hdabo_sf: vendor/symfony/src/Symfony/Component/Security/Acl/Domain/PermissionGrantingStrategy.php@d672f7dd74dc (annotated)

0 7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	1	<?php
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	2
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	3	/*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	4	* This file is part of the Symfony package.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	5	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	6	* (c) Fabien Potencier <fabien@symfony.com>
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	7	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	8	* For the full copyright and license information, please view the LICENSE
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	9	* file that was distributed with this source code.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	10	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	11
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	12	namespace Symfony\Component\Security\Acl\Domain;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	13
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	14	use Symfony\Component\Security\Acl\Exception\NoAceFoundException;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	15	use Symfony\Component\Security\Acl\Exception\SidNotLoadedException;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	16	use Symfony\Component\Security\Acl\Model\AclInterface;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	17	use Symfony\Component\Security\Acl\Model\AuditLoggerInterface;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	18	use Symfony\Component\Security\Acl\Model\EntryInterface;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	19	use Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	20	use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	21
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	22	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	23	* The permission granting strategy to apply to the access control list.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	24	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	25	* @author Johannes M. Schmitt <schmittjoh@gmail.com>
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	26	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	27	class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	28	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	29	const EQUAL = 'equal';
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	30	const ALL = 'all';
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	31	const ANY = 'any';
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	32
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	33	private $auditLogger;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	34
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	35	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	36	* Sets the audit logger
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	37	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	38	* @param AuditLoggerInterface $auditLogger
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	39	* @return void
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	40	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	41	public function setAuditLogger(AuditLoggerInterface $auditLogger)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	42	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	43	$this->auditLogger = $auditLogger;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	44	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	45
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	46	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	47	* {@inheritDoc}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	48	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	49	public function isGranted(AclInterface $acl, array $masks, array $sids, $administrativeMode = false)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	50	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	51	try {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	52	try {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	53	$aces = $acl->getObjectAces();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	54
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	55	if (!$aces) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	56	throw new NoAceFoundException();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	57	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	58
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	59	return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	60	} catch (NoAceFoundException $noObjectAce) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	61	$aces = $acl->getClassAces();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	62
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	63	if (!$aces) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	64	throw $noObjectAce;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	65	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	66
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	67	return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	68	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	69	} catch (NoAceFoundException $noClassAce) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	70	if ($acl->isEntriesInheriting() && null !== $parentAcl = $acl->getParentAcl()) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	71	return $parentAcl->isGranted($masks, $sids, $administrativeMode);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	72	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	73
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	74	throw $noClassAce;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	75	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	76	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	77
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	78	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	79	* {@inheritDoc}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	80	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	81	public function isFieldGranted(AclInterface $acl, $field, array $masks, array $sids, $administrativeMode = false)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	82	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	83	try {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	84	try {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	85	$aces = $acl->getObjectFieldAces($field);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	86	if (!$aces) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	87	throw new NoAceFoundException();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	88	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	89
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	90	return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	91	} catch (NoAceFoundException $noObjectAces) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	92	$aces = $acl->getClassFieldAces($field);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	93	if (!$aces) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	94	throw $noObjectAces;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	95	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	96
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	97	return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	98	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	99	} catch (NoAceFoundException $noClassAces) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	100	if ($acl->isEntriesInheriting() && null !== $parentAcl = $acl->getParentAcl()) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	101	return $parentAcl->isFieldGranted($field, $masks, $sids, $administrativeMode);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	102	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	103
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	104	throw $noClassAces;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	105	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	106	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	107
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	108	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	109	* Makes an authorization decision.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	110	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	111	* The order of ACEs, and SIDs is significant; the order of permission masks
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	112	* not so much. It is important to note that the more specific security
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	113	* identities should be at the beginning of the SIDs array in order for this
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	114	* strategy to produce intuitive authorization decisions.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	115	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	116	* First, we will iterate over permissions, then over security identities.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	117	* For each combination of permission, and identity we will test the
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	118	* available ACEs until we find one which is applicable.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	119	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	120	* The first applicable ACE will make the ultimate decision for the
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	121	* permission/identity combination. If it is granting, this method will return
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	122	* true, if it is denying, the method will continue to check the next
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	123	* permission/identity combination.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	124	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	125	* This process is repeated until either a granting ACE is found, or no
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	126	* permission/identity combinations are left. In the latter case, we will
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	127	* call this method on the parent ACL if it exists, and isEntriesInheriting
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	128	* is true. Otherwise, we will either throw an NoAceFoundException, or deny
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	129	* access finally.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	130	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	131	* @param AclInterface $acl
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	132	* @param array $aces An array of ACE to check against
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	133	* @param array $masks An array of permission masks
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	134	* @param array $sids An array of SecurityIdentityInterface implementations
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	135	* @param Boolean $administrativeMode True turns off audit logging
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	136	* @return Boolean true, or false; either granting, or denying access respectively.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	137	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	138	private function hasSufficientPermissions(AclInterface $acl, array $aces, array $masks, array $sids, $administrativeMode)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	139	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	140	$firstRejectedAce = null;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	141
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	142	foreach ($masks as $requiredMask) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	143	foreach ($sids as $sid) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	144	foreach ($aces as $ace) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	145	if ($sid->equals($ace->getSecurityIdentity()) && $this->isAceApplicable($requiredMask, $ace)) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	146	if ($ace->isGranting()) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	147	if (!$administrativeMode && null !== $this->auditLogger) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	148	$this->auditLogger->logIfNeeded(true, $ace);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	149	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	150
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	151	return true;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	152	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	153
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	154	if (null === $firstRejectedAce) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	155	$firstRejectedAce = $ace;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	156	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	157
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	158	break 2;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	159	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	160	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	161	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	162	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	163
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	164	if (null !== $firstRejectedAce) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	165	if (!$administrativeMode && null !== $this->auditLogger) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	166	$this->auditLogger->logIfNeeded(false, $firstRejectedAce);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	167	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	168
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	169	return false;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	170	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	171
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	172	throw new NoAceFoundException();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	173	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	174
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	175	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	176	* Determines whether the ACE is applicable to the given permission/security
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	177	* identity combination.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	178	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	179	* Per default, we support three different comparison strategies.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	180	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	181	* Strategy ALL:
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	182	* The ACE will be considered applicable when all the turned-on bits in the
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	183	* required mask are also turned-on in the ACE mask.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	184	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	185	* Strategy ANY:
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	186	* The ACE will be considered applicable when any of the turned-on bits in
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	187	* the required mask is also turned-on the in the ACE mask.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	188	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	189	* Strategy EQUAL:
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	190	* The ACE will be considered applicable when the bitmasks are equal.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	191	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	192	* @param integer $requiredMask
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	193	* @param EntryInterface $ace
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	194	* @return Boolean
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	195	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	196	private function isAceApplicable($requiredMask, EntryInterface $ace)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	197	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	198	$strategy = $ace->getStrategy();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	199	if (self::ALL === $strategy) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	200	return $requiredMask === ($ace->getMask() & $requiredMask);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	201	} else if (self::ANY === $strategy) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	202	return 0 !== ($ace->getMask() & $requiredMask);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	203	} else if (self::EQUAL === $strategy) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	204	return $requiredMask === $ace->getMask();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	205	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	206
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	207	throw new \RuntimeException(sprintf('The strategy "%s" is not supported.', $strategy));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	208	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	209	}

author	cavaliet
	Mon, 07 Jul 2014 17:23:47 +0200
changeset 122	d672f7dd74dc
parent 0	7f95f8617b0b
permissions	-rwxr-xr-x