[ACL::ACL_WILDCARD], ACL::ACL_DEFAULT_ROLE_MEMBER => [ '/logout', ], ACL::ACL_DEFAULT_ROLE_GUEST => [ '/login', '/', '/401', '/403', '/404', '/500', ], ]; const ACL_DEFAULT_DENIES = [ ACL::ACL_DEFAULT_ROLE_ADMIN => ['/login'], ACL::ACL_DEFAULT_ROLE_MEMBER => ['/login'], ]; public function __construct() { $res = self::ACL_DEFAULT_RESOURCES; $allows = self::ACL_DEFAULT_ALLOWS; $denies = self::ACL_DEFAULT_DENIES; // roles $this->addRole(self::ACL_DEFAULT_ROLE_GUEST); $this->addRole(self::ACL_DEFAULT_ROLE_MEMBER, self::ACL_DEFAULT_ROLE_GUEST); $this->addRole(self::ACL_DEFAULT_ROLE_ADMIN); // resource foreach ($res as $resource) { $this->addResource($resource); } // allows foreach ($allows as $role => $paths) { foreach ($paths as $path) { if (empty($path) || $path === '' || $path === ACL::ACL_WILDCARD) { $this->allow($role); } else { $this->allow($role, $path); } } } // denies foreach ($denies as $role => $paths) { foreach ($paths as $path) { if (empty($path) || $path === '') { $this->deny($role); } else { $this->deny($role, $path); } } } } /** * Get all children for a role * * @param $role * @return array */ public function getAllChildrenForRole($role) { $children = array(); foreach ($this->getRoles() as $inherit) { if($this->inheritsRole($role, $inherit)) { $children[] = $inherit; } } return $children; } /** * Can $currentRole access resources for $targetRole * * @param $currentRole * @param $targetRole * @return bool */ public function isPermitted($currentRole, $targetRole) { $children = $this->getAllChildrenForRole($targetRole); if ($targetRole == $currentRole || !in_array($currentRole, $children)) { return true; } else { return false; } } }