Содержание


Примеры


Examples, Permissions, ЗФ2, Zend Framework 2, ZF2, ру, ru





Роли

 

Расширение и добавления ролей с помощью экземпляра.

 <?php
 use Zend\Permissions\Rbac\Rbac;
 use Zend\Permissions\Rbac\Role;
 
 class MyRole extends AbstractRole
 {
     // .. implementation
 }
 
 // Creating roles manually
 $foo  = new MyRole('foo');
 
 $rbac = new Rbac();
 $rbac->addRole($foo);
 
 var_dump($rbac->hasRole('foo')); // true

Добавление ролей непосредственно в RBAC, используя класс по умолчанию Zend\Permission\Rbac\Role

 <?php
 use Zend\Permissions\Rbac\Rbac;
 
 $rbac = new Rbac();
 $rbac->addRole('foo');
 
 var_dump($rbac->hasRole('foo')); // true

Создание родительских ролей

<?php
 use Zend\Permissions\Rbac\Rbac;
 use Zend\Permissions\Rbac\Role;
 
 $rbac = new Rbac();
 $foo  = new Role('foo');
 $bar  = new Role('bar');
 
 // 1 - Add a role with child role directly with instantiated classes.
 $foo->addChild($bar);
 $rbac->addRole($foo);
 
 // 2 - Same as one, only via rbac container.
 $rbac->addRole('boo', 'baz'); // baz is a parent of boo
 $rbac->addRole('baz', array('out', 'of', 'roles')); // create several parents of baz


Разрешения

 <?php
 use Zend\Permissions\Rbac\Rbac;
 use Zend\Permissions\Rbac\Role;
 
 $rbac = new Rbac();
 $foo  = new Role('foo');
 $foo->addPermission('bar');
 
 var_dump($foo->hasPermission('bar')); // true
 
 $rbac->addRole($foo);
 $rbac->isGranted('foo', 'bar'); // true
 $rbac->isGranted('foo', 'baz'); // false
 
 $rbac->getRole('foo')->addPermission('baz'); 
 $rbac->isGranted('foo', 'baz'); // true

Динамические утверждения



 

Проверка разрешений  используя метод «isGranted()» класса, реализующего Zend\Permissions\Rbac\AssertionInterface.

 <?php
 use Zend\Permissions\Rbac\AssertionInterface;
 use Zend\Permissions\Rbac\Rbac;
 
 class AssertUserIdMatches implements AssertionInterface
 {
     protected $userId;
     protected $article;
 
     public function __construct($userId)
     {
         $this->userId = $userId;
     ]
 
     public function setArticle($article)
     {
         $this->article = $article;
     }
 
     public function assert(Rbac $rbac)
     {
         if (!$this->article) {
             return false;
         }
         return $this->userId == $article->getUserId();
     }
 }
 
 // User is assigned the foo role with id 5
 // News article belongs to userId 5
 // Jazz article belongs to userId 6
 
 $rbac = new Rbac();
 $user = $mySessionObject->getUser();
 $news = $articleService->getArticle(5);
 $jazz = $articleService->getArticle(6);
 
 $rbac->addRole($user->getRole());
 $rbac->getRole($user->getRole())->addPermission('edit.article');
 
 $assertion = new AssertUserIdMatches($user->getId());
 $assertion->setArticle($news);
 
 // true always - bad!
 if ($rbac->isGranted($user->getRole(), 'edit.article')) {
     // hacks another users article
 }
 
 // true for user id 5, because he belongs to write group and user id matches
 if ($rbac->isGranted($user->getRole(), 'edit.article', $assertion)) {
     // edits his own article
 }
 
 $assertion->setArticle($jazz);
 
 // false for user id 5
 if ($rbac->isGranted($user->getRole(), 'edit.article', $assertion)) {
     // can not edit another users article
 }

То же самое, только с замыканием:

<?php
// assume same variables from previous example
 
$assertion = function($rbac) use ($user, $news) {
    return $user->getId() == $news->getUserId();
};
 
// true
if ($rbac->isGranted($user->getRole(), 'edit.article', $assertion)) {
    // edits his own article
}

Автор статьи: DuB