Class TAuthorizationRule
TAuthorizationRule class
TAuthorizationRule represents a single authorization rule. A rule is specified by an action (required), a list of users (optional), a list of roles (optional), a verb (optional), and a list of IP rules (optional). Action can be either 'allow' or 'deny'. Guest (anonymous, unauthenticated) users are represented by question mark '?'. All users (including guest users) are represented by asterisk '*'. Authenticated users are represented by '@'. Users/roles are case-insensitive. Different users/roles are separated by comma ','. Verb can be either 'get' or 'post'. If it is absent, it means both. IP rules are separated by comma ',' and can contain wild card in the rules (e.g. '192.132.23.33, 192.122.*.*')
Constructor Summary |
public |
Constructor.
|
Method Summary |
string
|
|
boolean
|
|
boolean
|
|
boolean
|
|
array
|
|
array
|
|
array
|
|
string
|
|
integer
|
|
Methods Inherited From TComponent |
TComponent::addParsedObject(), TComponent::attachEventHandler(), TComponent::canGetProperty(), TComponent::canSetProperty(), TComponent::createdOnTemplate(), TComponent::detachEventHandler(), TComponent::evaluateExpression(), TComponent::evaluateStatements(), TComponent::getEventHandlers(), TComponent::getSubProperty(), TComponent::hasEvent(), TComponent::hasEventHandler(), TComponent::hasProperty(), TComponent::raiseEvent(), TComponent::setSubProperty(), TComponent::__get(), TComponent::__set()
|
Constructor Details |
__construct
Constructor.
|
Method Details |
getAction
public string getAction |
() |
Output |
string
| action, either 'allow' or 'deny' |
Exception |
|
getAuthenticatedApplied
public boolean getAuthenticatedApplied |
() |
Output |
boolean
| if this rule applies to authenticated users |
Exception |
|
getEveryoneApplied
public boolean getEveryoneApplied |
() |
Output |
boolean
| if this rule applies to everyone |
Exception |
|
getGuestApplied
public boolean getGuestApplied |
() |
Output |
boolean
| if this rule applies to everyone |
Exception |
|
getIPRules
public array getIPRules |
() |
Output |
array
| list of IP rules. |
Exception |
|
getRoles
Output |
array
| list of roles |
Exception |
|
getUsers
Output |
array
| list of user IDs |
Exception |
|
getVerb
Output |
string
| verb, may be empty, 'get', or 'post'. |
Exception |
|
isUserAllowed
public integer isUserAllowed |
(IUser $user , string $verb , string $ip ) |
Input |
IUser | $user | the user object |
string | $verb | the request verb (GET, PUT) |
string | $ip | the request IP address |
Output |
integer
| 1 if the user is allowed, -1 if the user is denied, 0 if the rule does not apply to the user |
Exception |
|
|