::form_publish_delete(), and AdminPostsHandler::get_publish().

static ACL::access_names (  )  [static]

Obtain the list of access names (CRUD) to use for permissions.

Returns:
array the list of access names available to ACL

Definition at line 39 of file acl.php.

Referenced by AdminGroupsHandler::get_group(), and AdminGroupsHandler::post_group().

static ACL::all_tokens ( order = 'id'  )  [static]

Get an array of QueryRecord objects containing all permission tokens

Parameters:
string $order the order in which to sort the returning array
Returns:
array an array of QueryRecord objects containing all tokens

Definition at line 170 of file acl.php.

Referenced by AdminGroupsHandler::get_group(), and AdminGroupsHandler::post_group().

static ACL::clear_caches (  )  [static]

Clears all caches used to hold permissions

Definition at line 768 of file acl.php.

Referenced by create_token(), destroy_token(), User::forget(), grant_group(), grant_user(), User::remember(), revoke_group_token(), and revoke_user_token().

static ACL::create_default_tokens (  )  [static]

Creates the default set of permissions.

Definition at line 783 of file acl.php.

static ACL::create_token ( name,
description,
group,
crud = false 
) [static]

Create a new permission token, and save it to the permission tokens table

Parameters:
string $name The name of the permission
string $description The description of the permission
string $group The token group for organizational purposes
bool $crud Indicates if the token is a CRUD or boolean type token (default is boolean)
Returns:
mixed the ID of the newly created permission, or boolean false

Definition at line 88 of file acl.php.

Referenced by Menus::action_plugin_activation(), and Post::add_new_type().

static ACL::deny_group ( group_id,
token_id 
) [static]

Deny permission to a group

Parameters:
integer $group_id The group ID
mixed $token_id The name or ID of the permission token
Returns:
Result of the DB query

Definition at line 692 of file acl.php.

static ACL::deny_user ( user_id,
token_id 
) [static]

Deny permission to a user

Parameters:
integer $user_id The user ID
mixed $token_id The name or ID of the permission token
Returns:
Result of the DB query

Definition at line 703 of file acl.php.

static ACL::destroy_token ( token  )  [static]

Remove a permission token, and any assignments of it

Parameters:
mixed $permission a permission ID or name
Returns:
bool whether the permission was deleted or not

Definition at line 130 of file acl.php.

Referenced by Menus::action_plugin_deactivation(), HabariSilo::action_plugin_deactivation(), and Post::delete_post_type().

static ACL::get_bitmask ( mask  )  [static]

Get a Bitmask object representing the supplied access integer

Parameters:
integer $mask The access mask, usually stored in the database
Returns:
Bitmask An object representing the access value

Definition at line 74 of file acl.php.

Referenced by CoreDashModules::filter_dash_module_post_types_and_statuses(), UserGroup::get_access(), Post::get_access(), Comment::get_access(), AdminHandler::get_main_menu(), get_user_token_access(), and UserGroup::load_permissions_cache().

static ACL::get_group_token_access ( group,
token_id 
) [static]

Get the access bitmask of a group for a specific permission token

Parameters:
integer $group The group ID
mixed $token_id A permission name or ID
Returns:
an access bitmask

Definition at line 570 of file acl.php.

Referenced by AdminGroupsHandler::get_group(), group_can(), and group_cannot().

static ACL::get_user_token_access ( user,
token 
) [static]

Return the access bitmask to a specific token for a specific user

Parameters:
User|integer $user A User object instance or user id
string|integer $token A permission token name or token ID
Returns:
Bitmask An access bitmask

Do we allow perms that don't exist? When ACL is functional ACCESS_NONEXISTENT_PERMISSION should be false by default.

Jay Pipe's explanation of the following SQL 1) Look into user_permissions for the user and the token. If exists, use that permission flag for the check. If not, go to 2)

2) Look into the group_permissions joined to users_groups for the user and the token. Order the results by the access bitmask. The lower the mask value, the fewest permissions that group has. Use the first record's access mask to check the ACL.

This gives the system very fine grained control and grabbing the permission flag and can be accomplished in a single SQL call.

Definition at line 351 of file acl.php.

Referenced by Post::get_access(), Comment::get_access(), user_can(), and user_cannot().

static ACL::grant_group ( group_id,
token_id,
access = 'full' 
) [static]

Grant a permission to a group

Parameters:
integer $group_id The group ID
mixed $token_id The name or ID of the permission token to grant
string $access The kind of access to assign the group
Returns:
Result of the DB query

Definition at line 593 of file acl.php.

Referenced by create_token(), and UserGroup::grant().

static ACL::grant_user ( user_id,
token_id,
access = 'full' 
) [static]

Grant a permission to a user

Parameters:
integer $user_id The user ID
integer $token_id The name or ID of the permission token to grant
string $access The kind of access to assign the group
Returns:
Result of the DB query

Definition at line 654 of file acl.php.

Referenced by User::grant().

static ACL::group_can ( group,
token_id,
access = 'full' 
) [static]

Determine whether a group can perform a specific action

Parameters:
mixed $group A group ID or name
mixed $token_id A permission token ID or name
string $access Check for 'create', 'read', 'update', 'delete', or 'full' access
Returns:
bool Whether the group can perform the action

Definition at line 267 of file acl.php.

static ACL::group_cannot ( group,
token_id 
) [static]

Determine whether a group is explicitly denied permission to perform a specific action This function does not return true if the group is merely not granted a permission

Parameters:
mixed $user A group ID or a group name
mixed $token_id A permission ID or name
Returns:
bool True if access to the token is denied to the group

Definition at line 287 of file acl.php.

static ACL::normalize_token ( name  )  [static]

Convert a token name into a valid format

Parameters:
string $name The name of a permission
Returns:
string The permission with spaces converted to underscores and all lowercase

Definition at line 759 of file acl.php.

Referenced by create_token(), token_description(), token_exists(), and token_id().

static ACL::rebuild_permissions ( user = null  )  [static]

Reset premissions to their default state

Definition at line 819 of file acl.php.

static ACL::revoke_group_token ( group_id,
token_id 
) [static]

Remove a permission token from the group permissions table

Parameters:
integer $group_id The group ID
mixed $token_id The name or ID of the permission token
Returns:
the result of the DB query

Definition at line 714 of file acl.php.

Referenced by UserGroup::revoke().

static ACL::revoke_user_token ( user_id,
token_id 
) [static]

Remove a permission token from the user permissions table

Parameters:
integer $user_id The user ID
mixed $token_id The name or ID of the permission token
Returns:
the result of the DB query

Definition at line 742 of file acl.php.

Referenced by User::revoke().

static ACL::token_description ( permission  )  [static]

Fetch a permission token's description from the DB

Parameters:
mixed $permission a permission name or ID
Returns:
string the description of the permission

Definition at line 231 of file acl.php.

static ACL::token_exists ( permission  )  [static]

Determine whether a permission token exists

Parameters:
mixed $permission a permission name or ID
Returns:
bool whether the permission exists or not

Definition at line 248 of file acl.php.

Referenced by create_token().

static ACL::token_id ( name  )  [static]

Get a permission token's ID by its name

Parameters:
string $name the name of the permission
Returns:
int the permission's ID

Definition at line 214 of file acl.php.

Referenced by UserGroup::can(), create_token(), destroy_token(), UserGroup::get_access(), and get_user_token_access().

static ACL::token_name ( id  )  [static]

Get a permission token's name by its ID

Parameters:
int $id a token ID
Returns:
string the name of the permission, or boolean false

Definition at line 185 of file acl.php.

Referenced by User::grant(), grant_group(), User::revoke(), and revoke_group_token().

static ACL::user_can ( user,
token_id,
access = 'full' 
) [static]

Determine whether a user can perform a specific action

Parameters:
mixed $user A user object, user ID or a username
mixed $token_id A permission ID or name
string $access Check for 'create', 'read', 'update', 'delete', or 'full' access
Returns:
bool Whether the user can perform the action

Definition at line 306 of file acl.php.

Referenced by User::can(), and AdminPostsHandler::get_publish().

static ACL::user_cannot ( user,
token_id 
) [static]

Determine whether a user is explicitly denied permission to perform a specific action This function does not return true if the user is merely not granted a permission

Parameters:
mixed $user A User object, user ID or a username
mixed $token_id A permission ID or name
Returns:
bool True if access to the token is denied to the user

Definition at line 332 of file acl.php.

Referenced by User::cannot(), and AdminPostsHandler::get_publish().

static ACL::user_tokens ( user,
access = 'full',
posts_only = false 
) [static]

Get all the tokens for a given user with a particular kind of access

Parameters:
mixed $user A user object, user ID or a username
string $access Check for 'create' or 'read', 'update', or 'delete' access
Returns:
array of token IDs

Definition at line 485 of file acl.php.

Referenced by Posts::get(), and Comments::get().


Member Data Documentation

How to handle a permission request for a permission that is not in the permission list. For example, if you request $user->can('some non-existent permission') then this value is returned.

Definition at line 28 of file acl.php.


The documentation for this class was generated from the following file: