FleaPHP: Auth.php源文件

00001 <?php
00003 // FleaPHP Framework
00004 //
00005 // Copyright (c) 2005 - 2007 FleaPHP.org (www.fleaphp.org)
00006 //
00007 // 许可协议，请查看源代码中附带的 LICENSE.txt 文件，
00008 // 或者访问 http://www.fleaphp.org/ 获得详细信息。
00010 
00020 // {{{ includes
00021 FLEA::loadClass('FLEA_Dispatcher_Simple');
00022 // }}}
00023 
00031 class FLEA_Dispatcher_Auth extends FLEA_Dispatcher_Simple
00032 {
00038     var $_auth;
00039 
00047     function FLEA_Dispatcher_Auth(& $request)
00048     {
00049         parent::FLEA_Dispatcher_Simple($request);
00050         $this->_auth =& FLEA::getSingleton(FLEA::getAppInf('dispatcherAuthProvider'));
00051     }
00052 
00058     function & getAuthProvider()
00059     {
00060         return $this->_auth;
00061     }
00062 
00068     function setAuthProvider(& $auth)
00069     {
00070         $this->_auth =& $auth;
00071     }
00072 
00079     function setUser($userData, $rolesData = null)
00080     {
00081         $this->_auth->setUser($userData, $rolesData);
00082     }
00083 
00089     function getUser()
00090     {
00091         return $this->_auth->getUser();
00092     }
00093 
00099     function getUserRoles()
00100     {
00101         return $this->_auth->getRolesArray();
00102     }
00103 
00109     function clearUser()
00110     {
00111         $this->_auth->clearUser();
00112     }
00113 
00119     function dispatching()
00120     {
00121         $controllerName  = $this->getControllerName();
00122         $actionName      = $this->getActionName();
00123         $controllerClass = $this->getControllerClass($controllerName);
00124 
00125         if ($this->check($controllerName, $actionName, $controllerClass)) {
00126             // 检查通过，执行控制器方法
00127             return $this->_executeAction($controllerName, $actionName, $controllerClass);
00128         } else {
00129             // 检查失败
00130             $callback = FLEA::getAppInf('dispatcherAuthFailedCallback');
00131 
00132             $rawACT = $this->getControllerACT($controllerName, $controllerClass);
00133             if (is_null($rawACT) || empty($rawACT)) { return true; }
00134             $ACT = $this->_auth->prepareACT($rawACT);
00135             $roles = $this->_auth->getRolesArray();
00136             $args = array($controllerName, $actionName, $controllerClass, $ACT, $roles);
00137 
00138             // 如果控制器定义了的 _onAuthFailed 静态方法，则调用该方法
00139             if ($this->_loadController($controllerClass)) {
00140                 $methods = get_class_methods($controllerClass);
00141                 if (in_array('_onAuthFailed', $methods, true)) {
00142                     if (call_user_func_array(array($controllerClass, '_onAuthFailed'), $args) !== false) {
00143                         return false;
00144                     }
00145                 }
00146             }
00147 
00148             if ($callback) {
00149                 return call_user_func_array($callback, $args);
00150             } else {
00151                 FLEA::loadClass('FLEA_Dispatcher_Exception_CheckFailed');
00152                 __THROW(new FLEA_Dispatcher_Exception_CheckFailed($controllerName, $actionName, $rawACT, $roles));
00153                 return false;
00154             }
00155         }
00156     }
00157 
00173     function check($controllerName, $actionName = null, $controllerClass = null)
00174     {
00175         if (is_null($controllerClass)) {
00176             $controllerClass = $this->getControllerClass($controllerName);
00177         }
00178         if (is_null($actionName)) {
00179             $actionName = $this->getActionName();
00180         }
00181         // 如果控制器没有提供 ACT，或者提供了一个空的 ACT，则假定允许用户访问
00182         $rawACT = $this->getControllerACT($controllerName, $controllerClass);
00183         if (is_null($rawACT) || empty($rawACT)) { return true; }
00184 
00185         $ACT = $this->_auth->prepareACT($rawACT);
00186         $ACT['actions'] = array();
00187         if (isset($rawACT['actions']) && is_array($rawACT['actions'])) {
00188             foreach ($rawACT['actions'] as $rawActionName => $rawActionACT) {
00189                 if ($rawActionName !== ACTION_ALL) {
00190                     $rawActionName = strtolower($rawActionName);
00191                 }
00192                 $ACT['actions'][$rawActionName] = $this->_auth->prepareACT($rawActionACT);
00193             }
00194         }
00195         // 取出用户角色信息
00196         $roles = $this->_auth->getRolesArray();
00197         // 首先检查用户是否可以访问该控制器
00198         if (!$this->_auth->check($roles, $ACT)) { return false; }
00199 
00200         // 接下来验证用户是否可以访问指定的控制器方法
00201         $actionName = strtolower($actionName);
00202         if (isset($ACT['actions'][$actionName])) {
00203             return $this->_auth->check($roles, $ACT['actions'][$actionName]);
00204         }
00205 
00206         // 如果当前要访问的控制器方法没有在 act 中指定，则检查 act 中是否提供了 ACTION_ALL
00207         if (!isset($ACT['actions'][ACTION_ALL])) { return true; }
00208         return $this->_auth->check($roles, $ACT['actions'][ACTION_ALL]);
00209     }
00210 
00219     function getControllerACT($controllerName, $controllerClass)
00220     {
00221         // 首先尝试从全局 ACT 查询控制器的 ACT
00222         $ACT = FLEA::getAppInfValue('globalACT', $controllerName);
00223         if ($ACT) { return $ACT; }
00224 
00225         $actFilename = FLEA::getFilePath($controllerClass . '.act.php');
00226         if (!$actFilename) {
00227             if (FLEA::getAppInf('autoQueryDefaultACTFile')) {
00228                 $ACT = $this->getControllerACTFromDefaultFile($controllerName);
00229                 if ($ACT) { return $ACT; }
00230             }
00231 
00232             if (FLEA::getAppInf('controllerACTLoadWarning')) {
00233                 trigger_error(sprintf(_ET(0x0701006), $controllerName), E_USER_WARNING);
00234             }
00235             return FLEA::getAppInf('defaultControllerACT');
00236         }
00237 
00238         return $this->_loadACTFile($actFilename);
00239     }
00240 
00246     function getControllerACTFromDefaultFile($controllerName)
00247     {
00248         $actFilename = realpath(FLEA::getAppInf('defaultControllerACTFile'));
00249         if (!$actFilename) {
00250             if (FLEA::getAppInf('controllerACTLoadWarning')) {
00251                 trigger_error(sprintf(_ET(0x0701006), $controllerName), E_USER_WARNING);
00252             }
00253             return FLEA::getAppInf('defaultControllerACT');
00254         }
00255 
00256         $ACT = $this->_loadACTFile($actFilename);
00257         if ($ACT === false) { return false; }
00258 
00259         $ACT = array_change_key_case($ACT, CASE_UPPER);
00260         $controllerName = strtoupper($controllerName);
00261         return isset($ACT[$controllerName]) ?
00262             $ACT[$controllerName] :
00263             FLEA::getAppInf('defaultControllerACT');
00264     }
00265 
00273     function _loadACTFile($actFilename)
00274     {
00275         static $files = array();
00276 
00277         if (isset($files[$actFilename])) {
00278             return $files[$actFilename];
00279         }
00280 
00281         $ACT = require($actFilename);
00282         if (is_array($ACT)) {
00283             $files[$actFilename] = $ACT;
00284             return $ACT;
00285         }
00286 
00287         // 当控制器的 ACT 文件没有返回 ACT 时抛出异常
00288         FLEA::loadClass('FLEA_Rbac_Exception_InvalidACTFile');
00289         __THROW(new FLEA_Rbac_Exception_InvalidACTFile($actFilename, $ACT));
00290         return false;
00291     }
00292 }