API Documentation

Acl.php

Includes Classes 
category
Zend
copyright
Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com)
license
http://framework.zend.com/license/new-bsd New BSD License
package
Zend_Acl
version
$Id: Acl.php 22456 2010-06-18 22:41:37Z ralph $
Classes
Zend_Acl

Description

Zend Framework

LICENSE

This source file is subject to the new BSD license that is bundled with this package in the file LICENSE.txt. It is also available through the world-wide-web at this URL: http://framework.zend.com/license/new-bsd If you did not receive a copy of the license and are unable to obtain it through the world-wide-web, please send an email to license@zend.com so we can send you a copy immediately.

Zend_Acl
jump to top

category
Zend
copyright
Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com)
license
http://framework.zend.com/license/new-bsd New BSD License
package
Zend_Acl
Constants
TYPE_ALLOW
TYPE_DENY
OP_ADD
OP_REMOVE
Properties
$_roleRegistry
$_resources
$_isAllowedRole
$_isAllowedResource
$_isAllowedPrivilege
$_rules
Methods
addRole
getRole
hasRole
inheritsRole
removeRole
removeRoleAll
addResource
add
get
has
inherits
remove
removeAll
allow
deny
removeAllow
removeDeny
setRule
isAllowed
_getRoleRegistry
_roleDFSAllPrivileges
_roleDFSVisitAllPrivileges
_roleDFSOnePrivilege
_roleDFSVisitOnePrivilege
_getRuleType
_getRules
getRegisteredRoles
getRoles
getResources

Description

Constants

TYPE_ALLOW
jump to class

 TYPE_ALLOW = 'TYPE_ALLOW'

Rule type: allow

Details

value
TYPE_ALLOW

TYPE_DENY
jump to class

 TYPE_DENY = 'TYPE_DENY'

Rule type: deny

Details

value
TYPE_DENY

OP_ADD
jump to class

 OP_ADD = 'OP_ADD'

Rule operation: add

Details

value
OP_ADD

OP_REMOVE
jump to class

 OP_REMOVE = 'OP_REMOVE'

Rule operation: remove

Details

value
OP_REMOVE

Properties

$_isAllowedPrivilege
jump to class

String $_isAllowedPrivilege = 'null'

Details

$_isAllowedPrivilege
String
visibility
protected
default
null
final
false
static
false

$_isAllowedResource
jump to class

Zend_Acl_Resource_Interface $_isAllowedResource = 'null'

Details

$_isAllowedResource
Zend_Acl_Resource_Interface
visibility
protected
default
null
final
false
static
false

$_isAllowedRole
jump to class

Zend_Acl_Role_Interface $_isAllowedRole = 'null'

Details

$_isAllowedRole
Zend_Acl_Role_Interface
visibility
protected
default
null
final
false
static
false

$_resources
jump to class

array $_resources = 'array'

Resource tree

Details

$_resources
array
visibility
protected
default
array
final
false
static
false

$_roleRegistry
jump to class

Zend_Acl_Role_Registry $_roleRegistry = 'null'

Role registry

Details

$_roleRegistry
Zend_Acl_Role_Registry
visibility
protected
default
null
final
false
static
false

$_rules
jump to class

array $_rules = 'array'

ACL rules; whitelist (deny everything to all) by default

Details

$_rules
array
visibility
protected
default
array
final
false
static
false

Methods

_getRoleRegistry
jump to class

_getRoleRegistry( ) : Zend_Acl_Role_Registry

Returns the Role registry for this ACL

If no Role registry has been created yet, a new default Role registry is created and returned.

Output
Zend_Acl_Role_Registry
Details
visibility
protected
final
false
static
false

_getRuleType
jump to class

_getRuleType( Zend_Acl_Resource_Interface $resource = null, Zend_Acl_Role_Interface $role = null, string $privilege = null ) : string|null

Returns the rule type associated with the specified Resource, Role, and privilege combination.

If a rule does not exist or its attached assertion fails, which means that the rule is not applicable, then this method returns null. Otherwise, the rule type applies and is returned as either TYPE_ALLOW or TYPE_DENY.

If $resource or $role is null, then this means that the rule must apply to all Resources or Roles, respectively.

If $privilege is null, then the rule must apply to all privileges.

If all three parameters are null, then the default ACL rule type is returned, based on whether its assertion method passes.

Arguments
$resource
Zend_Acl_Resource_Interface
$role
Zend_Acl_Role_Interface
$privilege
string
Output
string|null
Details
visibility
protected
final
false
static
false

_getRules
jump to class

_getRules( Zend_Acl_Resource_Interface $resource = null, Zend_Acl_Role_Interface $role = null, boolean $create = false ) : array|null

Returns the rules associated with a Resource and a Role, or null if no such rules exist

If either $resource or $role is null, this means that the rules returned are for all Resources or all Roles, respectively. Both can be null to return the default rule set for all Resources and all Roles.

If the $create parameter is true, then a rule set is first created and then returned to the caller.

Arguments
$resource
Zend_Acl_Resource_Interface
$role
Zend_Acl_Role_Interface
$create
boolean
Output
array|null
Details
visibility
protected
final
false
static
false

_roleDFSAllPrivileges
jump to class

_roleDFSAllPrivileges( Zend_Acl_Role_Interface $role, Zend_Acl_Resource_Interface $resource = null ) : boolean|null

Performs a depth-first search of the Role DAG, starting at $role, in order to find a rule allowing/denying $role access to all privileges upon $resource

This method returns true if a rule is found and allows access. If a rule exists and denies access, then this method returns false. If no applicable rule is found, then this method returns null.

Arguments
$role
Zend_Acl_Role_Interface
$resource
Zend_Acl_Resource_Interface
Output
boolean|null
Details
visibility
protected
final
false
static
false

_roleDFSOnePrivilege
jump to class

_roleDFSOnePrivilege( Zend_Acl_Role_Interface $role, Zend_Acl_Resource_Interface $resource = null, string $privilege = null ) : boolean|null

Performs a depth-first search of the Role DAG, starting at $role, in order to find a rule allowing/denying $role access to a $privilege upon $resource

This method returns true if a rule is found and allows access. If a rule exists and denies access, then this method returns false. If no applicable rule is found, then this method returns null.

Arguments
$role
Zend_Acl_Role_Interface
$resource
Zend_Acl_Resource_Interface
$privilege
string
Output
boolean|null
Details
visibility
protected
final
false
static
false
throws

_roleDFSVisitAllPrivileges
jump to class

_roleDFSVisitAllPrivileges( Zend_Acl_Role_Interface $role, Zend_Acl_Resource_Interface $resource = null, array $dfs = null ) : boolean|null

Visits an $role in order to look for a rule allowing/denying $role access to all privileges upon $resource

This method returns true if a rule is found and allows access. If a rule exists and denies access, then this method returns false. If no applicable rule is found, then this method returns null.

This method is used by the internal depth-first search algorithm and may modify the DFS data structure.

Arguments
$role
Zend_Acl_Role_Interface
$resource
Zend_Acl_Resource_Interface
$dfs
array
Output
boolean|null
Details
visibility
protected
final
false
static
false
throws

_roleDFSVisitOnePrivilege
jump to class

_roleDFSVisitOnePrivilege( Zend_Acl_Role_Interface $role, Zend_Acl_Resource_Interface $resource = null, string $privilege = null, array $dfs = null ) : boolean|null

Visits an $role in order to look for a rule allowing/denying $role access to a $privilege upon $resource

This method returns true if a rule is found and allows access. If a rule exists and denies access, then this method returns false. If no applicable rule is found, then this method returns null.

This method is used by the internal depth-first search algorithm and may modify the DFS data structure.

Arguments
$role
Zend_Acl_Role_Interface
$resource
Zend_Acl_Resource_Interface
$privilege
string
$dfs
array
Output
boolean|null
Details
visibility
protected
final
false
static
false
throws

add
jump to class

add( Zend_Acl_Resource_Interface $resource, Zend_Acl_Resource_Interface|string $parent = null ) : Zend_Acl

Adds a Resource having an identifier unique to the ACL

The $parent parameter may be a reference to, or the string identifier for, the existing Resource from which the newly added Resource will inherit.

Arguments
$resource
Zend_Acl_Resource_Interface
$parent
Zend_Acl_Resource_Interfacestring
Output
Zend_Acl
Provides a fluent interface
Details
visibility
public
final
false
static
false
deprecated
in version 1.9.1 and will be available till 2.0. New code should use addResource() instead.
throws

addResource
jump to class

addResource( Zend_Acl_Resource_Interface|string $resource, Zend_Acl_Resource_Interface|string $parent = null ) : Zend_Acl

Adds a Resource having an identifier unique to the ACL

The $parent parameter may be a reference to, or the string identifier for, the existing Resource from which the newly added Resource will inherit.

Arguments
$resource
Zend_Acl_Resource_Interfacestring
$parent
Zend_Acl_Resource_Interfacestring
Output
Zend_Acl
Provides a fluent interface
Details
visibility
public
final
false
static
false
throws

addRole
jump to class

addRole( Zend_Acl_Role_Interface $role, Zend_Acl_Role_Interface|string|array $parents = null ) : Zend_Acl

Adds a Role having an identifier unique to the registry

The $parents parameter may be a reference to, or the string identifier for, a Role existing in the registry, or $parents may be passed as an array of these - mixing string identifiers and objects is ok - to indicate the Roles from which the newly added Role will directly inherit.

In order to resolve potential ambiguities with conflicting rules inherited from different parents, the most recently added parent takes precedence over parents that were previously added. In other words, the first parent added will have the least priority, and the last parent added will have the highest priority.

Arguments
$role
Zend_Acl_Role_Interface
$parents
Zend_Acl_Role_Interfacestringarray
Output
Zend_Acl
Provides a fluent interface
Details
visibility
public
final
false
static
false
uses
Zend_Acl_Role_Registry::add()

allow
jump to class

allow( Zend_Acl_Role_Interface|string|array $roles = null, Zend_Acl_Resource_Interface|string|array $resources = null, string|array $privileges = null, Zend_Acl_Assert_Interface $assert = null ) : Zend_Acl

Adds an "allow" rule to the ACL

Arguments
$roles
Zend_Acl_Role_Interfacestringarray
$resources
Zend_Acl_Resource_Interfacestringarray
$privileges
stringarray
$assert
Zend_Acl_Assert_Interface
Output
Zend_Acl
Provides a fluent interface
Details
visibility
public
final
false
static
false
uses
Zend_Acl::setRule()

deny
jump to class

deny( Zend_Acl_Role_Interface|string|array $roles = null, Zend_Acl_Resource_Interface|string|array $resources = null, string|array $privileges = null, Zend_Acl_Assert_Interface $assert = null ) : Zend_Acl

Adds a "deny" rule to the ACL

Arguments
$roles
Zend_Acl_Role_Interfacestringarray
$resources
Zend_Acl_Resource_Interfacestringarray
$privileges
stringarray
$assert
Zend_Acl_Assert_Interface
Output
Zend_Acl
Provides a fluent interface
Details
visibility
public
final
false
static
false
uses
Zend_Acl::setRule()

get
jump to class

get( Zend_Acl_Resource_Interface|string $resource ) : Zend_Acl_Resource_Interface

Returns the identified Resource

The $resource parameter can either be a Resource or a Resource identifier.

Arguments
$resource
Zend_Acl_Resource_Interfacestring
Output
Zend_Acl_Resource_Interface
Details
visibility
public
final
false
static
false
throws

getRegisteredRoles
jump to class

getRegisteredRoles( ) : array

Output
array
of registered roles (Deprecated)
Details
visibility
public
final
false
static
false
deprecated
Deprecated since version 1.10 (December 2009)

getResources
jump to class

getResources( ) : array

Output
array
of registered resources
Details
visibility
public
final
false
static
false

getRole
jump to class

getRole( Zend_Acl_Role_Interface|string $role ) : Zend_Acl_Role_Interface

Returns the identified Role

The $role parameter can either be a Role or Role identifier.

Arguments
$role
Zend_Acl_Role_Interfacestring
Output
Zend_Acl_Role_Interface
Details
visibility
public
final
false
static
false
uses
Zend_Acl_Role_Registry::get()

getRoles
jump to class

getRoles( ) : array

Output
array
of registered roles
Details
visibility
public
final
false
static
false

has
jump to class

has( Zend_Acl_Resource_Interface|string $resource ) : boolean

Returns true if and only if the Resource exists in the ACL

The $resource parameter can either be a Resource or a Resource identifier.

Arguments
$resource
Zend_Acl_Resource_Interfacestring
Output
boolean
Details
visibility
public
final
false
static
false

hasRole
jump to class

hasRole( Zend_Acl_Role_Interface|string $role ) : boolean

Returns true if and only if the Role exists in the registry

The $role parameter can either be a Role or a Role identifier.

Arguments
$role
Zend_Acl_Role_Interfacestring
Output
boolean
Details
visibility
public
final
false
static
false
uses
Zend_Acl_Role_Registry::has()

inherits
jump to class

inherits( Zend_Acl_Resource_Interface|string $resource, Zend_Acl_Resource_Interface|string $inherit, boolean $onlyParent = false ) : boolean

Returns true if and only if $resource inherits from $inherit

Both parameters may be either a Resource or a Resource identifier. If $onlyParent is true, then $resource must inherit directly from $inherit in order to return true. By default, this method looks through the entire inheritance tree to determine whether $resource inherits from $inherit through its ancestor Resources.

Arguments
$resource
Zend_Acl_Resource_Interfacestring
$inherit
Zend_Acl_Resource_Interfacestring
$onlyParent
boolean
Output
boolean
Details
visibility
public
final
false
static
false
throws

inheritsRole
jump to class

inheritsRole( Zend_Acl_Role_Interface|string $role, Zend_Acl_Role_Interface|string $inherit, boolean $onlyParents = false ) : boolean

Returns true if and only if $role inherits from $inherit

Both parameters may be either a Role or a Role identifier. If $onlyParents is true, then $role must inherit directly from $inherit in order to return true. By default, this method looks through the entire inheritance DAG to determine whether $role inherits from $inherit through its ancestor Roles.

Arguments
$role
Zend_Acl_Role_Interfacestring
$inherit
Zend_Acl_Role_Interfacestring
$onlyParents
boolean
Output
boolean
Details
visibility
public
final
false
static
false
uses
Zend_Acl_Role_Registry::inherits()

isAllowed
jump to class

isAllowed( Zend_Acl_Role_Interface|string $role = null, Zend_Acl_Resource_Interface|string $resource = null, string $privilege = null ) : boolean

Returns true if and only if the Role has access to the Resource

The $role and $resource parameters may be references to, or the string identifiers for, an existing Resource and Role combination.

If either $role or $resource is null, then the query applies to all Roles or all Resources, respectively. Both may be null to query whether the ACL has a "blacklist" rule (allow everything to all). By default, Zend_Acl creates a "whitelist" rule (deny everything to all), and this method would return false unless this default has been overridden (i.e., by executing $acl->allow()).

If a $privilege is not provided, then this method returns false if and only if the Role is denied access to at least one privilege upon the Resource. In other words, this method returns true if and only if the Role is allowed all privileges on the Resource.

This method checks Role inheritance using a depth-first traversal of the Role registry. The highest priority parent (i.e., the parent most recently added) is checked first, and its respective parents are checked similarly before the lower-priority parents of the Role are checked.

Arguments
$role
Zend_Acl_Role_Interfacestring
$resource
Zend_Acl_Resource_Interfacestring
$privilege
string
Output
boolean
Details
visibility
public
final
false
static
false
uses
Zend_Acl::get()
uses
Zend_Acl_Role_Registry::get()

remove
jump to class

remove( Zend_Acl_Resource_Interface|string $resource ) : Zend_Acl

Removes a Resource and all of its children

The $resource parameter can either be a Resource or a Resource identifier.

Arguments
$resource
Zend_Acl_Resource_Interfacestring
Output
Zend_Acl
Provides a fluent interface
Details
visibility
public
final
false
static
false
throws

removeAll
jump to class

removeAll( ) : Zend_Acl

Removes all Resources

Output
Zend_Acl
Provides a fluent interface
Details
visibility
public
final
false
static
false

removeAllow
jump to class

removeAllow( Zend_Acl_Role_Interface|string|array $roles = null, Zend_Acl_Resource_Interface|string|array $resources = null, string|array $privileges = null ) : Zend_Acl

Removes "allow" permissions from the ACL

Arguments
$roles
Zend_Acl_Role_Interfacestringarray
$resources
Zend_Acl_Resource_Interfacestringarray
$privileges
stringarray
Output
Zend_Acl
Provides a fluent interface
Details
visibility
public
final
false
static
false
uses
Zend_Acl::setRule()

removeDeny
jump to class

removeDeny( Zend_Acl_Role_Interface|string|array $roles = null, Zend_Acl_Resource_Interface|string|array $resources = null, string|array $privileges = null ) : Zend_Acl

Removes "deny" restrictions from the ACL

Arguments
$roles
Zend_Acl_Role_Interfacestringarray
$resources
Zend_Acl_Resource_Interfacestringarray
$privileges
stringarray
Output
Zend_Acl
Provides a fluent interface
Details
visibility
public
final
false
static
false
uses
Zend_Acl::setRule()

removeRole
jump to class

removeRole( Zend_Acl_Role_Interface|string $role ) : Zend_Acl

Removes the Role from the registry

The $role parameter can either be a Role or a Role identifier.

Arguments
$role
Zend_Acl_Role_Interfacestring
Output
Zend_Acl
Provides a fluent interface
Details
visibility
public
final
false
static
false
uses
Zend_Acl_Role_Registry::remove()

removeRoleAll
jump to class

removeRoleAll( ) : Zend_Acl

Removes all Roles from the registry

Output
Zend_Acl
Provides a fluent interface
Details
visibility
public
final
false
static
false
uses
Zend_Acl_Role_Registry::removeAll()

setRule
jump to class

setRule( string $operation, string $type, Zend_Acl_Role_Interface|string|array $roles = null, Zend_Acl_Resource_Interface|string|array $resources = null, string|array $privileges = null, Zend_Acl_Assert_Interface $assert = null ) : Zend_Acl

Performs operations on ACL rules

The $operation parameter may be either OP_ADD or OP_REMOVE, depending on whether the user wants to add or remove a rule, respectively:

OP_ADD specifics:

 A rule is added that would allow one or more Roles access to [certain $privileges
 upon] the specified Resource(s).

OP_REMOVE specifics:

 The rule is removed only in the context of the given Roles, Resources, and privileges.
 Existing rules to which the remove operation does not apply would remain in the
 ACL.

The $type parameter may be either TYPE_ALLOW or TYPE_DENY, depending on whether the rule is intended to allow or deny permission, respectively.

The $roles and $resources parameters may be references to, or the string identifiers for, existing Resources/Roles, or they may be passed as arrays of these - mixing string identifiers and objects is ok - to indicate the Resources and Roles to which the rule applies. If either $roles or $resources is null, then the rule applies to all Roles or all Resources, respectively. Both may be null in order to work with the default rule of the ACL.

The $privileges parameter may be used to further specify that the rule applies only to certain privileges upon the Resource(s) in question. This may be specified to be a single privilege with a string, and multiple privileges may be specified as an array of strings.

If $assert is provided, then its assert() method must return true in order for the rule to apply. If $assert is provided with $roles, $resources, and $privileges all equal to null, then a rule having a type of:

 TYPE_ALLOW will imply a type of TYPE_DENY, and

 TYPE_DENY will imply a type of TYPE_ALLOW

when the rule's assertion fails. This is because the ACL needs to provide expected behavior when an assertion upon the default ACL rule fails.

Arguments
$operation
string
$type
string
$roles
Zend_Acl_Role_Interfacestringarray
$resources
Zend_Acl_Resource_Interfacestringarray
$privileges
stringarray
$assert
Zend_Acl_Assert_Interface
Output
Zend_Acl
Provides a fluent interface
Details
visibility
public
final
false
static
false
throws
uses
Zend_Acl_Role_Registry::get()
uses
Zend_Acl::get()
Documentation was generated by DocBlox.