Zend\Permissions\Acl\Acl
Synopsis
class Acl
implements
AclInterface
{
- // constants
- const TYPE_ALLOW = 'TYPE_ALLOW';
- const TYPE_DENY = 'TYPE_DENY';
- const OP_ADD = 'OP_ADD';
- const OP_REMOVE = 'OP_REMOVE';
- // members
- protected Registry $roleRegistry;
- protected array $resources;
- protected RoleInterface $isAllowedRole;
- protected Resource $isAllowedResource;
- protected string $isAllowedPrivilege;
- protected array $rules;
- // methods
- public Acl addRole()
- public RoleInterface getRole()
- public bool hasRole()
- public bool inheritsRole()
- public Acl removeRole()
- public Acl removeRoleAll()
- public Acl addResource()
- public Resource getResource()
- public bool hasResource()
- public bool inheritsResource()
- public Acl removeResource()
- public Acl removeResourceAll()
- public Acl allow()
- public Acl deny()
- public Acl removeAllow()
- public Acl removeDeny()
- public Acl setRule()
- protected array getChildResources()
- public bool isAllowed()
- protected Registry getRoleRegistry()
- protected bool|null roleDFSAllPrivileges()
- protected bool|null roleDFSVisitAllPrivileges()
- protected bool|null roleDFSOnePrivilege()
- protected bool|null roleDFSVisitOnePrivilege()
- protected string|null getRuleType()
- protected array|null getRules()
- public array getRoles()
- public array getResources()
Hierarchy
Implements
Constants
Name | Value |
---|---|
TYPE_ALLOW | 'TYPE_ALLOW' |
TYPE_DENY | 'TYPE_DENY' |
OP_ADD | 'OP_ADD' |
OP_REMOVE | 'OP_REMOVE' |
Members
protected
- $isAllowedPrivilege — string
- $isAllowedResource — Zend\Permissions\Acl\Resource
- $isAllowedRole — Zend\Permissions\Acl\Role\RoleInterface
- $resources
—
array
Resource tree - $roleRegistry
—
Zend\Permissions\Acl\Role\Registry
Role registry - $rules
—
array
ACL rules; whitelist (deny everything to all) by default
Methods
protected
- getChildResources() — Returns all child resources from the given resource.
- getRoleRegistry() — Returns the Role registry for this ACL
- getRuleType() — Returns the rule type associated with the specified Resource, Role, and privilege combination.
- getRules() — Returns the rules associated with a Resource and a Role, or null if no such rules exist
- roleDFSAllPrivileges() — Performs a depth-first search of the Role DAG, starting at $role, in order to find a rule allowing/denying $role access to all privileges upon $resource
- roleDFSOnePrivilege() — Performs a depth-first search of the Role DAG, starting at $role, in order to find a rule allowing/denying $role access to a $privilege upon $resource
- roleDFSVisitAllPrivileges() — Visits an $role in order to look for a rule allowing/denying $role access to all privileges upon $resource
- roleDFSVisitOnePrivilege() — Visits an $role in order to look for a rule allowing/denying $role access to a $privilege upon $resource
public
- addResource() — Adds a Resource having an identifier unique to the ACL
- addRole() — Adds a Role having an identifier unique to the registry
- allow() — Adds an "allow" rule to the ACL
- deny() — Adds a "deny" rule to the ACL
- getResource() — Returns the identified Resource
- getResources()
- getRole() — Returns the identified Role
- getRoles()
- hasResource() — Returns true if and only if the Resource exists in the ACL
- hasRole() — Returns true if and only if the Role exists in the registry
- inheritsResource() — Returns true if and only if $resource inherits from $inherit
- inheritsRole() — Returns true if and only if $role inherits from $inherit
- isAllowed() — Returns true if and only if the Role has access to the Resource
- removeAllow() — Removes "allow" permissions from the ACL
- removeDeny() — Removes "deny" restrictions from the ACL
- removeResource() — Removes a Resource and all of its children
- removeResourceAll() — Removes all Resources
- removeRole() — Removes the Role from the registry
- removeRoleAll() — Removes all Roles from the registry
- setRule() — Performs operations on ACL rules