heimdall

1. <?php
2.  
3. namespace Galaz\Heimdall;
4.  
5. use Eloquent;
6. use Session;
7.  
8. class Heimdall extends Eloquent {
9.  
10.     /**
11.      * Resource ID
12.      * Categoriy, Users,
13.      * @var string
14.      */
15.     protected static $resourceID;
16.  
17.     /**
18.      * Errors Array
19.      *
20.      * @var array
21.      */
22.     protected $errors = array();
23.  
24.     //Requiered Models
25.     const USER_MODEL = 'Galaz\Heimdall\User';
26.     const ROLE_MODEL = 'Galaz\Heimdall\Role';
27.     const PERMISSION_MODEL = 'Galaz\Heimdall\Permission';
28.     const CATEGORY_MODEL = 'Galaz\Heimdall\Category';
29.  
30.     /**
31.      * Modes:
32.      * CAT                  Category
33.      * SELF                 Ownership required
34.      * ANY                  All elements
35.      *
36.      *
37.      * Examples:
38.      * Post @ ANY           Post in Any Category
39.      * Post @ CAT:News      Post in News Category
40.      * ALL @ CAT:News       Anything within News Category
41.      * ALL @ ANY            Everything
42.      * Category @ ANY
43.      * Category @ CAT:Users     Categorys within Category 5
44.      *
45.      *
46.      * User @ SELF
47.      * Content @ ONLY:5,1,15   Content with ids 5 , 1 ,15
48.      *
49.      *
50.      */
51.     const PERMISSION_SESSION = "PERMISSION_SESSION";
52.     const PERMISSION_INDEX = "Permissions";
53.     const ROLE_NAME_INDEX = "Role_Name";
54.     const ADMIN_OVERRIDE = "ADMIN";
55.     const CATEGORY_KEY = "CAT";
56.     const PUBLIC_KEY = "PUBLIC";
57.     const OWNER_KEY = "SELF";
58.     const ANY_KEY = "ANY";
59.     const SPLIT_RESOURCE_MODE = '@';
60.     const SPLIT_MODE_OPTIONS = ':';
61.     const SPLIT_OPTIONS = ',';
62.  
63.     public function __construct() {
64.         //$path = explode('\\', get_class($this));
65.         self::$resourceID = get_class($this);
66.         echo self::$resourceID . '<br>';
67.     }
68.  
69.     public static function RouteFilter(&$route) {
70.        
71.     }
72.  
73.     /**
74.      *
75.      * @param string $action
76.      * @return boolean
77.      */
78.     public function MoldelFilter($action) {
79.         $action = strtoupper($action);
80.         $continue = in_array($action, array('CREATE', 'READ', 'UPDATE', 'DELETE'));
81.         if (!$continue) {
82.             $this->errors['Action'] = "Valid actions are Create, Read, Update and Delete";
83.             return false;
84.         }
85.  
86.         if (Session::has(self::PERMISSION_SESSION)) {
87.             //Variables
88.             //Get place in session where permitions are stored
89.             $permit_session = Session::get(self::PERMISSION_SESSION);
90.             //Get actual permit bag
91.             $permit_bag = $permit_session[self::PERMISSION_INDEX];
92.  
93.             //actuall filtering...
94.             //Check is model is un permission array
95.             if (array_key_exists(self::$resourceID, $permit_bag)) {
96.                 $resource_permissions = $permit_bag[self::$resourceID];
97.                 //Check for permissions, run filters, if one of them passes
98.                 //user have permission to continue
99.                 if (array_key_exists($action, $resource_permissions)) {
100.                     $permissions = $resource_permissions[$action];
101.                     return $this->FilterAny($permissions) ||
102.                             $this->FilterSelf($permissions) ||
103.                             $this->FilterCategory($permissions) ||
104.                             $this->FilterPublic($permissions);
105.                 }
106.             }
107.             $this->errors['Resource'] = "You don't have access to this Resource";
108.             return false;
109.         }
110.         $this->errors['Session'] = "There's no permission array in session... are you even logged in?";
111.         return false;
112.     }
113.  
114.     /**
115.      *
116.      * Check if 'ANY' Permission is pressent in the array
117.      *
118.      * @param array $resource_permissions
119.      * @return boolean
120.      */
121.     public function FilterAny(&$resource_permissions) {
122.         if (array_key_exists(self::ANY_KEY, $resource_permissions)) {
123.             return true;
124.         } else {
125.             $this->errors['Any'] = "You don't have global pivileges";
126.             return false;
127.         }
128.     }
129.  
130.     /**
131.      * Check if User is owner of the resource
132.      *
133.      * @param Array $resource_permissions
134.      * @return boolean
135.      */
136.     public function FilterSelf(&$resource_permissions) {
137.         if (array_key_exists(self::OWNER_KEY, $resource_permissions)) {
138.             if (method_exists($this, "User")) {
139.                 if ($this->User->id == Auth::user()->id) {
140.                     return true;
141.                 } else {
142.                     $this->errors['Self'] = "You are not the owner of this resource";
143.                     return false;
144.                 }
145.             } else {
146.                 $this->errors['Self'] = "This resource does not belong to an user";
147.                 return false;
148.             }
149.         }
150.         $this->errors['Self'] = "You have no permission to access this resource";
151.         return false;
152.     }
153.  
154.     /**
155.      *
156.      * Check if User can access the resource by comparing its category
157.      *
158.      * @param Array $resource_permissions
159.      * @return boolean
160.      */
161.     public function FilterCategory(&$resource_permissions) {
162.         if (array_key_exists(self::CATEGORY_KEY, $resource_permissions)) {
163.             if (method_exists($this, "Category")) {
164.                 if (in_array($this->Category->id, $resource_permissions[self::CATEGORY_KEY])) {
165.                     return true;
166.                 } else {
167.                     $this->errors['Category'] = "You have no permission to access resources in this category";
168.                     return false;
169.                 }
170.             } else {
171.                 $this->errors['Category'] = "This resource does not belong to a category";
172.                 return false;
173.             }
174.         }
175.         $this->errors['Category'] = "You have no permission to access this resource";
176.         return false;
177.     }
178.  
179.     /**
180.      * Check if Resource is Public by checking for variable $private
181.      *
182.      * @param Array $resource_permissions
183.      * @return boolean
184.      */
185.     public function FilterPublic(&$resource_permissions) {
186.         if (array_key_exists(self::PUBLIC_KEY, $resource_permissions)) {
187.             if (isset($this->private)) {
188.                 if ($this->private) {
189.                     return true;
190.                 } else {
191.                     $this->errors['Public'] = "This resource is not public, you have no permission to access it";
192.                     return false;
193.                 }
194.             } else {
195.                 $this->errors['Public'] = "All Resources Must contain a public field (boolean)";
196.                 return false;
197.             }
198.         }
199.         $this->errors['Public'] = "You have no permission to access this resource";
200.         return false;
201.     }
202.  
203.     public function getErrors() {
204.         return $this->errors;
205.     }
206.  
207. }