Rbac.php 1.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687
  1. <?php
  2. class LtRbac {
  3. public $configHandle;
  4. protected $acl;
  5. public function __construct()
  6. {
  7. if (! $this->configHandle instanceof LtConfig)
  8. {
  9. if (class_exists("LtObjectUtil", false))
  10. {
  11. $this->configHandle = LtObjectUtil::singleton("LtConfig");
  12. }
  13. else
  14. {
  15. $this->configHandle = new LtConfig;
  16. }
  17. }
  18. }
  19. public function init()
  20. {
  21. $this->acl = $this->configHandle->get('rbac.acl');
  22. }
  23. public function checkAcl($roles, $resource)
  24. {
  25. $allow = false;
  26. // deny priority
  27. foreach (array("allow", "deny") as $operation)
  28. {
  29. foreach($roles as $role)
  30. {
  31. if (isset($this->acl[$operation][$role]))
  32. {
  33. // everyone *
  34. if (in_array($resource, $this->acl[$operation]['*']))
  35. {
  36. $allow = "allow" == $operation ? true : false;
  37. break;
  38. }
  39. if (in_array($resource, $this->acl[$operation][$role]))
  40. {
  41. $allow = "allow" == $operation ? true : false;
  42. break;
  43. }
  44. else
  45. {
  46. $res = explode('/', trim($resource, '/'));
  47. for ($i = count($res)-1; $i >= 0; $i--)
  48. {
  49. $res[$i] = '*';
  50. $tmp = implode('/', $res);
  51. if (in_array($tmp, $this->acl[$operation][$role]))
  52. {
  53. $allow = "allow" == $operation ? true : false;
  54. break;
  55. }
  56. unset($res[$i]);
  57. }
  58. }
  59. }
  60. }
  61. }
  62. return $allow;
  63. }
  64. /*
  65. private function __set($p,$v)
  66. {
  67. $this->$p = $v;
  68. }
  69. private function __get($p)
  70. {
  71. if(isset($this->$p))
  72. {
  73. return($this->$p);
  74. }
  75. else
  76. {
  77. return(NULL);
  78. }
  79. }
  80. */
  81. }