Static Public Member Functions | Public Attributes | Static Public Attributes

ACL Class Reference

List of all members.

Static Public Member Functions

static access_check ($bitmask, $access)
static get_bitmask ($mask)
static create_token ($name, $description, $group, $crud=false)
static destroy_token ($token)
static all_tokens ($order= 'id')
static token_name ($id)
static token_id ($name)
static token_description ($permission)
static token_exists ($permission)
static group_can ($group, $token_id, $access= 'full')
static group_cannot ($group, $token_id)
static user_can ($user, $token_id, $access= 'full')
static user_cannot ($user, $token_id)
static get_user_token_access ($user, $token)
static user_tokens ($user, $access= 'full', $posts_only=false)
static get_group_token_access ($group, $token_id)
static grant_group ($group_id, $token_id, $access= 'full')
static grant_user ($user_id, $token_id, $access= 'full')
static deny_group ($group_id, $token_id)
static deny_user ($user_id, $token_id)
static revoke_group_token ($group_id, $token_id)
static revoke_user_token ($user_id, $token_id)
static normalize_token ($name)
static clear_caches ()
static create_default_tokens ()
static rebuild_permissions ($user=null)

Public Attributes

const ACCESS_NONEXISTENT_PERMISSION = 0
const CACHE_NULL = -1

Static Public Attributes

static $access_names = array( 'read', 'edit', 'delete', 'create' )

Detailed Description

Access Control List class

The default Habari ACL class implements groups, and group permissions Users are assigned to one or more groups. Groups are assigned one or more permissions. Membership in any group that grants a permission means you have that permission. Membership in any group that denies that permission denies the user that permission, even if another group grants that permission.

Definition at line 19 of file acl.php.

Member Function Documentation

static ACL::access_check ( bitmask,
access 
) [static]

Check a permission bitmask for a particular access type.

Parameters:
Bitmask $bitmask The permission bitmask
mixed $access The name of the access to check against (read, write, full)
Returns:
bool Returns true if the given access meets exceeds the access to check against

Definition at line 37 of file acl.php.

Referenced by AdminPostsHandler::ajax_posts(), AdminPostsHandler::ajax_update_posts(), UserGroup::can(), AdminCommentsHandler::comment_access_filter(), Undelete::filter_post_delete_allow(), Post::get_form(), AdminPostsHandler::get_publish(), and AdminPostsHandler::post_delete_post().

static ACL::all_tokens ( order = 'id'  )  [static]

Get an array of QueryRecord objects containing all permission tokens

Parameters:
string $order the order in which to sort the returning array
Returns:
array an array of QueryRecord objects containing all tokens

Definition at line 157 of file acl.php.

Referenced by AdminGroupsHandler::get_group(), and AdminGroupsHandler::post_group().

static ACL::clear_caches (  )  [static]

Clears all caches used to hold permissions

Definition at line 742 of file acl.php.

Referenced by create_token(), destroy_token(), User::forget(), grant_group(), grant_user(), User::remember(), revoke_group_token(), and revoke_user_token().

static ACL::create_default_tokens (  )  [static]

Creates the default set of permissions.

Definition at line 757 of file acl.php.

static ACL::create_token ( name,
description,
group,
crud = false 
) [static]

Create a new permission token, and save it to the permission tokens table

Parameters:
string $name The name of the permission
string $description The description of the permission
string $group The token group for organizational purposes
bool $crud Indicates if the token is a CRUD or boolean type token (default is boolean)
Returns:
mixed the ID of the newly created permission, or boolean false

Definition at line 75 of file acl.php.

Referenced by Post::add_new_type().

static ACL::deny_group ( group_id,
token_id 
) [static]

Deny permission to a group

Parameters:
integer $group_id The group ID
mixed $token_id The name or ID of the permission token
Returns:
Result of the DB query

Definition at line 666 of file acl.php.

static ACL::deny_user ( user_id,
token_id 
) [static]

Deny permission to a user

Parameters:
integer $user_id The user ID
mixed $token_id The name or ID of the permission token
Returns:
Result of the DB query

Definition at line 677 of file acl.php.

static ACL::destroy_token ( token  )  [static]

Remove a permission token, and any assignments of it

Parameters:
mixed $permission a permission ID or name
Returns:
bool whether the permission was deleted or not

Definition at line 117 of file acl.php.

Referenced by HabariSilo::action_plugin_deactivation(), and Post::delete_post_type().

static ACL::get_bitmask ( mask  )  [static]

Get a Bitmask object representing the supplied access integer

Parameters:
integer $mask The access mask, usually stored in the database
Returns:
Bitmask An object representing the access value

Definition at line 61 of file acl.php.

Referenced by UserGroup::get_access(), Post::get_access(), Comment::get_access(), AdminHandler::get_main_menu(), and get_user_token_access().

static ACL::get_group_token_access ( group,
token_id 
) [static]

Get the access bitmask of a group for a specific permission token

Parameters:
integer $group The group ID
mixed $token_id A permission name or ID
Returns:
an access bitmask

Definition at line 544 of file acl.php.

Referenced by AdminGroupsHandler::get_group(), group_can(), and group_cannot().

static ACL::get_user_token_access ( user,
token 
) [static]

Return the access bitmask to a specific token for a specific user

Parameters:
mixed $user A User object instance or user id
mixed $token_id A permission token name or token ID
Returns:
integer An access bitmask

Do we allow perms that don't exist? When ACL is functional ACCESS_NONEXISTENT_PERMISSION should be false by default.

Jay Pipe's explanation of the following SQL 1) Look into user_permissions for the user and the token. If exists, use that permission flag for the check. If not, go to 2)

2) Look into the group_permissions joined to users_groups for the user and the token. Order the results by the access bitmask. The lower the mask value, the fewest permissions that group has. Use the first record's access mask to check the ACL.

This gives the system very fine grained control and grabbing the permission flag and can be accomplished in a single SQL call.

Definition at line 338 of file acl.php.

Referenced by Post::get_access(), Comment::get_access(), user_can(), and user_cannot().

static ACL::grant_group ( group_id,
token_id,
access = 'full' 
) [static]

Grant a permission to a group

Parameters:
integer $group_id The group ID
mixed $token_id The name or ID of the permission token to grant
string $access The kind of access to assign the group
Returns:
Result of the DB query

Definition at line 567 of file acl.php.

Referenced by create_token(), and UserGroup::grant().

static ACL::grant_user ( user_id,
token_id,
access = 'full' 
) [static]

Grant a permission to a user

Parameters:
integer $user_id The user ID
integer $token_id The name or ID of the permission token to grant
string $access The kind of access to assign the group
Returns:
Result of the DB query

Definition at line 628 of file acl.php.

Referenced by User::grant().

static ACL::group_can ( group,
token_id,
access = 'full' 
) [static]

Determine whether a group can perform a specific action

Parameters:
mixed $group A group ID or name
mixed $token_id A permission token ID or name
string $access Check for 'create', 'read', 'update', 'delete', or 'full' access
Returns:
bool Whether the group can perform the action

Definition at line 254 of file acl.php.

static ACL::group_cannot ( group,
token_id 
) [static]

Determine whether a group is explicitly denied permission to perform a specific action This function does not return true if the group is merely not granted a permission

Parameters:
mixed $user A group ID or a group name
mixed $token_id A permission ID or name
Returns:
bool True if access to the token is denied to the group

Definition at line 274 of file acl.php.

static ACL::normalize_token ( name  )  [static]

Convert a token name into a valid format

Parameters:
string $name The name of a permission
Returns:
string The permission with spaces converted to underscores and all lowercase

Definition at line 733 of file acl.php.

Referenced by create_token(), token_description(), token_exists(), and token_id().

static ACL::rebuild_permissions ( user = null  )  [static]

Reset premissions to their default state

Definition at line 793 of file acl.php.

static ACL::revoke_group_token ( group_id,
token_id 
) [static]

Remove a permission token from the group permissions table

Parameters:
integer $group_id The group ID
mixed $token_id The name or ID of the permission token
Returns:
the result of the DB query

Definition at line 688 of file acl.php.

Referenced by UserGroup::revoke().

static ACL::revoke_user_token ( user_id,
token_id 
) [static]

Remove a permission token from the user permissions table

Parameters:
integer $user_id The user ID
mixed $token_id The name or ID of the permission token
Returns:
the result of the DB query

Definition at line 716 of file acl.php.

static ACL::token_description ( permission  )  [static]

Fetch a permission token's description from the DB

Parameters:
mixed $permission a permission name or ID
Returns:
string the description of the permission

Definition at line 218 of file acl.php.

static ACL::token_exists ( permission  )  [static]

Determine whether a permission token exists

Parameters:
mixed $permission a permission name or ID
Returns:
bool whether the permission exists or not

Definition at line 235 of file acl.php.

Referenced by create_token().

static ACL::token_id ( name  )  [static]

Get a permission token's ID by its name

Parameters:
string $name the name of the permission
Returns:
int the permission's ID

Definition at line 201 of file acl.php.

Referenced by UserGroup::can(), create_token(), destroy_token(), UserGroup::get_access(), and get_user_token_access().

static ACL::token_name ( id  )  [static]

Get a permission token's name by its ID

Parameters:
int $id a token ID
Returns:
string the name of the permission, or boolean false

Definition at line 172 of file acl.php.

Referenced by User::grant(), grant_group(), User::revoke(), and revoke_group_token().

static ACL::user_can ( user,
token_id,
access = 'full' 
) [static]

Determine whether a user can perform a specific action

Parameters:
mixed $user A user object, user ID or a username
mixed $token_id A permission ID or name
string $access Check for 'create', 'read', 'update', 'delete', or 'full' access
Returns:
bool Whether the user can perform the action

Definition at line 293 of file acl.php.

Referenced by User::can(), and AdminPostsHandler::get_publish().

static ACL::user_cannot ( user,
token_id 
) [static]

Determine whether a user is explicitly denied permission to perform a specific action This function does not return true if the user is merely not granted a permission

Parameters:
mixed $user A User object, user ID or a username
mixed $token_id A permission ID or name
Returns:
bool True if access to the token is denied to the user

Definition at line 319 of file acl.php.

Referenced by User::cannot(), and AdminPostsHandler::get_publish().

static ACL::user_tokens ( user,
access = 'full',
posts_only = false 
) [static]

Get all the tokens for a given user with a particular kind of access

Parameters:
mixed $user A user object, user ID or a username
string $access Check for 'create' or 'read', 'update', or 'delete' access
Returns:
array of token IDs

Definition at line 463 of file acl.php.

Referenced by Posts::get(), and Comments::get().

Member Data Documentation

const ACL::ACCESS_NONEXISTENT_PERMISSION = 0

How to handle a permission request for a permission that is not in the permission list. For example, if you request $user->can('some non-existent permission') then this value is returned.

Definition at line 25 of file acl.php.

The documentation for this class was generated from the following file:
Generated on Wed May 16 2012 20:51:10 for Habari by  doxygen 1.7.1