ここの情報は古いです。ご理解頂いた上でお取り扱いください。

Changeset 12753


Ignore:
Timestamp:
Aug 26, 2009, 3:25:56 AM (10 years ago)
Author:
ebihara
Message:

#3943:improved acl with model that are now considering assertion

Location:
OpenPNE3/trunk/lib
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • OpenPNE3/trunk/lib/model/doctrine/MemberProfile.class.php

    r12704 r12753  
    99 */
    1010
    11 class MemberProfile extends BaseMemberProfile
     11class MemberProfile extends BaseMemberProfile implements opAccessControlRecordInterface
    1212{
    1313  public function __toString()
     
    172172    }
    173173  }
     174
     175  public function generateRoleId(Member $member)
     176  {
     177    $relation = Doctrine::getTable('MemberRelationship')->retrieveByFromAndTo($this->Member->id, $member->id);
     178
     179    if ($this->Member->id === $member->id)
     180    {
     181      return 'self';
     182    }
     183    elseif ($relation && $relation->getIsAccessBlock())
     184    {
     185      return 'blocked';
     186    }
     187
     188    return 'everyone';
     189  }
    174190}
  • OpenPNE3/trunk/lib/model/doctrine/MemberProfileTable.class.php

    r12707 r12753  
    99 */
    1010
    11 class MemberProfileTable extends Doctrine_Table
     11class MemberProfileTable extends opAccessControlDoctrineTable
    1212{
    1313  public function getProfileListByMemberId($memberId)
     
    218218    }
    219219  }
     220
     221  public function appendRoles(Zend_Acl $acl)
     222  {
     223    return $acl
     224      ->addRole(new Zend_Acl_Role('everyone'))
     225      ->addRole(new Zend_Acl_Role('friend'), 'everyone')
     226      ->addRole(new Zend_Acl_Role('self'), 'friend')
     227      ->addRole(new Zend_Acl_Role('blocked'));
     228  }
     229
     230  public function appendRules(Zend_Acl $acl, $resource = null)
     231  {
     232    $assertion = new opMemberProfilePublicFlagAssertion();
     233
     234    return $acl
     235      ->allow('everyone', $resource, 'view', $assertion)
     236      ->allow('friend', $resource, 'view', $assertion)
     237      ->allow('self', $resource, 'view', $assertion)
     238      ->allow('self', $resource, 'edit')
     239      ->deny('blocked');
     240  }
    220241}
     242
     243class opMemberProfilePublicFlagAssertion implements Zend_Acl_Assert_Interface
     244{
     245  public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
     246  {
     247    if (ProfileTable::PUBLIC_FLAG_FRIEND == $resource->getPublicFlag())
     248    {
     249      return ($role->getRoleId() === 'self' || $role->getRoleId() === 'friend');
     250    }
     251
     252    if (ProfileTable::PUBLIC_FLAG_PRIVATE == $resource->getPublicFlag())
     253    {
     254      return ($role->getRoleId() === 'self');
     255    }
     256
     257    return true;
     258  }
     259}
     260
  • OpenPNE3/trunk/lib/model/doctrine/MemberTable.class.php

    r12751 r12753  
    7070  }
    7171
    72   public function appendRules(Zend_Acl $acl)
     72  public function appendRules(Zend_Acl $acl, $resource = null)
    7373  {
    7474    return $acl
    75       ->allow('everyone', null, 'view')
    76       ->allow('self', null, 'edit')
    77       ->deny('blocked', null, 'edit');
     75      ->allow('everyone', $resource, 'view')
     76      ->allow('self', $resource, 'edit')
     77      ->deny('blocked');
    7878  }
    7979}
  • OpenPNE3/trunk/lib/util/opAccessControlDoctrineTable.class.php

    r12751 r12753  
    2020  protected $acl = null;
    2121
    22   public function getAcl()
     22  public function getAcl($resource)
    2323  {
    2424    if (!$this->acl)
     
    2626      $this->acl = new Zend_Acl();
    2727      $this->acl = $this->appendRoles($this->acl);
    28       $this->acl = $this->appendRules($this->acl);
     28    }
     29
     30    if ($resource && !$this->acl->has($resource))
     31    {
     32      $this->acl->add($resource);
     33      $this->acl = $this->appendRules($this->acl, $resource);
    2934    }
    3035
     
    3439  abstract public function appendRoles(Zend_Acl $acl);
    3540
    36   abstract public function appendRules(Zend_Acl $acl);
     41  abstract public function appendRules(Zend_Acl $acl, $resource = null);
    3742}
  • OpenPNE3/trunk/lib/util/opDoctrineRecord.class.php

    r12751 r12753  
    1616 * @author     Kousuke Ebihara <ebihara@tejimaya.com>
    1717 */
    18 abstract class opDoctrineRecord extends sfDoctrineRecord
     18abstract class opDoctrineRecord extends sfDoctrineRecord implements Zend_Acl_Resource_Interface
    1919{
    2020  protected $roleList = array();
     
    3939
    4040    return parent::hasColumn($name, $type, $length, $options);
     41  }
     42
     43  public function getResourceId()
     44  {
     45    $tableName = $this->getTable()->getTableName();
     46    $identifier = array_values($this->identifier());
     47    $identifier = array_shift($identifier);
     48
     49    return $tableName.'.'.$identifier;
    4150  }
    4251
     
    6473    $this->checkReadyForAcl();
    6574
    66     $acl = $this->getTable()->getAcl();
     75    $acl = $this->getTable()->getAcl($this);
    6776
    68     return $acl->isAllowed($this->getRoleId($member), null, $privilege);
     77    return $acl->isAllowed($this->getRoleId($member), $this, $privilege);
    6978  }
    7079
Note: See TracChangeset for help on using the changeset viewer.