ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Static Private Member Functions | Private Attributes
sspmod_core_ACL Class Reference
+ Collaboration diagram for sspmod_core_ACL:

Public Member Functions

 __construct ($acl)
 Initializer for this access control list. More...
 
 allows (array $attributes)
 Match the attributes against the access control list. More...
 

Static Private Member Functions

static getById ($id)
 Retrieve an access control list with the given id. More...
 
static match (array $attributes, array $rule)
 Match the attributes against the given rule. More...
 
static opAnd ($attributes, $rule)
 'and' match operator. More...
 
static opEquals ($attributes, $rule)
 'equals' match operator. More...
 
static opEqualsPreg ($attributes, $rule)
 'equals-preg' match operator. More...
 
static opHas ($attributes, $rule)
 'has' match operator. More...
 
static opHasPreg ($attributes, $rule)
 'has-preg' match operator. More...
 
static opOr ($attributes, $rule)
 'or' match operator. More...
 

Private Attributes

 $acl
 

Detailed Description

Definition at line 8 of file ACL.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_core_ACL::__construct (   $acl)

Initializer for this access control list.

Parameters
array | string$aclThe access control list.

Definition at line 23 of file ACL.php.

23 {
24 assert('is_string($acl) || is_array($acl)');
25
26 if (is_string($acl)) {
27 $acl = self::getById($acl);
28 }
29
30 foreach ($acl as $rule) {
31 if (!is_array($rule)) {
32 throw new SimpleSAML_Error_Exception('Invalid rule in access control list: ' . var_export($rule, TRUE));
33 }
34 if (count($rule) === 0) {
35 throw new SimpleSAML_Error_Exception('Empty rule in access control list.');
36 }
37
38 $action = array_shift($rule);
39 if ($action !== 'allow' && $action !== 'deny') {
40 throw new SimpleSAML_Error_Exception('Invalid action in rule in access control list: ' . var_export($action, TRUE));
41 }
42
43 }
44
45 $this->acl = $acl;
46 }
SimpleSAML_Error_Exception
Definition: Exception.php:13
sspmod_core_ACL\$acl
$acl
Definition: ACL.php:15
sspmod_core_ACL\getById
static getById($id)
Retrieve an access control list with the given id.
Definition: ACL.php:55
$action
$action
Definition: consentAdmin.php:126
$rule
$rule
Definition: showstats.php:43

References $acl, $action, $rule, and getById().

+ Here is the call graph for this function:

Member Function Documentation

◆ allows()

sspmod_core_ACL::allows ( array  $attributes)

Match the attributes against the access control list.

Parameters
array$attributesThe attributes of an user.
Returns
boolean TRUE if the user is allowed to access the resource, FALSE if not.

Definition at line 73 of file ACL.php.

73 {
74
75 foreach ($this->acl as $rule) {
76 $action = array_shift($rule);
77
78 if (!self::match($attributes, $rule)) {
79 continue;
80 }
81
82 if ($action === 'allow') {
83 return TRUE;
84 } else {
85 return FALSE;
86 }
87 }
88 }
$attributes
$attributes
Definition: serviceValidate.php:33

References $action, $attributes, and $rule.

◆ getById()

static sspmod_core_ACL::getById (   $id)
staticprivate

Retrieve an access control list with the given id.

Parameters
string$idThe id of the access control list.
Returns
array The access control list array.

Definition at line 55 of file ACL.php.

55 {
56 assert('is_string($id)');
57
58 $config = SimpleSAML_Configuration::getOptionalConfig('acl.php');
59 if (!$config->hasValue($id)) {
60 throw new SimpleSAML_Error_Exception('No ACL with id ' . var_export($id, TRUE) . ' in config/acl.php.');
61 }
62
63 return $config->getArray($id);
64 }
SimpleSAML_Configuration\getOptionalConfig
static getOptionalConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.
Definition: Configuration.php:239
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14

References $config, $id, and SimpleSAML_Configuration\getOptionalConfig().

Referenced by __construct().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ match()

static sspmod_core_ACL::match ( array  $attributes,
array  $rule 
)
staticprivate

Match the attributes against the given rule.

Parameters
array$attributesThe attributes of an user.
array$ruleThe rule we should check.
Returns
boolean TRUE if the rule matches, FALSE if not.

Definition at line 98 of file ACL.php.

98 {
99
100 $op = array_shift($rule);
101 if ($op === NULL) {
102 // An empty rule always matches
103 return TRUE;
104 }
105
106 switch($op) {
107 case 'and':
108 return self::opAnd($attributes, $rule);
109 case 'equals':
110 return self::opEquals($attributes, $rule);
111 case 'equals-preg':
112 return self::opEqualsPreg($attributes, $rule);
113 case 'has':
114 return self::opHas($attributes, $rule);
115 case 'has-preg':
116 return self::opHasPreg($attributes, $rule);
117 case 'not':
118 return !self::match($attributes, $rule);
119 case 'or':
120 return self::opOr($attributes, $rule);
121 default:
122 throw new SimpleSAML_Error_Exception('Invalid ACL operation: ' . var_export($op, TRUE));
123 }
124 }
sspmod_core_ACL\opEqualsPreg
static opEqualsPreg($attributes, $rule)
'equals-preg' match operator.
Definition: ACL.php:195
sspmod_core_ACL\opHas
static opHas($attributes, $rule)
'has' match operator.
Definition: ACL.php:237
sspmod_core_ACL\match
static match(array $attributes, array $rule)
Match the attributes against the given rule.
Definition: ACL.php:98
sspmod_core_ACL\opEquals
static opEquals($attributes, $rule)
'equals' match operator.
Definition: ACL.php:154
sspmod_core_ACL\opAnd
static opAnd($attributes, $rule)
'and' match operator.
Definition: ACL.php:134
sspmod_core_ACL\opHasPreg
static opHasPreg($attributes, $rule)
'has-preg' match operator.
Definition: ACL.php:265
sspmod_core_ACL\opOr
static opOr($attributes, $rule)
'or' match operator.
Definition: ACL.php:294

References $attributes, $rule, match(), opAnd(), opEquals(), opEqualsPreg(), opHas(), opHasPreg(), and opOr().

Referenced by match().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ opAnd()

static sspmod_core_ACL::opAnd (   $attributes,
  $rule 
)
staticprivate

'and' match operator.

Parameters
array$attributesThe attributes of an user.
array$ruleThe rule we should check.
Returns
boolean TRUE if the rule matches, FALSE if not.

Definition at line 134 of file ACL.php.

134 {
135
136 foreach ($rule as $subRule) {
137 if (!self::match($attributes, $subRule)) {
138 return FALSE;
139 }
140 }
141
142 // All matches
143 return TRUE;
144 }

References $attributes, and $rule.

Referenced by match().

+ Here is the caller graph for this function:

◆ opEquals()

static sspmod_core_ACL::opEquals (   $attributes,
  $rule 
)
staticprivate

'equals' match operator.

Parameters
array$attributesThe attributes of an user.
array$ruleThe rule we should check.
Returns
boolean TRUE if the rule matches, FALSE if not.

Definition at line 154 of file ACL.php.

154 {
155
156 $attributeName = array_shift($rule);
157
158 if (!array_key_exists($attributeName, $attributes)) {
159 $attributeValues = array();
160 } else {
161 $attributeValues = $attributes[$attributeName];
162 }
163
164 foreach ($rule as $value) {
165 $found = FALSE;
166 foreach ($attributeValues as $i => $v) {
167 if ($value !== $v) {
168 continue;
169 }
170 unset($attributeValues[$i]);
171 $found = TRUE;
172 break;
173 }
174 if (!$found) {
175 return FALSE;
176 }
177 }
178 if (!empty($attributeValues)) {
179 /* One of the attribute values didn't match. */
180 return FALSE;
181 }
182
183 /* All the values in the attribute matched one in the rule. */
184 return TRUE;
185 }
$i
$i
Definition: disco.tpl.php:19

References $attributes, $i, and $rule.

Referenced by match().

+ Here is the caller graph for this function:

◆ opEqualsPreg()

static sspmod_core_ACL::opEqualsPreg (   $attributes,
  $rule 
)
staticprivate

'equals-preg' match operator.

Parameters
array$attributesThe attributes of an user.
array$ruleThe rule we should check.
Returns
boolean TRUE if the rule matches, FALSE if not.

Definition at line 195 of file ACL.php.

195 {
196
197 $attributeName = array_shift($rule);
198
199 if (!array_key_exists($attributeName, $attributes)) {
200 $attributeValues = array();
201 } else {
202 $attributeValues = $attributes[$attributeName];
203 }
204
205 foreach ($rule as $pattern) {
206 $found = FALSE;
207 foreach ($attributeValues as $i => $v) {
208 if (!preg_match($pattern, $v)) {
209 continue;
210 }
211 unset($attributeValues[$i]);
212 $found = TRUE;
213 break;
214 }
215 if (!$found) {
216 return FALSE;
217 }
218 }
219
220 if (!empty($attributeValues)) {
221 /* One of the attribute values didn't match. */
222 return FALSE;
223 }
224
225 /* All the values in the attribute matched one in the rule. */
226 return TRUE;
227 }

References $attributes, $i, and $rule.

Referenced by match().

+ Here is the caller graph for this function:

◆ opHas()

static sspmod_core_ACL::opHas (   $attributes,
  $rule 
)
staticprivate

'has' match operator.

Parameters
array$attributesThe attributes of an user.
array$ruleThe rule we should check.
Returns
boolean TRUE if the rule matches, FALSE if not.

Definition at line 237 of file ACL.php.

237 {
238
239 $attributeName = array_shift($rule);
240
241 if (!array_key_exists($attributeName, $attributes)) {
242 $attributeValues = array();
243 } else {
244 $attributeValues = $attributes[$attributeName];
245 }
246
247 foreach ($rule as $value) {
248 if (!in_array($value, $attributeValues, TRUE)) {
249 return FALSE;
250 }
251 }
252
253 /* Found all values in the rule in the attribute. */
254 return TRUE;
255 }

References $attributes, and $rule.

Referenced by match().

+ Here is the caller graph for this function:

◆ opHasPreg()

static sspmod_core_ACL::opHasPreg (   $attributes,
  $rule 
)
staticprivate

'has-preg' match operator.

Parameters
array$attributesThe attributes of an user.
array$ruleThe rule we should check.
Returns
boolean TRUE if the rule matches, FALSE if not.

Definition at line 265 of file ACL.php.

265 {
266
267 $attributeName = array_shift($rule);
268
269 if (!array_key_exists($attributeName, $attributes)) {
270 $attributeValues = array();
271 } else {
272 $attributeValues = $attributes[$attributeName];
273 }
274
275 foreach ($rule as $pattern) {
276 $matches = preg_grep($pattern, $attributeValues);
277 if (count($matches) === 0) {
278 return FALSE;
279 }
280 }
281
282 /* Found all values in the rule in the attribute. */
283 return TRUE;
284 }

References $attributes, and $rule.

Referenced by match().

+ Here is the caller graph for this function:

◆ opOr()

static sspmod_core_ACL::opOr (   $attributes,
  $rule 
)
staticprivate

'or' match operator.

Parameters
array$attributesThe attributes of an user.
array$ruleThe rule we should check.
Returns
boolean TRUE if the rule matches, FALSE if not.

Definition at line 294 of file ACL.php.

294 {
295
296 foreach ($rule as $subRule) {
297 if (self::match($attributes, $subRule)) {
298 return TRUE;
299 }
300 }
301
302 /* None matches. */
303 return FALSE;
304 }

References $attributes, and $rule.

Referenced by match().

+ Here is the caller graph for this function:

Field Documentation

◆ $acl

sspmod_core_ACL::$acl
private

Definition at line 15 of file ACL.php.

Referenced by __construct().

The documentation for this class was generated from the following file: