1 | <?php |
||
2 | |||
0 ignored issues
–
show
Coding Style
introduced
by
Loading history...
|
|||
3 | declare(strict_types=1); |
||
4 | |||
5 | namespace Casbin; |
||
6 | |||
7 | use Casbin\Exceptions\CasbinException; |
||
8 | use Casbin\Util\Util; |
||
9 | |||
10 | /** |
||
11 | * Enforcer = ManagementEnforcer + RBAC API. |
||
12 | * |
||
13 | * @author [email protected] |
||
0 ignored issues
–
show
Content of the @author tag must be in the form "Display Name <[email protected]>"
Loading history...
|
|||
14 | */ |
||
0 ignored issues
–
show
|
|||
15 | class Enforcer extends ManagementEnforcer |
||
16 | { |
||
17 | /** |
||
18 | * Gets the roles that a user has. |
||
19 | * |
||
20 | * @param string $name |
||
0 ignored issues
–
show
|
|||
21 | * @param string ...$domain |
||
0 ignored issues
–
show
|
|||
22 | * @return string[] |
||
0 ignored issues
–
show
|
|||
23 | */ |
||
24 | 30 | public function getRolesForUser(string $name, string ...$domain): array |
|
25 | { |
||
26 | 30 | return $this->model['g']['g']->rm->getRoles($name, ...$domain); |
|
27 | } |
||
28 | |||
29 | /** |
||
30 | * Gets the users that has a role. |
||
31 | * |
||
32 | * @param string $name |
||
0 ignored issues
–
show
|
|||
33 | * @param string ...$domain |
||
0 ignored issues
–
show
|
|||
34 | * |
||
35 | * @return string[] |
||
36 | */ |
||
37 | 6 | public function getUsersForRole(string $name, string ...$domain): array |
|
38 | { |
||
39 | 6 | return $this->model['g']['g']->rm->getUsers($name, ...$domain); |
|
40 | } |
||
41 | |||
42 | /** |
||
43 | * Determines whether a user has a role. |
||
44 | * |
||
45 | * @param string $name |
||
0 ignored issues
–
show
|
|||
46 | * @param string $role |
||
0 ignored issues
–
show
|
|||
47 | * @param string ...$domain |
||
0 ignored issues
–
show
|
|||
48 | * |
||
49 | * @return bool |
||
50 | */ |
||
51 | 9 | public function hasRoleForUser(string $name, string $role, string ...$domain): bool |
|
52 | { |
||
53 | 9 | $roles = $this->getRolesForUser($name, ...$domain); |
|
54 | |||
55 | 9 | return in_array($role, $roles, true); |
|
56 | } |
||
57 | |||
58 | /** |
||
59 | * Adds a role for a user. |
||
60 | * returns false if the user already has the role (aka not affected). |
||
61 | * |
||
62 | * @param string $user |
||
0 ignored issues
–
show
|
|||
63 | * @param string $role |
||
0 ignored issues
–
show
|
|||
64 | * @param string ...$domain |
||
0 ignored issues
–
show
|
|||
65 | * @return bool |
||
0 ignored issues
–
show
|
|||
66 | */ |
||
67 | 6 | public function addRoleForUser(string $user, string $role, string ...$domain): bool |
|
68 | { |
||
69 | 6 | return $this->addGroupingPolicy(...array_merge([$user, $role], $domain)); |
|
70 | } |
||
71 | |||
72 | /** |
||
0 ignored issues
–
show
|
|||
73 | * @param string $user |
||
0 ignored issues
–
show
|
|||
74 | * @param string[] $roles |
||
0 ignored issues
–
show
|
|||
75 | * @param string ...$domain |
||
0 ignored issues
–
show
|
|||
76 | * |
||
77 | * @return bool |
||
78 | */ |
||
79 | 3 | public function addRolesForUser(string $user, array $roles, string ...$domain): bool |
|
80 | { |
||
81 | 3 | return $this->addGroupingPolicies( |
|
82 | 1 | array_map(function ($role) use ($user, $domain) { |
|
0 ignored issues
–
show
|
|||
83 | 3 | return array_merge([$user, $role], $domain); |
|
84 | 3 | }, $roles) |
|
0 ignored issues
–
show
For multi-line function calls, the closing parenthesis should be on a new line.
If a function call spawns multiple lines, the coding standard suggests to move the closing parenthesis to a new line: someFunctionCall(
$firstArgument,
$secondArgument,
$thirdArgument
); // Closing parenthesis on a new line.
Loading history...
|
|||
85 | 1 | ); |
|
86 | } |
||
87 | |||
88 | /** |
||
89 | * Deletes a role for a user. |
||
90 | * returns false if the user does not have the role (aka not affected). |
||
91 | * |
||
92 | * @param string $user |
||
0 ignored issues
–
show
|
|||
93 | * @param string $role |
||
0 ignored issues
–
show
|
|||
94 | * @param string ...$domain |
||
0 ignored issues
–
show
|
|||
95 | * |
||
96 | * @return bool |
||
97 | */ |
||
98 | 9 | public function deleteRoleForUser(string $user, string $role, string ...$domain): bool |
|
99 | { |
||
100 | 9 | return $this->removeGroupingPolicy(...array_merge([$user, $role], $domain)); |
|
101 | } |
||
102 | |||
103 | /** |
||
104 | * Deletes all roles for a user. |
||
105 | * Returns false if the user does not have any roles (aka not affected). |
||
106 | * |
||
107 | * @param string $user |
||
0 ignored issues
–
show
|
|||
108 | * @param string ...$domain |
||
0 ignored issues
–
show
|
|||
109 | * |
||
110 | * @return bool |
||
111 | * @throws CasbinException |
||
112 | */ |
||
113 | 3 | public function deleteRolesForUser(string $user, string ...$domain): bool |
|
114 | { |
||
115 | 3 | if (count($domain) > 1) { |
|
116 | throw new CasbinException('error: domain should be 1 parameter'); |
||
117 | } |
||
118 | |||
119 | 3 | return $this->removeFilteredGroupingPolicy(0, ...array_merge([$user, ''], $domain)); |
|
120 | } |
||
121 | |||
122 | /** |
||
123 | * Deletes a user. |
||
124 | * Returns false if the user does not exist (aka not affected). |
||
125 | * |
||
126 | * @param string $user |
||
0 ignored issues
–
show
|
|||
127 | * |
||
128 | * @return bool |
||
129 | */ |
||
130 | 3 | public function deleteUser(string $user): bool |
|
131 | { |
||
132 | 3 | $res1 = $this->removeFilteredGroupingPolicy(0, $user); |
|
133 | 3 | $res2 = $this->removeFilteredPolicy(0, $user); |
|
134 | |||
135 | 3 | return $res1 || $res2; |
|
136 | } |
||
137 | |||
138 | /** |
||
139 | * Deletes a role. |
||
140 | * |
||
141 | * @param string $role |
||
0 ignored issues
–
show
|
|||
142 | * @return bool |
||
0 ignored issues
–
show
|
|||
143 | */ |
||
144 | 3 | public function deleteRole(string $role): bool |
|
145 | { |
||
146 | 3 | $res1 = $this->removeFilteredGroupingPolicy(1, $role); |
|
147 | 3 | $res2 = $this->removeFilteredPolicy(0, $role); |
|
148 | |||
149 | 3 | return $res1 || $res2; |
|
150 | } |
||
151 | |||
152 | /** |
||
153 | * Deletes a permission. |
||
154 | * Returns false if the permission does not exist (aka not affected). |
||
155 | * |
||
156 | * @param string ...$permission |
||
0 ignored issues
–
show
|
|||
157 | * |
||
158 | * @return bool |
||
159 | */ |
||
160 | 6 | public function deletePermission(string ...$permission): bool |
|
161 | { |
||
162 | 6 | return $this->removeFilteredPolicy(1, ...$permission); |
|
163 | } |
||
164 | |||
165 | /** |
||
166 | * Adds a permission for a user or role. |
||
167 | * Returns false if the user or role already has the permission (aka not affected). |
||
168 | * |
||
169 | * @param string $user |
||
0 ignored issues
–
show
|
|||
170 | * @param string ...$permission |
||
0 ignored issues
–
show
|
|||
171 | * |
||
172 | * @return bool |
||
173 | */ |
||
174 | 12 | public function addPermissionForUser(string $user, string ...$permission): bool |
|
175 | { |
||
176 | 12 | $params = array_merge([$user], $permission); |
|
177 | |||
178 | 12 | return $this->addPolicy(...$params); |
|
179 | } |
||
180 | |||
181 | /** |
||
182 | * AddPermissionsForUser adds multiple permissions for a user or role. |
||
183 | * Returns false if the user or role already has one of the permissions (aka not affected). |
||
184 | * |
||
185 | * @param string $user |
||
0 ignored issues
–
show
|
|||
186 | * @param array ...$permissions |
||
0 ignored issues
–
show
|
|||
187 | * @return bool |
||
0 ignored issues
–
show
|
|||
188 | */ |
||
189 | 3 | public function addPermissionsForUser(string $user, array ...$permissions): bool |
|
190 | { |
||
191 | 3 | $rules = []; |
|
192 | 3 | foreach ($permissions as $permission) { |
|
193 | 3 | $rules[] = array_merge([$user], $permission); |
|
194 | } |
||
195 | 3 | return $this->addPolicies($rules); |
|
196 | } |
||
197 | |||
198 | /** |
||
199 | * Deletes a permission for a user or role. |
||
200 | * Returns false if the user or role does not have the permission (aka not affected). |
||
201 | * |
||
202 | * @param string $user |
||
0 ignored issues
–
show
|
|||
203 | * @param string ...$permission |
||
0 ignored issues
–
show
|
|||
204 | * |
||
205 | * @return bool |
||
206 | */ |
||
207 | 3 | public function deletePermissionForUser(string $user, string ...$permission): bool |
|
208 | { |
||
209 | 3 | $params = array_merge([$user], $permission); |
|
210 | |||
211 | 3 | return $this->removePolicy(...$params); |
|
212 | } |
||
213 | |||
214 | /** |
||
215 | * Deletes permissions for a user or role. |
||
216 | * Returns false if the user or role does not have any permissions (aka not affected). |
||
217 | * |
||
218 | * @param string $user |
||
0 ignored issues
–
show
|
|||
219 | * |
||
220 | * @return bool |
||
221 | */ |
||
222 | 3 | public function deletePermissionsForUser(string $user): bool |
|
223 | { |
||
224 | 3 | return $this->removeFilteredPolicy(0, $user); |
|
225 | } |
||
226 | |||
227 | /** |
||
228 | * Gets permissions for a user or role. |
||
229 | * |
||
230 | * @param string $user |
||
0 ignored issues
–
show
|
|||
231 | * @param string ...$domain |
||
0 ignored issues
–
show
|
|||
232 | * |
||
233 | * @return array |
||
234 | */ |
||
235 | 12 | public function getPermissionsForUser(string $user, string ...$domain): array |
|
236 | { |
||
237 | 12 | $permission = []; |
|
238 | 12 | foreach ($this->model['p'] as $ptype => $assertion) { |
|
239 | 12 | $args = []; |
|
240 | 12 | $args[0] = $user; |
|
241 | 12 | foreach ($assertion->tokens as $i => $token) { |
|
242 | 12 | if ($token == sprintf('%s_dom', $ptype)) { |
|
243 | $args[$i] = $domain[0]; |
||
244 | 8 | break; |
|
245 | } |
||
246 | } |
||
247 | 12 | $perm = $this->getFilteredPolicy(0, ...$args); |
|
248 | 12 | $permission = array_merge($permission, $perm); |
|
249 | } |
||
250 | 12 | return $permission; |
|
251 | } |
||
252 | |||
253 | /** |
||
254 | * Determines whether a user has a permission. |
||
255 | * |
||
256 | * @param string $user |
||
0 ignored issues
–
show
|
|||
257 | * @param string ...$permission |
||
0 ignored issues
–
show
|
|||
258 | * |
||
259 | * @return bool |
||
260 | */ |
||
261 | 3 | public function hasPermissionForUser(string $user, string ...$permission): bool |
|
262 | { |
||
263 | 3 | $params = array_merge([$user], $permission); |
|
264 | |||
265 | 3 | return $this->hasPolicy($params); |
|
266 | } |
||
267 | |||
268 | /** |
||
269 | * Gets implicit roles that a user has. |
||
270 | * Compared to getRolesForUser(), this function retrieves indirect roles besides direct roles. |
||
271 | * For example: |
||
272 | * g, alice, role:admin |
||
273 | * g, role:admin, role:user. |
||
274 | * |
||
275 | * getRolesForUser("alice") can only get: ["role:admin"]. |
||
0 ignored issues
–
show
|
|||
276 | * But getImplicitRolesForUser("alice") will get: ["role:admin", "role:user"]. |
||
277 | * |
||
278 | * @param string $name |
||
0 ignored issues
–
show
|
|||
279 | * @param string ...$domain |
||
0 ignored issues
–
show
|
|||
280 | * |
||
281 | * @return array |
||
282 | */ |
||
283 | 9 | public function getImplicitRolesForUser(string $name, string ...$domain): array |
|
284 | { |
||
285 | 9 | $res = []; |
|
286 | 9 | $roleSet = []; |
|
287 | 9 | $roleSet[$name] = true; |
|
288 | |||
289 | 9 | $q = []; |
|
290 | 9 | $q[] = $name; |
|
291 | |||
292 | 9 | for (; count($q) > 0;) { |
|
293 | 9 | $name = $q[0]; |
|
294 | 9 | $q = array_slice($q, 1); |
|
295 | |||
296 | 9 | foreach ($this->rmMap as $rm) { |
|
297 | 9 | $roles = $rm->getRoles($name, ...$domain); |
|
298 | 9 | foreach ($roles as $r) { |
|
299 | 9 | if (!isset($roleSet[$r])) { |
|
300 | 9 | $res[] = $r; |
|
301 | 9 | $q[] = $r; |
|
302 | 9 | $roleSet[$r] = true; |
|
303 | } |
||
304 | } |
||
305 | } |
||
306 | } |
||
307 | |||
308 | 9 | return $res; |
|
309 | } |
||
310 | |||
311 | /** |
||
312 | * GetImplicitUsersForRole gets implicit users for a role. |
||
313 | * |
||
314 | * @param string $name |
||
0 ignored issues
–
show
|
|||
315 | * @param string ...$domain |
||
0 ignored issues
–
show
|
|||
316 | * @return array |
||
0 ignored issues
–
show
|
|||
317 | */ |
||
318 | 6 | public function getImplicitUsersForRole(string $name, string ...$domain): array |
|
319 | { |
||
320 | 6 | $res = []; |
|
321 | 6 | $roleSet = []; |
|
322 | 6 | $roleSet[$name] = true; |
|
323 | |||
324 | 6 | $q = []; |
|
325 | 6 | $q[] = $name; |
|
326 | |||
327 | 6 | for (; count($q) > 0;) { |
|
328 | 6 | $name = $q[0]; |
|
329 | 6 | $q = array_slice($q, 1); |
|
330 | |||
331 | 6 | foreach ($this->rmMap as $rm) { |
|
332 | 6 | $roles = $rm->getUsers($name, ...$domain); |
|
333 | 6 | foreach ($roles as $r) { |
|
334 | 6 | if (!isset($roleSet[$r])) { |
|
335 | 6 | $res[] = $r; |
|
336 | 6 | $q[] = $r; |
|
337 | 6 | $roleSet[$r] = true; |
|
338 | } |
||
339 | } |
||
340 | } |
||
341 | } |
||
342 | 6 | return $res; |
|
343 | } |
||
344 | |||
345 | /** |
||
346 | * GetImplicitResourcesForUser returns all policies that user obtaining in domain |
||
347 | * |
||
348 | * @param string $user |
||
0 ignored issues
–
show
|
|||
349 | * @param string ...$domain |
||
0 ignored issues
–
show
|
|||
350 | * @return array |
||
0 ignored issues
–
show
|
|||
351 | */ |
||
352 | 3 | public function getImplicitResourcesForUser(string $user, string ...$domain): array |
|
353 | { |
||
354 | 3 | $permissions = $this->getImplicitPermissionsForUser($user, ...$domain); |
|
355 | |||
356 | 3 | $res = []; |
|
357 | 3 | foreach ($permissions as $permission) { |
|
358 | 3 | if ($permission[0] == $user) { |
|
359 | 3 | $res[] = $permission; |
|
360 | 3 | continue; |
|
361 | } |
||
362 | 3 | $resLocal = [[$user]]; |
|
363 | 3 | $tokensLength = count($permission); |
|
364 | 3 | $t = [[]]; |
|
365 | 3 | foreach (array_slice($permission, 1) as $token) { |
|
366 | 3 | $tokens = $this->getImplicitUsersForRole($token, ...$domain); |
|
367 | 3 | $tokens[] = $token; |
|
368 | 3 | $t[] = $tokens; |
|
369 | } |
||
370 | |||
371 | 3 | for ($i = 1; $i < $tokensLength; $i++) { |
|
372 | 3 | $n = []; |
|
373 | 3 | foreach ($t[$i] as $tokens) { |
|
374 | 3 | foreach ($resLocal as $policy) { |
|
375 | 3 | $temp = []; |
|
376 | 3 | $temp = array_merge($temp, $policy); |
|
377 | 3 | $temp[] = $tokens; |
|
378 | 3 | $n[] = $temp; |
|
379 | } |
||
380 | } |
||
381 | 3 | $resLocal = $n; |
|
382 | } |
||
383 | 3 | $res = array_merge($res, $resLocal); |
|
384 | } |
||
385 | 3 | return $res; |
|
386 | } |
||
387 | |||
388 | /** |
||
389 | * Gets implicit permissions for a user or role. |
||
390 | * Compared to getPermissionsForUser(), this function retrieves permissions for inherited roles. |
||
391 | * For example: |
||
392 | * p, admin, data1, read |
||
393 | * p, alice, data2, read |
||
394 | * g, alice, admin. |
||
395 | * |
||
396 | * getPermissionsForUser("alice") can only get: [["alice", "data2", "read"]]. |
||
0 ignored issues
–
show
|
|||
397 | * But getImplicitPermissionsForUser("alice") will get: [["admin", "data1", "read"], ["alice", "data2", "read"]]. |
||
398 | * |
||
399 | * @param string $user |
||
0 ignored issues
–
show
|
|||
400 | * @param string ...$domain |
||
0 ignored issues
–
show
|
|||
401 | * |
||
402 | * @return array |
||
403 | * @throws CasbinException |
||
404 | */ |
||
405 | 6 | public function getImplicitPermissionsForUser(string $user, string ...$domain): array |
|
406 | { |
||
407 | 6 | $roles = array_merge( |
|
408 | 6 | [$user], |
|
409 | 6 | $this->getImplicitRolesForUser($user, ...$domain) |
|
410 | 2 | ); |
|
411 | |||
412 | 6 | $len = \count($domain); |
|
413 | 6 | if ($len > 1) { |
|
414 | throw new CasbinException('error: domain should be 1 parameter'); |
||
415 | } |
||
416 | |||
417 | 6 | $res = []; |
|
418 | 6 | foreach ($roles as $role) { |
|
419 | 6 | if (1 == $len) { |
|
420 | 3 | $permissions = $this->getPermissionsForUserInDomain($role, $domain[0]); |
|
421 | } else { |
||
422 | 6 | $permissions = $this->getPermissionsForUser($role); |
|
423 | } |
||
424 | |||
425 | 6 | $res = array_merge($res, $permissions); |
|
426 | } |
||
427 | |||
428 | 6 | return $res; |
|
429 | } |
||
430 | |||
431 | /** |
||
432 | * Gets implicit users for a permission. |
||
433 | * For example: |
||
434 | * p, admin, data1, read |
||
435 | * p, bob, data1, read |
||
436 | * g, alice, admin |
||
437 | * getImplicitUsersForPermission("data1", "read") will get: ["alice", "bob"]. |
||
438 | * Note: only users will be returned, roles (2nd arg in "g") will be excluded. |
||
439 | * |
||
440 | * @param string ...$permission |
||
0 ignored issues
–
show
|
|||
441 | * |
||
442 | * @return array |
||
443 | * @throws CasbinException |
||
444 | */ |
||
445 | 3 | public function getImplicitUsersForPermission(string ...$permission): array |
|
446 | { |
||
447 | 3 | $pSubjects = $this->getAllSubjects(); |
|
448 | 3 | $gInherit = $this->model->getValuesForFieldInPolicyAllTypes("g", 1); |
|
449 | 3 | $gSubjects = $this->model->getValuesForFieldInPolicyAllTypes("g", 0); |
|
450 | |||
451 | 3 | $subjects = array_merge($pSubjects, $gSubjects); |
|
452 | 3 | Util::ArrayRemoveDuplicates($subjects); |
|
453 | |||
454 | 3 | $subjects = array_diff($subjects, $gInherit); |
|
455 | |||
456 | 3 | $res = []; |
|
457 | 3 | foreach ($subjects as $user) { |
|
458 | 3 | $req = $permission; |
|
459 | 3 | array_unshift($req, $user); |
|
460 | 3 | $allowed = $this->enforce(...$req); |
|
461 | |||
462 | 3 | if ($allowed) { |
|
463 | 3 | $res[] = $user; |
|
464 | } |
||
465 | } |
||
466 | |||
467 | 3 | return $res; |
|
468 | } |
||
469 | |||
470 | /** |
||
471 | * GetAllUsersByDomain would get all users associated with the domain. |
||
472 | * |
||
473 | * @param string $domain |
||
0 ignored issues
–
show
|
|||
474 | * @return string[] |
||
0 ignored issues
–
show
|
|||
475 | */ |
||
476 | 3 | public function getAllUsersByDomain(string $domain): array |
|
477 | { |
||
478 | 3 | $m = []; |
|
479 | 3 | $g = $this->model['g']['g']; |
|
480 | 3 | $p = $this->model['p']['p']; |
|
481 | 3 | $users = []; |
|
482 | 3 | $index = $this->getDomainIndex('p'); |
|
483 | |||
484 | 1 | $getUser = function (int $index, array $policies, string $domain, array $m): array { |
|
485 | 3 | if (count($policies) == 0 || count($policies[0]) <= $index) { |
|
486 | return []; |
||
487 | } |
||
488 | 3 | $res = []; |
|
489 | 3 | foreach ($policies as $policy) { |
|
490 | 3 | $ok = isset($m[$policy[0]]); |
|
491 | 3 | if ($policy[$index] == $domain && !$ok) { |
|
492 | 3 | $res[] = $policy[0]; |
|
493 | 3 | $m[$policy[0]] = []; |
|
494 | } |
||
495 | } |
||
496 | 3 | return $res; |
|
497 | 3 | }; |
|
498 | |||
499 | 3 | $users = array_merge($users, $getUser(2, $g->policy, $domain, $m)); |
|
500 | 3 | $users = array_merge($users, $getUser($index, $p->policy, $domain, $m)); |
|
501 | 3 | return $users; |
|
502 | } |
||
503 | |||
504 | /** |
||
505 | * Gets the users that has a role inside a domain. Add by Gordon. |
||
506 | * |
||
507 | * @param string $name |
||
0 ignored issues
–
show
|
|||
508 | * @param string $domain |
||
0 ignored issues
–
show
|
|||
509 | * |
||
510 | * @return array |
||
511 | */ |
||
512 | 3 | public function getUsersForRoleInDomain(string $name, string $domain): array |
|
513 | { |
||
514 | 3 | return $this->model['g']['g']->rm->getUsers($name, $domain); |
|
515 | } |
||
516 | |||
517 | /** |
||
518 | * Gets the roles that a user has inside a domain. |
||
519 | * |
||
520 | * @param string $name |
||
0 ignored issues
–
show
|
|||
521 | * @param string $domain |
||
0 ignored issues
–
show
|
|||
522 | * |
||
523 | * @return array |
||
524 | */ |
||
525 | 3 | public function getRolesForUserInDomain(string $name, string $domain): array |
|
526 | { |
||
527 | 3 | return $this->model['g']['g']->rm->getRoles($name, $domain); |
|
528 | } |
||
529 | |||
530 | /** |
||
531 | * Gets permissions for a user or role inside a domain. |
||
532 | * |
||
533 | * @param string $name |
||
0 ignored issues
–
show
|
|||
534 | * @param string $domain |
||
0 ignored issues
–
show
|
|||
535 | * |
||
536 | * @return array |
||
537 | */ |
||
538 | 6 | public function getPermissionsForUserInDomain(string $name, string $domain): array |
|
539 | { |
||
540 | 6 | return $this->getFilteredPolicy(0, $name, $domain); |
|
541 | } |
||
542 | |||
543 | /** |
||
544 | * Adds a role for a user inside a domain. |
||
545 | * returns false if the user already has the role (aka not affected). |
||
546 | * |
||
547 | * @param string $user |
||
0 ignored issues
–
show
|
|||
548 | * @param string $role |
||
0 ignored issues
–
show
|
|||
549 | * @param string $domain |
||
0 ignored issues
–
show
|
|||
550 | * |
||
551 | * @return bool |
||
552 | */ |
||
553 | 9 | public function addRoleForUserInDomain(string $user, string $role, string $domain): bool |
|
554 | { |
||
555 | 9 | return $this->addGroupingPolicy($user, $role, $domain); |
|
556 | } |
||
557 | |||
558 | /** |
||
559 | * Deletes a role for a user inside a domain. |
||
560 | * Returns false if the user does not have the role (aka not affected). |
||
561 | * |
||
562 | * @param string $user |
||
0 ignored issues
–
show
|
|||
563 | * @param string $role |
||
0 ignored issues
–
show
|
|||
564 | * @param string $domain |
||
0 ignored issues
–
show
|
|||
565 | * |
||
566 | * @return bool |
||
567 | */ |
||
568 | 6 | public function deleteRoleForUserInDomain(string $user, string $role, string $domain): bool |
|
569 | { |
||
570 | 6 | return $this->removeGroupingPolicy($user, $role, $domain); |
|
571 | } |
||
572 | |||
573 | /** |
||
574 | * DeleteRolesForUserInDomain deletes all roles for a user inside a domain. |
||
575 | * Returns false if the user does not have any roles (aka not affected). |
||
576 | * |
||
577 | * @param string $user |
||
0 ignored issues
–
show
|
|||
578 | * @param string $domain |
||
0 ignored issues
–
show
|
|||
579 | * |
||
580 | * @return bool |
||
581 | */ |
||
582 | 3 | public function deleteRolesForUserInDomain(string $user, string $domain): bool |
|
583 | { |
||
584 | 3 | $roles = $this->model['g']['g']->rm->getRoles($user, $domain); |
|
585 | |||
586 | 3 | $rules = []; |
|
587 | 3 | foreach ($roles as $role) { |
|
588 | 3 | $rules[] = [$user, $role, $domain]; |
|
589 | } |
||
590 | |||
591 | 3 | return $this->removeGroupingPolicies($rules); |
|
592 | } |
||
593 | |||
594 | /** |
||
595 | * DeleteAllUsersByDomain would delete all users associated with the domain. |
||
596 | * |
||
597 | * @param string $domain |
||
0 ignored issues
–
show
|
|||
598 | * @return bool |
||
0 ignored issues
–
show
|
|||
599 | */ |
||
600 | 6 | public function deleteAllUsersByDomain(string $domain): bool |
|
601 | { |
||
602 | 6 | $g = $this->model['g']['g']; |
|
603 | 6 | $p = $this->model['p']['p']; |
|
604 | 6 | $index = $this->getDomainIndex('p'); |
|
605 | |||
606 | 2 | $getUser = function (int $index, array $policies, string $domain): array { |
|
607 | 6 | if (count($policies) == 0 || count($policies[0]) <= $index) { |
|
608 | return []; |
||
609 | } |
||
610 | 6 | $res = []; |
|
611 | 6 | foreach ($policies as $policy) { |
|
612 | 6 | if ($policy[$index] == $domain) { |
|
613 | 6 | $res[] = $policy; |
|
614 | } |
||
615 | } |
||
616 | 6 | return $res; |
|
617 | 6 | }; |
|
618 | |||
619 | 6 | $users = $getUser(2, $g->policy, $domain); |
|
620 | 6 | $this->removeGroupingPolicies($users); |
|
621 | 6 | $users = $getUser($index, $p->policy, $domain); |
|
622 | 6 | $this->removePolicies($users); |
|
623 | 6 | return true; |
|
624 | } |
||
625 | |||
626 | /** |
||
627 | * DeleteDomains would delete all associated users and roles. |
||
628 | * It would delete all domains if parameter is not provided. |
||
629 | * |
||
630 | * @param string ...$domains |
||
0 ignored issues
–
show
|
|||
631 | * @return bool |
||
0 ignored issues
–
show
|
|||
632 | */ |
||
633 | 3 | public function deleteDomains(string ...$domains): bool |
|
634 | { |
||
635 | 3 | if (count($domains) == 0) { |
|
636 | 3 | $this->clearPolicy(); |
|
637 | 3 | return true; |
|
638 | } |
||
639 | 3 | foreach ($domains as $domain) { |
|
640 | 3 | $this->deleteAllUsersByDomain($domain); |
|
641 | } |
||
642 | 3 | return true; |
|
643 | } |
||
644 | } |
||
645 |