php_hazard_01
07-22-2007, 07:55 PM
i made an object as an ACL and i was thinking if i made it right?
could someone tell me the flaws of my code and the advantages...and how can i improve it?
thanks, here is the code:
class ACL {
var $_acl_group = array();
var $_acl_ranks = array();
var $_acl_count = 0;
var $_acl_info = null;
var $_acl_return = null;
var $_acl_resource = array();
var $acl_role = array();
var $acl_permissions = array();
function ACL(){
}
function add($resource,$rankName,$permission = "ALLOW"){
if(array_key_exists($rankName,$this->_acl_ranks)){
//if the key has been defined, push the new value into the stack
array_push($this->_acl_ranks[$rankName]["RESOURCE"],$resource);
array_push($this->_acl_ranks[$rankName]["PERMISSION"],$permission);
return;
}
//add a resource to the resource stack
array_push($this->_acl_resource,$resource);
$rank = array(
"RANK" => $rankName,
"RESOURCE" => array(
$resource
),
"PERMISSION" => array(
$permission
)
);
//put the rank in the array stack
$this->_acl_ranks[$rankName] = $rank;
$this->_acl_count += 1;
return true;
}
function allow(){
return true;
}
//check if a grant access is located in the users array.
function check($resource,$user){
$rankName = $user['RANK'];
$offset = @array_search($resource,$this->_acl_ranks[$rankName]['RESOURCE']);
if(@array_key_exists($offset,$this->_acl_ranks[$rankName]['RESOURCE'])){
if($this->_acl_ranks[$rankName]['PERMISSION'][$offset] == "ALLOW"){
return true;
}
}
return false;
}
function deny(){
return true;
}
function inherit(){
return true;
}
}
and here is the implementation
//ACL TEST -defines
define("ANONYMOUS","ANONYMOUS");
define("BANNED","BANNED");
define("DELETED","DELETED");
define("USER","USER");
define("MODERATOR","MODERATOR");
define("ADMINISTRATOR","ADMINISTRATOR");
define("TEST",$_SERVER['PHP_SELF']);
$acl->add(TEST,ANONYMOUS);
$acl->add(TEST."?test=true",ANONYMOUS,"DENY");
$acl->add(TEST,BANNED,"DENY");
$acl->add(TEST,DELETED,"DENY");
$acl->add(TEST,USER,"ALLOW");
$acl->add(TEST,MODERATOR,"ALLOW");
$acl->add(TEST,ADMINISTRATOR,"ALLOW");
//ACL TEST -checks
$user = array(
"NAME" => "jamoy",
"RANK" => ANONYMOUS
);
if($acl->check($_SERVER['REQUEST_URI'],$user)){
echo '<h1>you are allowed</h1>';
}
else{
echo '<h1>you are not allowed</h1>';
}
i havent fully tested it yet, but it works pretty well with this implementation
thanks in advance....
hope a kind reply
could someone tell me the flaws of my code and the advantages...and how can i improve it?
thanks, here is the code:
class ACL {
var $_acl_group = array();
var $_acl_ranks = array();
var $_acl_count = 0;
var $_acl_info = null;
var $_acl_return = null;
var $_acl_resource = array();
var $acl_role = array();
var $acl_permissions = array();
function ACL(){
}
function add($resource,$rankName,$permission = "ALLOW"){
if(array_key_exists($rankName,$this->_acl_ranks)){
//if the key has been defined, push the new value into the stack
array_push($this->_acl_ranks[$rankName]["RESOURCE"],$resource);
array_push($this->_acl_ranks[$rankName]["PERMISSION"],$permission);
return;
}
//add a resource to the resource stack
array_push($this->_acl_resource,$resource);
$rank = array(
"RANK" => $rankName,
"RESOURCE" => array(
$resource
),
"PERMISSION" => array(
$permission
)
);
//put the rank in the array stack
$this->_acl_ranks[$rankName] = $rank;
$this->_acl_count += 1;
return true;
}
function allow(){
return true;
}
//check if a grant access is located in the users array.
function check($resource,$user){
$rankName = $user['RANK'];
$offset = @array_search($resource,$this->_acl_ranks[$rankName]['RESOURCE']);
if(@array_key_exists($offset,$this->_acl_ranks[$rankName]['RESOURCE'])){
if($this->_acl_ranks[$rankName]['PERMISSION'][$offset] == "ALLOW"){
return true;
}
}
return false;
}
function deny(){
return true;
}
function inherit(){
return true;
}
}
and here is the implementation
//ACL TEST -defines
define("ANONYMOUS","ANONYMOUS");
define("BANNED","BANNED");
define("DELETED","DELETED");
define("USER","USER");
define("MODERATOR","MODERATOR");
define("ADMINISTRATOR","ADMINISTRATOR");
define("TEST",$_SERVER['PHP_SELF']);
$acl->add(TEST,ANONYMOUS);
$acl->add(TEST."?test=true",ANONYMOUS,"DENY");
$acl->add(TEST,BANNED,"DENY");
$acl->add(TEST,DELETED,"DENY");
$acl->add(TEST,USER,"ALLOW");
$acl->add(TEST,MODERATOR,"ALLOW");
$acl->add(TEST,ADMINISTRATOR,"ALLOW");
//ACL TEST -checks
$user = array(
"NAME" => "jamoy",
"RANK" => ANONYMOUS
);
if($acl->check($_SERVER['REQUEST_URI'],$user)){
echo '<h1>you are allowed</h1>';
}
else{
echo '<h1>you are not allowed</h1>';
}
i havent fully tested it yet, but it works pretty well with this implementation
thanks in advance....
hope a kind reply