Permission class

From Cloudrexx Development Wiki
Jump to: navigation, search

The Permission class is a set of requirements the current user and request needs to fulfill in order to get a permission.

Define a permission requirements set

The requirements for a permission can be passed to a Permission instance using the constructor. It accepts the following arguments of which all are optional:

  • allowedProtocols: List of allowed protocols in lowercase (e.g. https)
  • allowedMethods: List of allowed HTTP methods in lowercase (e.g. get). cli can be passed here to allow access via CLI.
  • requiresLogin: true by default. If set to false, no login is required to get this permission.
  • validUserGroups: List of group IDs. The user needs to be in one of those groups in order to get access unless requiresLogin is set to false or the user is an administrator (flag admin is set). If the list is empty it is ignored.
  • validAccessIds: List of access IDS. The user needs have been granted at least one of these IDs in order to get access unless requiresLogin is set to false or the user is an administrator (flag admin is set). If the list is empty it is ignored.
  • callback: A custom callback can be specified in order to check for additional requirements. Please see Specify a requirement using a callback.
$permission = new \Cx\Core_Modules\Access\Model\Entity\Permission(
    $allowedProtocols = array('http', 'https'),
    $allowedMethods = array('get', 'post'),
    $requiresLogin = true,
    $validUserGroups = array(),
    $validAccessIds = array(),
    $callback = null
);

Specify a requirement using a callback

In order to specify a callback you may pass an instance of \Cx\Core_Modules\Access\Model\Entity\Callback. If you want to persist a Permission instance with a Callback the Callback instance needs to be persistable.

Check requirements

In order to check if the requirements are fulfilled you can simply call

$permission->hasAccess($params);

$params is optional. It will get passed to the registered callback (if any).

Virtual vs. non-virtual Permission instances

By default Permission instances are virtual. They can be manually set to be non-virtual (if you need to persist one) by calling

$permission->setVirtual(false);

Please note that this only works if there's no callback specified or the callback is serializable.