<?php

namespace Httpcb;

use Phalcon\Acl\Role,
    Phalcon\Acl\Adapter\Memory as AclList;

class Acl extends AclList
{
    const ROLE_USER  = 'user';
    const ROLE_GUEST = 'guest';

    public function __construct()
    {
        // Deny access to everything by default.
        $this->setDefaultAction(\Phalcon\Acl::DENY);

        // Roles
        $guest = new Role(self::ROLE_GUEST);
        $user = new Role(self::ROLE_USER);

        $this->addRole($guest);
        $this->addRole($user, $guest);

        // Public Resources
        $public = array(
            'index',
            'error',
            'auth',
            'api',
        );

        $this->_grant($guest, $public);

        // Protected Resources
        $protected = array(
            'callback',
            'user',
        );

        $this->_grant($user, $protected);
    }

    protected function _grant(Role $role, array $resources)
    {
        foreach($resources as $resource) {
            $this->addResource($resource, 'Read');
            $this->allow($role->getName(), $resource, 'Read');
        }
    }
}