Initial commit

Rbac/IOwned.php

@@ -0,0 +1,14 @@
+<?php
+namespace Vda\Security\Rbac;
+
+/**
+ * Interface IOwned
+ *
+ * for Memory/RbacService
+ *
+ * @package Vda\Security\Rbac
+ */
+interface IOwned
+{
+    public function getOwnerId();
+}

Rbac/IRbacService.php

@@ -0,0 +1,14 @@
+<?php
+namespace Vda\Security\Rbac;
+
+interface IRbacService
+{
+
+    /**
+     * @param ISubject $subject
+     * @param Permission $permission
+     * @param array $params
+     * @return bool
+     */
+    public function checkPermission(ISubject $subject, Permission $permission, array $params = array());
+}

Rbac/ISubject.php

@@ -0,0 +1,7 @@
+<?php
+namespace Vda\Security\Rbac;
+
+interface ISubject
+{
+    public function getId();
+}

Rbac/Impl/Memory/RbacService.php

@@ -0,0 +1,79 @@
+<?php
+use Vda\Security\Rbac\IRbacService;
+use Vda\Security\Rbac\ISubject;
+use Vda\Security\Rbac\Permission;
+use Vda\Security\Rbac\Role;
+
+/**
+ * Class RbacService
+ *
+ * @todo implement
+ */
+class RbacService implements IRbacService
+{
+    /**
+     * @var Role[]
+     */
+    private $roles;
+
+    /**
+     * @var Permission[]
+     */
+    private $permissions;
+
+    public function __construct($roles, $permissions)
+    {
+        $this->roles        = $roles;
+        $this->permissions  = $permissions;
+    }
+
+    /**
+     * Assumed there is no recursive roles.
+     *
+     * @param string $role
+     * @return Role[]
+     */
+    private function flatRole($role)
+    {
+        $res = array();
+        foreach ((array)$role as $each) {
+            $res[] = $this->roles[$each];
+            foreach ($this->roles[$each]->getChildren() as $child) {
+                $res = array_merge($res, $this->flatRole($child));
+            }
+        }
+        return $res;
+    }
+
+    /**
+     * Assumed there is no recursive permission.
+     *
+     * @param string $perm
+     * @return Permission[]
+     */
+    private function flatPermission($perm)
+    {
+        $res[] = $this->permissions[$perm];
+        foreach ($this->permissions[$perm]->getChildren() as $child) {
+            $res = array_merge($res, $this->flatPermission($child));
+        }
+        return $res;
+    }
+
+    public function checkPermission(ISubject $subject, Permission $permission, array $params = array())
+    {
+        $roles = $this->flatRole($subject->getRoles());
+        $perms = $this->flatPermission($perm);
+
+        foreach ($roles as $role) {
+            foreach ($perms as $permission) {
+                if ($this->roles[$role->getName()]->hasPermission($permission->getName())) {
+                    if ($permission->check($subject, $object)) {
+                        return true;
+                    }
+                }
+            }
+        }
+        return false;
+    }
+}

Rbac/Impl/Repository/Dao/DRbacPermission.php

@@ -0,0 +1,42 @@
+<?php
+namespace Vda\Security\Rbac\Impl\Repository\Dao;
+
+use Vda\Query\Field;
+use Vda\Query\Key\PrimaryKey;
+use Vda\Query\Table;
+use Vda\Util\Type;
+
+abstract class DRbacPermission extends Table
+{
+    public $id;
+
+    /**
+     * Init like:
+     * new ManyToMany(
+     *  'Project\Dao\DRbacPermission',
+     *  'Project\Dao\DRbacPermissionHierarchy'
+     * );
+     */
+    public $_fkChildren;
+
+    /**
+     * Init like:
+     * new ManyToMany(
+     *  'Project\Dao\DRbacRole',
+     *  'Project\Dao\DRbacRolesPermissions'
+     * );
+     */
+    public $_fkRole;
+
+    public $_primaryKey;
+    public $_entityClass = 'Vda\Security\Rbac\Permission';
+
+    public function __construct($name, $alias = 'permission')
+    {
+        $this->id = new Field(Type::STRING);
+
+        $this->_primaryKey = new PrimaryKey('id');
+
+        parent::__construct($name, $alias, true);
+    }
+}

Rbac/Impl/Repository/Dao/DRbacPermissionHierarchy.php

@@ -0,0 +1,31 @@
+<?php
+namespace Vda\Security\Rbac\Impl\Repository\Dao;
+
+use Vda\Query\Field;
+use Vda\Query\Table;
+use Vda\Util\Type;
+
+abstract class DRbacPermissionHierarchy extends Table
+{
+    public $childId;
+    public $parentId;
+
+    /**
+     * Init like:
+     * new ManyToOne(
+     *  'Project\Dao\DRbacPermission',
+     *  array('childId' => 'id')
+     * );
+     */
+    public $_fkRbacPermission;
+
+    public function __construct($name, $alias = 'PermissionHierarchy')
+    {
+        $this->childId = new Field(Type::STRING);
+        $this->parentId = new Field(Type::STRING);
+
+        parent::__construct($name, $alias, true);
+    }
+}
+
+

Rbac/Impl/Repository/Dao/DRbacRole.php

@@ -0,0 +1,73 @@
+<?php
+namespace Vda\Security\Rbac\Impl\Repository\Dao;
+
+use Vda\Query\Field;
+use Vda\Query\Key\PrimaryKey;
+use Vda\Query\Table;
+use Vda\Util\Type;
+
+abstract class DRbacRole extends Table
+{
+    public $id;
+
+    /**
+     * new OneToMany(
+     *  'Project\Dao\DRbacRoleHierarchy',
+     *  array('id' => 'childId')
+     * );
+     */
+    public $_fkRbacRoleHierarchy;
+
+    /**
+     * new OneToMany(
+     *  'Project\Dao\DRbacUserRoles',
+     *  array('id' => 'roleId')
+     * );
+     */
+    public $_fkRbacUserRoles;
+
+    /**
+     * new OneToMany(
+     *  'Project\Dao\DRbacRolesPermissions',
+     *  array('id' => 'roleId')
+     * );
+     */
+    public $_fkRbacRolesPermissions;
+
+    /**
+     * new ManyToMany(
+     *  'Project\Dao\DUser',
+     *  'Project\Dao\DRbacUserRoles'
+     * );
+     */
+    public $_fkUser;
+
+    /**
+     * new ManyToMany(
+     *  'Project\Dao\DRbacRole',
+     *  'Project\Dao\DRbacRoleHierarchy'
+     * );
+     */
+    public $_fkParent;
+
+    /**
+     * new ManyToMany(
+     *  'Project\Dao\DRbacRole',
+     *  'Project\Dao\DRbacRoleHierarchy'
+     * );
+     */
+    public $_fkChild;
+
+    public $_primaryKey;
+
+    public $_entityClass = 'Vda\Security\Rbac\Role';
+
+    public function __construct($table, $alias = 'role')
+    {
+        $this->id = new Field(Type::STRING);
+
+        $this->_primaryKey = new PrimaryKey('id');
+
+        parent::__construct($table, $alias, true);
+    }
+}

Rbac/Impl/Repository/Dao/DRbacRoleHierarchy.php

@@ -0,0 +1,28 @@
+<?php
+namespace Vda\Security\Rbac\Impl\Repository\Dao;
+
+use Vda\Query\Field;
+use Vda\Query\Table;
+use Vda\Util\Type;
+
+abstract class DRbacRoleHierarchy extends Table
+{
+    public $childId;
+    public $parentId;
+
+    /**
+     * new ManyToOne(
+     *  'Project\Dao\DRbacRole',
+     *  array('childId' => 'id')
+     * );
+     */
+    public $_fkRbacRole;
+
+    public function __construct($table, $alias = 'RoleHierarchy')
+    {
+        $this->childId = new Field(Type::STRING);
+        $this->parentId = new Field(Type::STRING);
+
+        parent::__construct($table, $alias, true);
+    }
+}

Rbac/Impl/Repository/Dao/DRbacRolesPermissions.php

@@ -0,0 +1,40 @@
+<?php
+namespace Vda\Security\Rbac\Impl\Repository\Dao;
+
+use Vda\Query\Field;
+use Vda\Query\Key\PrimaryKey;
+use Vda\Query\Table;
+use Vda\Util\Type;
+
+abstract class DRbacRolesPermissions extends Table
+{
+    public $roleId;
+    public $permissionId;
+
+    /**
+     * new ManyToOne(
+     *  'Project\Dao\DRbacRole',
+     *  array('roleId' => 'id')
+     * );
+     */
+    public $_fkRbacRole;
+
+    /**
+     * new ManyToOne(
+     *  'Project\Dao\DRbacPermission',
+     *  array('permissionId' => 'id')
+     * );
+     */
+    public $_fkRbacPermission;
+
+    public function __construct($table, $alias = 'RolesPermissions')
+    {
+        $this->roleId = new Field(Type::STRING);
+        $this->permissionId = new Field(Type::STRING);
+
+        $this->_primaryKey = new PrimaryKey('roleId', 'permissionId');
+
+        parent::__construct($table, $alias, true);
+    }
+}
+

Rbac/Impl/Repository/Dao/DRbacUserRoles.php

@@ -0,0 +1,41 @@
+<?php
+namespace Vda\Security\Rbac\Impl\Repository\Dao;
+
+use Vda\Query\Field;
+use Vda\Query\Key\PrimaryKey;
+use Vda\Query\Table;
+use Vda\Util\Type;
+
+abstract class DRbacUserRoles extends Table
+{
+    public $userId;
+    public $roleId;
+
+    public $tableName;
+
+    /**
+     * new ManyToOne(
+     *  'Project\Dao\DRbacRole',
+     *  array('roleId' => 'id')
+     * );
+     */
+    public $_fkRbacRole;
+
+    /**
+     * new ManyToOne(
+     *  'Project\Dao\DUser',
+     *  array('userId' => 'userId')
+     * );
+     */
+    public $_fkUser;
+
+    public function __construct($table, $alias = 'UserRoles')
+    {
+        $this->roleId = new Field(Type::STRING);
+        $this->userId = new Field(Type::INTEGER);
+
+        $this->_primaryKey = new PrimaryKey('roleId', 'userId');
+
+        parent::__construct($table, $alias, true);
+    }
+}