/**
* Excerpt from my ACL implementation based on registries for roles, resources
* and rules. Allows easy registry swapping (database, ...) and supports multiple
* role and resource inheritance
*/
public function isAllowed($role = null, $resource = null, $privilege = null)
{
$roles = array();
array_push($roles, null);
if ($role !== null)
array_push($roles, $this->getRole($role));
$resources = array();
if ($resource !== null)
$resource = $this->getResource($resource);
do {
$currentRole = array_pop($roles);
array_push($resources, null);
if ($resource !== null)
array_push($resources, $resource);
do {
$currentResource = array_pop($resources);
foreach (array($privilege, null) as $currentPrivilege) {
if (!$this->hasRule(null, $currentRole, $currentResource, $currentPrivilege))
continue;
$rule = $this->getRule(null, $currentRole, $currentResource, $currentPrivilege);
if ($rule->assert($this, $role, $resource, $privilege))
return ($rule->getType() === Example_Acl_Rule::TYPE_ALLOW);
}
if ($currentResource === null)
break;
foreach ($this->getResourceParents($currentResource) as $currentResourceParent)
array_push($resources, $currentResourceParent);
} while (true);
if ($currentRole === null)
break;
foreach ($this->getRoleParents($currentRole) as $currentRoleParent)
array_push($roles, $currentRoleParent);
} while (true);
return false;
}