_adapter = new Adapter(); // Deny access to everything by default. $this->_adapter->setDefaultAction(Enum::DENY); $this->fromConfig($config); } /** * @param $role * @param $resource * @return bool */ public function isAllowed($role, $resource) { // Special stuff here :) for resources within modules. // Modules and controllers are separated by "/" $pos = strpos($resource, '/'); if ($pos !== false) { // Construct the wildcard resource. $wildcard = substr($resource, 0, $pos+1) . '*'; // If we have this wildcard resource, check against that instead. if ($this->hasResource($wildcard)) { $resource = $wildcard; } } return $this->_adapter->isAllowed($role, $resource, 'All') == Enum::ALLOW; } /** * @param string $resource * @return bool */ public function hasResource($resource) { return $this->_adapter->isComponent($resource); } public function fromConfig(Config $config) { // Add roles. foreach($config->roles as $name => $def) { $inherits = null; $description = null; if ($def instanceof Config) { $inherits = $def->get('inherits'); $description = $def->get('description'); } $role = new Role($name, $description); $this->_adapter->addRole($role, $inherits); } // Zones foreach($config->zones as $name => $resources) { if (!($resources instanceof Config)) { $resources = new Config([ $resources ]); } foreach($resources as $resource) { $this->_adapter->addComponent($resource, 'All'); } } // Grant access for roles and resources. foreach($config->roles as $name => $def) { $zones = $def->get('allowed-zones', []); if (is_string($zones)) { $zones = [ $zones ]; } foreach($zones as $zone) { $resources = $config->zones->get($zone); if (!($resources instanceof Config)) { $resources = new Config([ $resources ]); } foreach($resources as $resource) { $this->_adapter->allow($name, $resource, 'All'); } } } } }