fAuthorizationstatic classv1.0.0b5
Allows defining and checking user authentication via ACLs, authorization levels or a simple logged in/not logged in scheme
| 1.0.0b5 | Added getLoginPage() 3/9/10 |
|---|---|
| 1.0.0b4 | Updated class to use new fSession API 10/23/09 |
| 1.0.0b3 | Updated class to use new fSession API 5/8/09 |
| 1.0.0b2 | Fixed a bug with using named IP ranges in checkIP() 1/10/09 |
| 1.0.0b | The initial implementation 6/14/07 |
Static Methods
::addNamedIPRange() public
Adds a named IP address or range, or array of addresses and/or ranges
This method allows checkIP() to be called with a name instead of the actual IPs.
Signature
void addNamedIPRange( string $name, mixed $ip_ranges )
Parameters
| string | $name | The name to give the IP addresses/ranges |
| mixed | $ip_ranges | This can be string (or array of strings) of the IPs or IP ranges to restrict to - please see checkIP() for format details |
::checkACL() public
Checks to see if the logged in user meets the requirements of the ACL specified
Signature
boolean checkACL( string $resource, string $permission )
Parameters
| string | $resource | The resource we are checking permissions for |
| string | $permission | The permission to require from the user |
Returns
If the user has the required permissions
::checkAuthLevel() public
Checks to see if the logged in user has the specified auth level
Signature
boolean checkAuthLevel( string $level )
Parameters
| string | $level | The level to check against the logged in user's level |
Returns
If the user has the required auth level
::checkIP() public
Checks to see if the user is from the IPs or IP ranges specified
The $ip_ranges parameter can be either a single string, or an array of strings, each of which should be in one of the following formats:
- A single IP address:
- 192.168.1.1
- 208.77.188.166
- A CIDR range
- 192.168.1.0/24
- 208.77.188.160/28
- An IP/subnet mask combination
- 192.168.1.0/255.255.255.0
- 208.77.188.160/255.255.255.240
Signature
boolean checkIP( mixed $ip_ranges )
Parameters
| mixed | $ip_ranges | A string (or array of strings) of the IPs or IP ranges to restrict to - see method description for details |
Returns
If the user is coming from (one of) the IPs or ranges specified
::checkLoggedIn() public
Checks to see if the user has an auth level or ACLs defined
Signature
boolean checkLoggedIn( )
Returns
If the user is logged in
::destroyUserInfo() public
Destroys the user's auth level and/or ACLs
Signature
void destroyUserInfo( )
::getLoginPage() public
Returns the login page set via setLoginPage()
Signature
string getLoginPage( )
Returns
The login page users are redirected to if they don't have the required authorization
::getRequestedURL() public
Returns the URL requested before the user was redirected to the login page
Signature
string getRequestedURL( boolean $clear, string $default_url=NULL )
Parameters
| boolean | $clear | If the requested url should be cleared from the session after it is retrieved |
| string | $default_url | The default URL to return if the user was not redirected |
Returns
The URL that was requested before they were redirected to the login page
::getUserACLs() public
Gets the ACLs for the logged in user
Signature
array getUserACLs( )
Returns
The logged in user's ACLs
::getUserAuthLevel() public
Gets the authorization level for the logged in user
Signature
string getUserAuthLevel( )
Returns
The logged in user's auth level
::getUserToken() public
Gets the value that was set as the user token, NULL if no token has been set
Signature
mixed getUserToken( )
Returns
The user token that had been set, NULL if none
::requireACL() public
Redirect the user to the login page if they do not have the permissions required
Signature
void requireACL( string $resource, string $permission )
Parameters
| string | $resource | The resource we are checking permissions for |
| string | $permission | The permission to require from the user |
::requireAuthLevel() public
Redirect the user to the login page if they do not have the auth level required
Signature
void requireAuthLevel( string $level )
Parameters
| string | $level | The level to check against the logged in user's level |
::requireLoggedIn() public
Redirect the user to the login page if they do not have an auth level or ACLs
Signature
void requireLoggedIn( )
::reset() internal public
Please note: this method is public, however it is primarily intended for internal use by Flourish and will normally not be useful in site/application code
Resets the configuration of the class
Signature
void reset( )
::setAuthLevels() public
Sets the authorization levels to use for level checking
Signature
void setAuthLevels( array $levels )
Parameters
| array | $levels | An associative array of (string) {level} => (integer) {value}, for each level |
::setLoginPage() public
Sets the login page to redirect users to
Signature
void setLoginPage( string $url )
Parameters
| string | $url | The URL of the login page |
::setRequestedURL() public
Sets the restricted URL requested by the user
Signature
void setRequestedURL( string $url )
Parameters
| string | $url | The URL to save as the requested URL |
::setUserACLs() public
Sets the ACLs for the logged in user.
Array should be formatted like:
array (
(string) {resource name} => array(
(mixed) {permission}, ...
), ...
)The resource name or the permission may be the single character '*' which acts as a wildcard.
Signature
void setUserACLs( array $acls )
Parameters
| array | $acls | The logged in user's ACLs - see method description for format |
::setUserAuthLevel() public
Sets the authorization level for the logged in user
Signature
void setUserAuthLevel( string $level )
Parameters
| string | $level | The logged in user's auth level |
::setUserToken() public
Sets some piece of information to use to identify the current user
Signature
void setUserToken( mixed $token )
Parameters
| mixed | $token | The user's token. This could be a user id, an email address, a user object, etc. |
