|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* YAWIK |
|
4
|
|
|
* |
|
5
|
|
|
* @filesource |
|
6
|
|
|
* @copyright (c) 2013 - 2016 Cross Solution (http://cross-solution.de) |
|
7
|
|
|
* @license MIT |
|
8
|
|
|
*/ |
|
9
|
|
|
|
|
10
|
|
|
/** Permissions.php */ |
|
11
|
|
|
namespace Core\Entity; |
|
12
|
|
|
|
|
13
|
|
|
use Doctrine\Common\Collections\Collection; |
|
14
|
|
|
use Doctrine\ODM\MongoDB\Mapping\Annotations as ODM; |
|
15
|
|
|
use Auth\Entity\UserInterface; |
|
16
|
|
|
use Core\Entity\Collection\ArrayCollection; |
|
17
|
|
|
|
|
18
|
|
|
/** |
|
19
|
|
|
* Manages permissions for an entity. |
|
20
|
|
|
* |
|
21
|
|
|
* |
|
22
|
|
|
* @method boolean isAllGranted($userOrId) shortcut for isGranted($userOrId, self::PERMISSION_ALL) |
|
23
|
|
|
* @method boolean isNoneGranted($userOrId) shortcut for isGranted($userOrId, self::PERMISSION_NONE) |
|
24
|
|
|
* @method boolean isChangeGranted($userOrId) shortcut for isGranted($userOrId, self::PERMISSION_CHANGE) |
|
25
|
|
|
* @method boolean isViewGranted($userOrId) shortcut for isGranted($userOrId, self::PERMISSION_VIEW) |
|
26
|
|
|
* @method $this grantAll($resource) shortcut for grant($resource, self::PERMISSION_ALL) |
|
27
|
|
|
* @method $this grantNone($resource) shortcut for grant($resource, self::PERMISSION_NONE) |
|
28
|
|
|
* @method $this grantChange($resource) shortcut for grant($resource, self::PERMISSION_CHANGE) |
|
29
|
|
|
* @method $this grantView($resource) shortcut for grant($resource, self::PERMISSION_VIEW) |
|
30
|
|
|
* @method $this revokeAll($resource) shortcut for grant($resource, self::PERMISSION_ALL) |
|
31
|
|
|
* @method $this revokeNone($resource) shortcut for grant($resource, self::PERMISSION_NONE) |
|
32
|
|
|
* @method $this revokeChange($resource) shortcut for grant($resource, self::PERMISSION_CHANGE) |
|
33
|
|
|
* @method $this revokeView($resource) shortcut for grant($resource, self::PERMISSION_VIEW) |
|
34
|
|
|
* |
|
35
|
|
|
* @ODM\EmbeddedDocument |
|
36
|
|
|
* @ODM\HasLifeCycleCallbacks |
|
37
|
|
|
* |
|
38
|
|
|
* @author Mathias Gelhausen <[email protected]> |
|
39
|
|
|
*/ |
|
40
|
|
|
class Permissions implements PermissionsInterface |
|
41
|
|
|
{ |
|
42
|
|
|
/** |
|
43
|
|
|
* The type of this Permissions |
|
44
|
|
|
* |
|
45
|
|
|
* default is the Fully qualified class name. |
|
46
|
|
|
* |
|
47
|
|
|
* @ODM\Field(type="string") |
|
48
|
|
|
* @var string |
|
49
|
|
|
* @since 0,18 |
|
50
|
|
|
*/ |
|
51
|
|
|
protected $type; |
|
52
|
|
|
|
|
53
|
|
|
/** |
|
54
|
|
|
* Ids of users, which have view access. |
|
55
|
|
|
* |
|
56
|
|
|
* @var array |
|
57
|
|
|
* @ODM\Field(type="collection") |
|
58
|
|
|
* @ODM\Index |
|
59
|
|
|
*/ |
|
60
|
|
|
protected $view = array(); |
|
61
|
|
|
|
|
62
|
|
|
/** |
|
63
|
|
|
* Ids of users, which have change access. |
|
64
|
|
|
* |
|
65
|
|
|
* @var array |
|
66
|
|
|
* @ODM\Field(type="collection") |
|
67
|
|
|
* @ODM\Index |
|
68
|
|
|
*/ |
|
69
|
|
|
protected $change = array(); |
|
70
|
|
|
|
|
71
|
|
|
/** |
|
72
|
|
|
* Specification of assigned resources. |
|
73
|
|
|
* |
|
74
|
|
|
* As of 0.18, the format is: |
|
75
|
|
|
* <pre> |
|
76
|
|
|
* array( |
|
77
|
|
|
* resourceId => array( |
|
78
|
|
|
* permission => array(userId,...), |
|
79
|
|
|
* ... |
|
80
|
|
|
* ), |
|
81
|
|
|
* ... |
|
82
|
|
|
* ); |
|
83
|
|
|
* </pre> |
|
84
|
|
|
* |
|
85
|
|
|
* @var array |
|
86
|
|
|
* @ODM\Field(type="hash") |
|
87
|
|
|
*/ |
|
88
|
|
|
protected $assigned = array(); |
|
89
|
|
|
|
|
90
|
|
|
/** |
|
91
|
|
|
* Collection of all assigned resources. |
|
92
|
|
|
* |
|
93
|
|
|
* @var Collection |
|
94
|
|
|
* @ODM\ReferenceMany(discriminatorField="_resource") |
|
95
|
|
|
*/ |
|
96
|
|
|
protected $resources; |
|
97
|
|
|
|
|
98
|
|
|
/** |
|
99
|
|
|
* Flag, wether this permissions has changed or not. |
|
100
|
|
|
* |
|
101
|
|
|
* @var bool |
|
102
|
|
|
*/ |
|
103
|
|
|
protected $hasChanged = false; |
|
104
|
|
|
|
|
105
|
|
|
/** |
|
106
|
|
|
* Creates a Permissions instance. |
|
107
|
|
|
* |
|
108
|
|
|
* @param string|null $type The type identifier, defaults to FQCN. |
|
109
|
|
|
*/ |
|
110
|
42 |
|
public function __construct($type = null) |
|
111
|
|
|
{ |
|
112
|
42 |
|
$this->type = $type ?: get_class($this); |
|
113
|
|
|
} |
|
114
|
|
|
|
|
115
|
|
|
/** |
|
116
|
|
|
* Clones resources in a new ArrayCollection. |
|
117
|
|
|
* Needed because PHP does not deep cloning objects. |
|
118
|
|
|
* (That means, references stay references pointing to the same |
|
119
|
|
|
* object than the parent.) |
|
120
|
|
|
*/ |
|
121
|
2 |
|
public function __clone() |
|
122
|
|
|
{ |
|
123
|
2 |
|
$resources = new ArrayCollection(); |
|
124
|
2 |
|
if ($this->resources) { |
|
125
|
1 |
|
foreach ($this->resources as $r) { |
|
126
|
1 |
|
$resources->add($r); |
|
127
|
|
|
} |
|
128
|
|
|
} |
|
129
|
2 |
|
$this->resources = $resources; |
|
130
|
|
|
} |
|
131
|
|
|
|
|
132
|
|
|
/** |
|
133
|
|
|
* Provides magic methods. |
|
134
|
|
|
* |
|
135
|
|
|
* - is[View|Change|None|All]Granted($user) |
|
136
|
|
|
* - grant[View|Change|None|All]($user) |
|
137
|
|
|
* - revoke[View|Change|None|All($user) |
|
138
|
|
|
* |
|
139
|
|
|
* @param string $method |
|
140
|
|
|
* @param array $params |
|
141
|
|
|
* |
|
142
|
|
|
* @return self|bool |
|
143
|
|
|
* @throws \InvalidArgumentException |
|
144
|
|
|
* @throws \BadMethodCallException |
|
145
|
|
|
*/ |
|
146
|
4 |
|
public function __call($method, $params) |
|
147
|
|
|
{ |
|
148
|
4 |
|
if (1 != count($params)) { |
|
149
|
1 |
|
throw new \InvalidArgumentException('Missing required parameter.'); |
|
150
|
|
|
} |
|
151
|
|
|
|
|
152
|
3 |
|
if (preg_match('~^is(View|Change|None|All)Granted$~', $method, $match)) { |
|
153
|
1 |
|
$permission = constant('self::PERMISSION_' . strtoupper($match[1])); |
|
154
|
1 |
|
return $this->isGranted($params[0], $permission); |
|
155
|
|
|
} |
|
156
|
|
|
|
|
157
|
3 |
|
if (preg_match('~^grant(View|Change|None|All)$~', $method, $match)) { |
|
158
|
2 |
|
$permission = constant('self::PERMISSION_' . strtoupper($match[1])); |
|
159
|
2 |
|
return $this->grant($params[0], $permission); |
|
160
|
|
|
} |
|
161
|
|
|
|
|
162
|
2 |
|
if (preg_match('~^revoke(View|Change|None|All)$~', $method, $match)) { |
|
163
|
1 |
|
$permission = constant('self::PERMISSION_' . strtoupper($match[1])); |
|
164
|
1 |
|
return $this->revoke($params[0], $permission); |
|
165
|
|
|
} |
|
166
|
|
|
|
|
167
|
1 |
|
throw new \BadMethodCallException('Unknown method "' . $method . '"'); |
|
168
|
|
|
} |
|
169
|
|
|
|
|
170
|
|
|
/** |
|
171
|
|
|
* Gets the permission type |
|
172
|
|
|
* |
|
173
|
|
|
* @return string |
|
174
|
|
|
* @since 0.24 |
|
175
|
|
|
*/ |
|
176
|
5 |
|
public function getType() |
|
177
|
|
|
{ |
|
178
|
5 |
|
return $this->type; |
|
179
|
|
|
} |
|
180
|
|
|
|
|
181
|
|
|
/** |
|
182
|
|
|
* Grants a permission to a user or resource. |
|
183
|
|
|
* |
|
184
|
|
|
* {@inheritDoc} |
|
185
|
|
|
* |
|
186
|
|
|
* @param bool $build Should the view and change arrays be rebuild? |
|
187
|
|
|
*/ |
|
188
|
34 |
|
public function grant($resource, $permission = null, $build = true) |
|
189
|
|
|
{ |
|
190
|
34 |
|
if (is_array($resource)) { |
|
191
|
1 |
|
foreach ($resource as $r) { |
|
192
|
1 |
|
$this->grant($r, $permission, false); |
|
193
|
|
|
} |
|
194
|
1 |
|
if ($build) { |
|
195
|
1 |
|
$this->build(); |
|
196
|
|
|
} |
|
197
|
1 |
|
return $this; |
|
198
|
|
|
} |
|
199
|
|
|
|
|
200
|
|
|
//new \Doctrine\ODM\MongoDB\ |
|
201
|
34 |
|
true === $permission |
|
202
|
34 |
|
|| (null === $permission && $resource instanceof PermissionsResourceInterface) |
|
203
|
33 |
|
|| $this->checkPermission($permission); |
|
204
|
|
|
|
|
205
|
33 |
|
$resourceId = $this->getResourceId($resource); |
|
206
|
|
|
|
|
207
|
33 |
|
if (true === $permission) { |
|
208
|
1 |
|
$permission = $this->getFrom($resource); |
|
209
|
|
|
} |
|
210
|
|
|
|
|
211
|
33 |
|
if (self::PERMISSION_NONE == $permission) { |
|
212
|
2 |
|
if ($resource instanceof PermissionsResourceInterface) { |
|
213
|
1 |
|
$refs = $this->getResources(); |
|
214
|
1 |
|
if ($refs->contains($resource)) { |
|
215
|
1 |
|
$refs->removeElement($resource); |
|
216
|
|
|
} |
|
217
|
|
|
} |
|
218
|
2 |
|
unset($this->assigned[$resourceId]); |
|
219
|
|
|
} else { |
|
220
|
33 |
|
if ($resource instanceof PermissionsResourceInterface) { |
|
221
|
7 |
|
$spec = $resource->getPermissionsUserIds($this->type); |
|
|
|
|
|
|
222
|
7 |
|
if (!is_array($spec) || !count($spec)) { |
|
223
|
4 |
|
$spec = array(); |
|
224
|
4 |
|
} elseif (is_numeric(key($spec))) { |
|
225
|
7 |
|
$spec = array($permission => $spec); |
|
226
|
|
|
} |
|
227
|
|
|
} else { |
|
228
|
28 |
|
$spec = array($permission => $resource instanceof UserInterface ? array($resource->getId()) : array($resource)); |
|
229
|
|
|
} |
|
230
|
|
|
|
|
231
|
33 |
|
$this->assigned[$resourceId] = $spec; |
|
232
|
|
|
|
|
233
|
33 |
|
if ($resource instanceof PermissionsResourceInterface) { |
|
234
|
|
|
try { |
|
235
|
7 |
|
$refs = $this->getResources(); |
|
236
|
7 |
|
if (!$refs->contains($resource)) { |
|
237
|
7 |
|
$refs->add($resource); |
|
238
|
|
|
} |
|
239
|
|
|
} catch (\Exception $e) { |
|
|
|
|
|
|
240
|
|
|
}; |
|
241
|
|
|
} |
|
242
|
|
|
} |
|
243
|
|
|
|
|
244
|
33 |
|
if ($build) { |
|
245
|
31 |
|
$this->build(); |
|
246
|
|
|
} |
|
247
|
33 |
|
$this->hasChanged = true; |
|
248
|
33 |
|
return $this; |
|
249
|
|
|
} |
|
250
|
|
|
|
|
251
|
|
|
/** |
|
252
|
|
|
* Revokes a permission from a user or resource. |
|
253
|
|
|
* |
|
254
|
|
|
* {@inheritDoc} |
|
255
|
|
|
* |
|
256
|
|
|
* @param bool $build Should the view and change arrays be rebuild? |
|
257
|
|
|
* |
|
258
|
|
|
* @return $this|PermissionsInterface |
|
259
|
|
|
*/ |
|
260
|
7 |
|
public function revoke($resource, $permission = null, $build = true) |
|
261
|
|
|
{ |
|
262
|
7 |
|
if (self::PERMISSION_NONE == $permission || !$this->isAssigned($resource)) { |
|
263
|
2 |
|
return $this; |
|
264
|
|
|
} |
|
265
|
|
|
|
|
266
|
5 |
|
if (self::PERMISSION_CHANGE == $permission) { |
|
267
|
4 |
|
return $this->grant($resource, self::PERMISSION_VIEW, $build); |
|
268
|
|
|
} |
|
269
|
|
|
|
|
270
|
1 |
|
return $this->grant($resource, self::PERMISSION_NONE, $build); |
|
271
|
|
|
} |
|
272
|
|
|
|
|
273
|
1 |
|
public function clear() |
|
274
|
|
|
{ |
|
275
|
1 |
|
$this->view = array(); |
|
276
|
1 |
|
$this->change = array(); |
|
277
|
1 |
|
$this->assigned = array(); |
|
278
|
1 |
|
$this->resources = null; |
|
279
|
|
|
|
|
280
|
1 |
|
return $this; |
|
281
|
|
|
} |
|
282
|
|
|
|
|
283
|
5 |
|
public function inherit(PermissionsInterface $permissions, $build = true) |
|
284
|
|
|
{ |
|
285
|
|
|
// Override permissions type temporarly to get the right permissions back |
|
286
|
|
|
// from resources which may be aware of the permissions type. |
|
287
|
|
|
// Maybe this must be controllable by an additional parameter, but for now |
|
288
|
|
|
// we make this default. |
|
289
|
5 |
|
$oldType = $this->type; |
|
290
|
5 |
|
$this->type = $permissions->getType(); |
|
|
|
|
|
|
291
|
|
|
|
|
292
|
|
|
/* @var $permissions Permissions */ |
|
293
|
5 |
|
$assigned = $permissions->getAssigned(); |
|
294
|
5 |
|
$resources = $permissions->getResources(); |
|
295
|
|
|
|
|
296
|
|
|
/* |
|
297
|
|
|
* Grant resource references permissions. |
|
298
|
|
|
*/ |
|
299
|
5 |
|
foreach ($resources as $resource) { |
|
300
|
|
|
/* @var $resource PermissionsResourceInterface */ |
|
301
|
1 |
|
$permission = $permissions->getFrom($resource); |
|
302
|
|
|
|
|
303
|
1 |
|
$this->grant($resource, $permission, false); |
|
304
|
1 |
|
unset($assigned[$resource->getPermissionsResourceId()]); |
|
305
|
|
|
} |
|
306
|
|
|
/* |
|
307
|
|
|
* Merge remaining user permissions (w/o resource references) |
|
308
|
|
|
*/ |
|
309
|
5 |
|
$this->assigned = array_merge($this->assigned, $assigned); |
|
310
|
5 |
|
if ($build) { |
|
311
|
5 |
|
$this->build(); |
|
312
|
|
|
} |
|
313
|
5 |
|
$this->hasChanged= true; |
|
314
|
|
|
|
|
315
|
|
|
// restore orginial permissions type |
|
316
|
5 |
|
$this->type = $oldType; |
|
317
|
|
|
|
|
318
|
5 |
|
return $this; |
|
319
|
|
|
} |
|
320
|
|
|
|
|
321
|
|
|
/** |
|
322
|
|
|
* Builds the user id lists. |
|
323
|
|
|
* |
|
324
|
|
|
* This will make database queries faster and also the calls to {@link isGranted()} will be faster. |
|
325
|
|
|
* |
|
326
|
|
|
* @return self |
|
327
|
|
|
*/ |
|
328
|
34 |
|
public function build() |
|
329
|
|
|
{ |
|
330
|
34 |
|
$view = $change = array(); |
|
331
|
34 |
|
foreach ($this->assigned as $resourceId => $spec) { |
|
332
|
|
|
/* This is needed to convert old permissions to the new spec format |
|
333
|
|
|
* introduced in 0.18 |
|
334
|
|
|
* TODO: Remove this line some versions later. |
|
335
|
|
|
*/ |
|
336
|
|
|
// @codeCoverageIgnoreStart |
|
337
|
|
|
if (isset($spec['permission'])) { |
|
338
|
|
|
$spec = array($spec['permission'] => $spec['users']); |
|
339
|
|
|
$this->assigned[$resourceId] = $spec; |
|
340
|
|
|
} |
|
341
|
|
|
// @codeCoverageIgnoreEnd |
|
342
|
|
|
|
|
343
|
33 |
|
foreach ($spec as $perm => $userIds) { |
|
344
|
30 |
|
if (self::PERMISSION_ALL == $perm || self::PERMISSION_CHANGE == $perm) { |
|
345
|
19 |
|
$change = array_merge($change, $userIds); |
|
346
|
|
|
} |
|
347
|
30 |
|
$view = array_merge($view, $userIds); |
|
348
|
|
|
} |
|
349
|
|
|
} |
|
350
|
|
|
|
|
351
|
34 |
|
$this->change = array_unique($change); |
|
352
|
34 |
|
$this->view = array_unique($view); |
|
353
|
34 |
|
return $this; |
|
354
|
|
|
} |
|
355
|
|
|
|
|
356
|
21 |
|
private function checkIsGranted($userId, $permission) |
|
357
|
|
|
{ |
|
358
|
21 |
|
if (!$userId) { |
|
359
|
|
|
return false; |
|
360
|
|
|
} |
|
361
|
|
|
|
|
362
|
21 |
|
if (self::PERMISSION_NONE == $permission) { |
|
363
|
9 |
|
return !in_array($userId, $this->view); |
|
364
|
|
|
} |
|
365
|
|
|
|
|
366
|
21 |
|
if (self::PERMISSION_ALL == $permission || self::PERMISSION_CHANGE == $permission) { |
|
367
|
13 |
|
return in_array($userId, $this->change); |
|
368
|
|
|
} |
|
369
|
|
|
|
|
370
|
|
|
// Now there's only PERMISSION_VIEW left to check. |
|
371
|
20 |
|
return in_array($userId, $this->view); |
|
372
|
|
|
} |
|
373
|
|
|
|
|
374
|
21 |
|
public function isGranted($userOrId, $permission) |
|
375
|
|
|
{ |
|
376
|
21 |
|
if ($userOrId instanceof UserInterface) { |
|
377
|
11 |
|
$id = $userOrId->getId(); |
|
378
|
11 |
|
$role = $userOrId->getRole(); |
|
379
|
|
|
} else { |
|
380
|
10 |
|
$id = (string) $userOrId; |
|
381
|
10 |
|
$role = null; |
|
382
|
|
|
} |
|
383
|
|
|
|
|
384
|
21 |
|
$this->checkPermission($permission); |
|
385
|
|
|
|
|
386
|
21 |
|
return $this->checkIsGranted($id, $permission) |
|
387
|
21 |
|
|| ($this->isAssigned($role) && $this->checkIsGranted($role, $permission)) |
|
388
|
21 |
|
|| ($this->isAssigned('all') && $this->checkIsGranted('all', $permission)); |
|
389
|
|
|
} |
|
390
|
|
|
|
|
391
|
22 |
|
public function isAssigned($resource) |
|
392
|
|
|
{ |
|
393
|
22 |
|
$resourceId = $this->getResourceId($resource); |
|
394
|
22 |
|
return isset($this->assigned[$resourceId]); |
|
395
|
|
|
} |
|
396
|
|
|
|
|
397
|
1 |
|
public function hasChanged() |
|
398
|
|
|
{ |
|
399
|
1 |
|
return $this->hasChanged; |
|
400
|
|
|
} |
|
401
|
|
|
|
|
402
|
|
|
/** |
|
403
|
|
|
* Gets the assigned specification. |
|
404
|
|
|
* |
|
405
|
|
|
* This is only needed when inheriting this permissions object into another. |
|
406
|
|
|
* |
|
407
|
|
|
* @return array |
|
408
|
|
|
*/ |
|
409
|
7 |
|
public function getAssigned() |
|
410
|
|
|
{ |
|
411
|
7 |
|
return $this->assigned; |
|
412
|
|
|
} |
|
413
|
|
|
|
|
414
|
|
|
/** |
|
415
|
|
|
* Gets the resource collection. |
|
416
|
|
|
* |
|
417
|
|
|
* This is only needed when inheriting. |
|
418
|
|
|
* |
|
419
|
|
|
* @internal |
|
420
|
|
|
* The PrePersist hook is needed, because eventually |
|
421
|
|
|
* this method is called during the onFlush event by |
|
422
|
|
|
* an UpdateFilePermission-Listener. Generating |
|
423
|
|
|
* an ArrayCollection in this state leads to a |
|
424
|
|
|
* fatal error deep in Doctrine. |
|
425
|
|
|
* |
|
426
|
|
|
* This PrePersist hook assures, that there is |
|
427
|
|
|
* a prefilled ArrayCollection during the |
|
428
|
|
|
* changeset computation. |
|
429
|
|
|
* |
|
430
|
|
|
* @ODM\PrePersist |
|
431
|
|
|
* |
|
432
|
|
|
* @return Collection |
|
433
|
|
|
*/ |
|
434
|
12 |
|
public function getResources() |
|
435
|
|
|
{ |
|
436
|
12 |
|
if (!$this->resources) { |
|
437
|
12 |
|
$this->resources = new ArrayCollection(); |
|
438
|
|
|
} |
|
439
|
12 |
|
return $this->resources; |
|
440
|
|
|
} |
|
441
|
|
|
|
|
442
|
|
|
|
|
443
|
3 |
|
public function getFrom($resource) |
|
444
|
|
|
{ |
|
445
|
3 |
|
$resourceId = $this->getResourceId($resource); |
|
446
|
|
|
|
|
447
|
3 |
|
if (!isset($this->assigned[$resourceId])) { |
|
448
|
1 |
|
return self::PERMISSION_NONE; |
|
449
|
|
|
} |
|
450
|
|
|
|
|
451
|
3 |
|
$spec = $this->assigned[$resourceId]; |
|
452
|
|
|
|
|
453
|
3 |
|
return 1 == count($spec) ? key($spec) : null; |
|
454
|
|
|
} |
|
455
|
|
|
|
|
456
|
|
|
|
|
457
|
|
|
/** |
|
458
|
|
|
* Gets/Generates the resource id. |
|
459
|
|
|
* |
|
460
|
|
|
* @param string|UserInterface|PermissionsResourceInterface $resource |
|
461
|
|
|
* |
|
462
|
|
|
* @return string |
|
463
|
|
|
*/ |
|
464
|
35 |
|
protected function getResourceId($resource) |
|
465
|
|
|
{ |
|
466
|
35 |
|
if ($resource instanceof PermissionsResourceInterface) { |
|
467
|
7 |
|
return $resource->getPermissionsResourceId(); |
|
468
|
|
|
} |
|
469
|
|
|
|
|
470
|
30 |
|
if ($resource instanceof UserInterface) { |
|
471
|
11 |
|
return 'user:' . $resource->getId(); |
|
472
|
|
|
} |
|
473
|
|
|
|
|
474
|
28 |
|
return 'user:' . $resource; |
|
475
|
|
|
} |
|
476
|
|
|
|
|
477
|
|
|
/** |
|
478
|
|
|
* Checks a valid permission. |
|
479
|
|
|
* |
|
480
|
|
|
* @param string $permission |
|
481
|
|
|
* |
|
482
|
|
|
* @throws \InvalidArgumentException |
|
483
|
|
|
*/ |
|
484
|
35 |
|
protected function checkPermission($permission) |
|
485
|
|
|
{ |
|
486
|
|
|
$perms = array( |
|
487
|
35 |
|
self::PERMISSION_ALL, |
|
488
|
35 |
|
self::PERMISSION_CHANGE, |
|
489
|
35 |
|
self::PERMISSION_NONE, |
|
490
|
35 |
|
self::PERMISSION_VIEW, |
|
491
|
|
|
); |
|
492
|
35 |
|
if (!in_array($permission, $perms)) { |
|
493
|
1 |
|
throw new \InvalidArgumentException( |
|
494
|
1 |
|
'Invalid permission. Must be one of ' . implode(', ', $perms) |
|
495
|
|
|
); |
|
496
|
|
|
} |
|
497
|
|
|
} |
|
498
|
|
|
} |
|
499
|
|
|
|
cross-solution /
YAWIK
Loading history...
This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue.
If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. Please note the @ignore annotation hint above.