Class: SessionAcl
Properties
$access = array ()
$status = array ()
$roles = array ()
$teams = array ()
$resources = array ()
$user = array ()
$prefs = array ()
$_prefs = array ()
$path
Return to Top
Methods
SessionAcl ($user = false, $role = 'anonymous', $team = 'core', $teams = false)
init ($path = 'inc/conf/auth')
initPrefs ()
verify ($userDisabled = false)
allowed ($resource = 'documents', $access = 'rw', $type = 'resource')
- Access: public
- Return: boolean
Specifies whether the user is allowed to access the requested
resource. $resource may be a string, or an object or associative array
with the properties name, sitellite_access, sitellite_status, and
optionally, sitellite_team. Valid $access values are r, w, and rw
(read, write, and read/write). Valid $type values are resource,
access, status, and team.
_test ($check, $value, $all)
- Access: private
- Return: boolean
Checks the specified permissions against the resource value and the all value.
allowedSql ()
- Access: public
- Return: string
Returns a piece of SQL that can be slipped into the WHERE clause of
a query to check for proper permissions.
approvedSql ()
- Access: public
- Return: string
Returns a piece of SQL that can be slipped into the WHERE clause of
a query to check for proper permissions, but that only returns items
with a status of "approved". This being separated from allowedSql()
allows you to display drafts in private (ie. administrative) lists
of items in your code, but by using this method instead on public-facing
pages, you can be sure that they will only see actually approved
documents, and will still be granted access based on their access
privileges.
This method also ignores the sitellite_team value, which allowedSql()
does not (providing editing restrictions based on teams).
allowedAccessList ()
- Access: public
- Return: array
Returns an array of allowed access levels for the current user.
If the user is allowed to access all levels, this method returns
an array containing a single item "all".
allowedStatusList ()
- Access: public
- Return: array
Returns an array of allowed statuses for the current user. If the
user is allowed to access all statuses, this method returns an array
containing a single item "all". If the user is not an admin user,
it will return a single value "approved", because that is the only
status non-admins can access.
allowedTeamsList ($list = false)
- Access: public
- Return: array
Returns an array of allowed teams for the current user. If the
user is not an administrator, in which case teams are not relevant,
or if the user is allowed to access all teams, this method returns
an array containing a single item "all". This is true unless the
$list parameter is set to true, in which case a list of all the
teams is returned instead.
isAdmin ()
- Access: public
- Return: boolean
Determines whether the current user belongs to an administrative role.
pref ($name)
- Access: public
- Return: mixed
Returns the value of the specified preference setting.
prefSet ($name, $value)
- Access: public
- Return: mixed
Alters the value of the specified preference setting, in the current
session AND in the database. Returns false on failure to update.
Returns the previous value on success.
isResource ($name)
- Access: public
- Return: boolean
Determines whether the specified resource name exists.
adminRoles ()
Returns the list of roles which are admins.
Return to Top