ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Static Private Member Functions | Private Attributes
sspmod_core_ACL Class Reference
+ Collaboration diagram for sspmod_core_ACL:

Public Member Functions

 __construct ($acl)
 Initializer for this access control list. More...
 
 allows (array $attributes)
 Match the attributes against the access control list. More...
 

Static Private Member Functions

static getById ($id)
 Retrieve an access control list with the given id. More...
 
static match (array $attributes, array $rule)
 Match the attributes against the given rule. More...
 
static opAnd ($attributes, $rule)
 'and' match operator. More...
 
static opEquals ($attributes, $rule)
 'equals' match operator. More...
 
static opEqualsPreg ($attributes, $rule)
 'equals-preg' match operator. More...
 
static opHas ($attributes, $rule)
 'has' match operator. More...
 
static opHasPreg ($attributes, $rule)
 'has-preg' match operator. More...
 
static opOr ($attributes, $rule)
 'or' match operator. More...
 

Private Attributes

 $acl
 

Detailed Description

Definition at line 8 of file ACL.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_core_ACL::__construct (   $acl)

Initializer for this access control list.

Parameters
array | string$aclThe access control list.

Definition at line 23 of file ACL.php.

References $acl, $action, and $rule.

23  {
24  assert('is_string($acl) || is_array($acl)');
25 
26  if (is_string($acl)) {
27  $acl = self::getById($acl);
28  }
29 
30  foreach ($acl as $rule) {
31  if (!is_array($rule)) {
32  throw new SimpleSAML_Error_Exception('Invalid rule in access control list: ' . var_export($rule, TRUE));
33  }
34  if (count($rule) === 0) {
35  throw new SimpleSAML_Error_Exception('Empty rule in access control list.');
36  }
37 
38  $action = array_shift($rule);
39  if ($action !== 'allow' && $action !== 'deny') {
40  throw new SimpleSAML_Error_Exception('Invalid action in rule in access control list: ' . var_export($action, TRUE));
41  }
42 
43  }
44 
45  $this->acl = $acl;
46  }
$action
$action
Definition: consentAdmin.php:126
SimpleSAML_Error_Exception
Definition: Exception.php:12
$rule
$rule
Definition: showstats.php:43
sspmod_core_ACL\$acl
$acl
Definition: ACL.php:15

Member Function Documentation

◆ allows()

sspmod_core_ACL::allows ( array  $attributes)

Match the attributes against the access control list.

Parameters
array$attributesThe attributes of an user.
Returns
boolean TRUE if the user is allowed to access the resource, FALSE if not.

Definition at line 73 of file ACL.php.

References $action, and $rule.

73  {
74 
75  foreach ($this->acl as $rule) {
76  $action = array_shift($rule);
77 
78  if (!self::match($attributes, $rule)) {
79  continue;
80  }
81 
82  if ($action === 'allow') {
83  return TRUE;
84  } else {
85  return FALSE;
86  }
87  }
88  }
$action
$action
Definition: consentAdmin.php:126
$attributes
$attributes
Definition: serviceValidate.php:33
$rule
$rule
Definition: showstats.php:43

◆ getById()

static sspmod_core_ACL::getById (   $id)
staticprivate

Retrieve an access control list with the given id.

Parameters
string$idThe id of the access control list.
Returns
array The access control list array.

Definition at line 55 of file ACL.php.

References $config, $id, and SimpleSAML_Configuration\getOptionalConfig().

55  {
56  assert('is_string($id)');
57 
58  $config = SimpleSAML_Configuration::getOptionalConfig('acl.php');
59  if (!$config->hasValue($id)) {
60  throw new SimpleSAML_Error_Exception('No ACL with id ' . var_export($id, TRUE) . ' in config/acl.php.');
61  }
62 
63  return $config->getArray($id);
64  }
SimpleSAML_Error_Exception
Definition: Exception.php:12
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
SimpleSAML_Configuration\getOptionalConfig
static getOptionalConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.
Definition: Configuration.php:239
+ Here is the call graph for this function:

◆ match()

static sspmod_core_ACL::match ( array  $attributes,
array  $rule 
)
staticprivate

Match the attributes against the given rule.

Parameters
array$attributesThe attributes of an user.
array$ruleThe rule we should check.
Returns
boolean TRUE if the rule matches, FALSE if not.

Definition at line 98 of file ACL.php.

98  {
99 
100  $op = array_shift($rule);
101  if ($op === NULL) {
102  // An empty rule always matches
103  return TRUE;
104  }
105 
106  switch($op) {
107  case 'and':
108  return self::opAnd($attributes, $rule);
109  case 'equals':
110  return self::opEquals($attributes, $rule);
111  case 'equals-preg':
112  return self::opEqualsPreg($attributes, $rule);
113  case 'has':
114  return self::opHas($attributes, $rule);
115  case 'has-preg':
116  return self::opHasPreg($attributes, $rule);
117  case 'not':
118  return !self::match($attributes, $rule);
119  case 'or':
120  return self::opOr($attributes, $rule);
121  default:
122  throw new SimpleSAML_Error_Exception('Invalid ACL operation: ' . var_export($op, TRUE));
123  }
124  }
SimpleSAML_Error_Exception
Definition: Exception.php:12
$attributes
$attributes
Definition: serviceValidate.php:33
$rule
$rule
Definition: showstats.php:43

◆ opAnd()

static sspmod_core_ACL::opAnd (   $attributes,
  $rule 
)
staticprivate

'and' match operator.

Parameters
array$attributesThe attributes of an user.
array$ruleThe rule we should check.
Returns
boolean TRUE if the rule matches, FALSE if not.

Definition at line 134 of file ACL.php.

References $attributes, and $rule.

134  {
135 
136  foreach ($rule as $subRule) {
137  if (!self::match($attributes, $subRule)) {
138  return FALSE;
139  }
140  }
141 
142  // All matches
143  return TRUE;
144  }
$attributes
$attributes
Definition: serviceValidate.php:33
$rule
$rule
Definition: showstats.php:43

◆ opEquals()

static sspmod_core_ACL::opEquals (   $attributes,
  $rule 
)
staticprivate

'equals' match operator.

Parameters
array$attributesThe attributes of an user.
array$ruleThe rule we should check.
Returns
boolean TRUE if the rule matches, FALSE if not.

Definition at line 154 of file ACL.php.

References $attributes, $i, $rule, and array.

154  {
155 
156  $attributeName = array_shift($rule);
157 
158  if (!array_key_exists($attributeName, $attributes)) {
159  $attributeValues = array();
160  } else {
161  $attributeValues = $attributes[$attributeName];
162  }
163 
164  foreach ($rule as $value) {
165  $found = FALSE;
166  foreach ($attributeValues as $i => $v) {
167  if ($value !== $v) {
168  continue;
169  }
170  unset($attributeValues[$i]);
171  $found = TRUE;
172  break;
173  }
174  if (!$found) {
175  return FALSE;
176  }
177  }
178  if (!empty($attributeValues)) {
179  /* One of the attribute values didn't match. */
180  return FALSE;
181  }
182 
183  /* All the values in the attribute matched one in the rule. */
184  return TRUE;
185  }
$attributes
$attributes
Definition: serviceValidate.php:33
$rule
$rule
Definition: showstats.php:43
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$i
$i
Definition: disco.tpl.php:19

◆ opEqualsPreg()

static sspmod_core_ACL::opEqualsPreg (   $attributes,
  $rule 
)
staticprivate

'equals-preg' match operator.

Parameters
array$attributesThe attributes of an user.
array$ruleThe rule we should check.
Returns
boolean TRUE if the rule matches, FALSE if not.

Definition at line 195 of file ACL.php.

References $attributes, $i, $rule, and array.

195  {
196 
197  $attributeName = array_shift($rule);
198 
199  if (!array_key_exists($attributeName, $attributes)) {
200  $attributeValues = array();
201  } else {
202  $attributeValues = $attributes[$attributeName];
203  }
204 
205  foreach ($rule as $pattern) {
206  $found = FALSE;
207  foreach ($attributeValues as $i => $v) {
208  if (!preg_match($pattern, $v)) {
209  continue;
210  }
211  unset($attributeValues[$i]);
212  $found = TRUE;
213  break;
214  }
215  if (!$found) {
216  return FALSE;
217  }
218  }
219 
220  if (!empty($attributeValues)) {
221  /* One of the attribute values didn't match. */
222  return FALSE;
223  }
224 
225  /* All the values in the attribute matched one in the rule. */
226  return TRUE;
227  }
$attributes
$attributes
Definition: serviceValidate.php:33
$rule
$rule
Definition: showstats.php:43
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$i
$i
Definition: disco.tpl.php:19

◆ opHas()

static sspmod_core_ACL::opHas (   $attributes,
  $rule 
)
staticprivate

'has' match operator.

Parameters
array$attributesThe attributes of an user.
array$ruleThe rule we should check.
Returns
boolean TRUE if the rule matches, FALSE if not.

Definition at line 237 of file ACL.php.

References $attributes, $rule, and array.

237  {
238 
239  $attributeName = array_shift($rule);
240 
241  if (!array_key_exists($attributeName, $attributes)) {
242  $attributeValues = array();
243  } else {
244  $attributeValues = $attributes[$attributeName];
245  }
246 
247  foreach ($rule as $value) {
248  if (!in_array($value, $attributeValues, TRUE)) {
249  return FALSE;
250  }
251  }
252 
253  /* Found all values in the rule in the attribute. */
254  return TRUE;
255  }
$attributes
$attributes
Definition: serviceValidate.php:33
$rule
$rule
Definition: showstats.php:43
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

◆ opHasPreg()

static sspmod_core_ACL::opHasPreg (   $attributes,
  $rule 
)
staticprivate

'has-preg' match operator.

Parameters
array$attributesThe attributes of an user.
array$ruleThe rule we should check.
Returns
boolean TRUE if the rule matches, FALSE if not.

Definition at line 265 of file ACL.php.

References $attributes, $rule, and array.

265  {
266 
267  $attributeName = array_shift($rule);
268 
269  if (!array_key_exists($attributeName, $attributes)) {
270  $attributeValues = array();
271  } else {
272  $attributeValues = $attributes[$attributeName];
273  }
274 
275  foreach ($rule as $pattern) {
276  $matches = preg_grep($pattern, $attributeValues);
277  if (count($matches) === 0) {
278  return FALSE;
279  }
280  }
281 
282  /* Found all values in the rule in the attribute. */
283  return TRUE;
284  }
$attributes
$attributes
Definition: serviceValidate.php:33
$rule
$rule
Definition: showstats.php:43
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

◆ opOr()

static sspmod_core_ACL::opOr (   $attributes,
  $rule 
)
staticprivate

'or' match operator.

Parameters
array$attributesThe attributes of an user.
array$ruleThe rule we should check.
Returns
boolean TRUE if the rule matches, FALSE if not.

Definition at line 294 of file ACL.php.

References $attributes, and $rule.

294  {
295 
296  foreach ($rule as $subRule) {
297  if (self::match($attributes, $subRule)) {
298  return TRUE;
299  }
300  }
301 
302  /* None matches. */
303  return FALSE;
304  }
$attributes
$attributes
Definition: serviceValidate.php:33
$rule
$rule
Definition: showstats.php:43

Field Documentation

◆ $acl

sspmod_core_ACL::$acl
private

Definition at line 15 of file ACL.php.

Referenced by __construct().

The documentation for this class was generated from the following file: