Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- namespace Galaz\Heimdall;
- use Eloquent;
- use Session;
- class Heimdall extends Eloquent {
- /**
- * Resource ID
- * Categoriy, Users,
- * @var string
- */
- protected static $resourceID;
- /**
- * Errors Array
- *
- * @var array
- */
- protected $errors = array();
- //Requiered Models
- const USER_MODEL = 'Galaz\Heimdall\User';
- const ROLE_MODEL = 'Galaz\Heimdall\Role';
- const PERMISSION_MODEL = 'Galaz\Heimdall\Permission';
- const CATEGORY_MODEL = 'Galaz\Heimdall\Category';
- /**
- * Modes:
- * CAT Category
- * SELF Ownership required
- * ANY All elements
- *
- *
- * Examples:
- * Post @ ANY Post in Any Category
- * Post @ CAT:News Post in News Category
- * ALL @ CAT:News Anything within News Category
- * ALL @ ANY Everything
- * Category @ ANY
- * Category @ CAT:Users Categorys within Category 5
- *
- *
- * User @ SELF
- * Content @ ONLY:5,1,15 Content with ids 5 , 1 ,15
- *
- *
- */
- const PERMISSION_SESSION = "PERMISSION_SESSION";
- const PERMISSION_INDEX = "Permissions";
- const ROLE_NAME_INDEX = "Role_Name";
- const ADMIN_OVERRIDE = "ADMIN";
- const CATEGORY_KEY = "CAT";
- const PUBLIC_KEY = "PUBLIC";
- const OWNER_KEY = "SELF";
- const ANY_KEY = "ANY";
- const SPLIT_RESOURCE_MODE = '@';
- const SPLIT_MODE_OPTIONS = ':';
- const SPLIT_OPTIONS = ',';
- public function __construct() {
- //$path = explode('\\', get_class($this));
- self::$resourceID = get_class($this);
- echo self::$resourceID . '<br>';
- }
- public static function RouteFilter(&$route) {
- }
- /**
- *
- * @param string $action
- * @return boolean
- */
- public function MoldelFilter($action) {
- $action = strtoupper($action);
- $continue = in_array($action, array('CREATE', 'READ', 'UPDATE', 'DELETE'));
- if (!$continue) {
- $this->errors['Action'] = "Valid actions are Create, Read, Update and Delete";
- return false;
- }
- if (Session::has(self::PERMISSION_SESSION)) {
- //Variables
- //Get place in session where permitions are stored
- $permit_session = Session::get(self::PERMISSION_SESSION);
- //Get actual permit bag
- $permit_bag = $permit_session[self::PERMISSION_INDEX];
- //actuall filtering...
- //Check is model is un permission array
- if (array_key_exists(self::$resourceID, $permit_bag)) {
- $resource_permissions = $permit_bag[self::$resourceID];
- //Check for permissions, run filters, if one of them passes
- //user have permission to continue
- if (array_key_exists($action, $resource_permissions)) {
- $permissions = $resource_permissions[$action];
- return $this->FilterAny($permissions) ||
- $this->FilterSelf($permissions) ||
- $this->FilterCategory($permissions) ||
- $this->FilterPublic($permissions);
- }
- }
- $this->errors['Resource'] = "You don't have access to this Resource";
- return false;
- }
- $this->errors['Session'] = "There's no permission array in session... are you even logged in?";
- return false;
- }
- /**
- *
- * Check if 'ANY' Permission is pressent in the array
- *
- * @param array $resource_permissions
- * @return boolean
- */
- public function FilterAny(&$resource_permissions) {
- if (array_key_exists(self::ANY_KEY, $resource_permissions)) {
- return true;
- } else {
- $this->errors['Any'] = "You don't have global pivileges";
- return false;
- }
- }
- /**
- * Check if User is owner of the resource
- *
- * @param Array $resource_permissions
- * @return boolean
- */
- public function FilterSelf(&$resource_permissions) {
- if (array_key_exists(self::OWNER_KEY, $resource_permissions)) {
- if (method_exists($this, "User")) {
- if ($this->User->id == Auth::user()->id) {
- return true;
- } else {
- $this->errors['Self'] = "You are not the owner of this resource";
- return false;
- }
- } else {
- $this->errors['Self'] = "This resource does not belong to an user";
- return false;
- }
- }
- $this->errors['Self'] = "You have no permission to access this resource";
- return false;
- }
- /**
- *
- * Check if User can access the resource by comparing its category
- *
- * @param Array $resource_permissions
- * @return boolean
- */
- public function FilterCategory(&$resource_permissions) {
- if (array_key_exists(self::CATEGORY_KEY, $resource_permissions)) {
- if (method_exists($this, "Category")) {
- if (in_array($this->Category->id, $resource_permissions[self::CATEGORY_KEY])) {
- return true;
- } else {
- $this->errors['Category'] = "You have no permission to access resources in this category";
- return false;
- }
- } else {
- $this->errors['Category'] = "This resource does not belong to a category";
- return false;
- }
- }
- $this->errors['Category'] = "You have no permission to access this resource";
- return false;
- }
- /**
- * Check if Resource is Public by checking for variable $private
- *
- * @param Array $resource_permissions
- * @return boolean
- */
- public function FilterPublic(&$resource_permissions) {
- if (array_key_exists(self::PUBLIC_KEY, $resource_permissions)) {
- if (isset($this->private)) {
- if ($this->private) {
- return true;
- } else {
- $this->errors['Public'] = "This resource is not public, you have no permission to access it";
- return false;
- }
- } else {
- $this->errors['Public'] = "All Resources Must contain a public field (boolean)";
- return false;
- }
- }
- $this->errors['Public'] = "You have no permission to access this resource";
- return false;
- }
- public function getErrors() {
- return $this->errors;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement