CHIEFSOFT\ameye
116 lines
3.2 KiB
PHP
116 lines
3.2 KiB
PHP
<?php
|
|
/**
|
|
* @file classes/security/authorization/PolicySet.php
|
|
*
|
|
* Copyright (c) 2014-2021 Simon Fraser University
|
|
* Copyright (c) 2000-2021 John Willinsky
|
|
* Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
|
|
*
|
|
* @class PolicySet
|
|
*
|
|
* @ingroup security_authorization
|
|
*
|
|
* @brief An ordered list of policies. Policy sets can be added to
|
|
* decision managers like policies. The decision manager will evaluate
|
|
* the contained policies in the order they were added.
|
|
*
|
|
* NB: PolicySets can be nested.
|
|
*/
|
|
|
|
namespace PKP\security\authorization;
|
|
|
|
class PolicySet
|
|
{
|
|
public const COMBINING_DENY_OVERRIDES = 1;
|
|
public const COMBINING_PERMIT_OVERRIDES = 2;
|
|
|
|
/** @var array */
|
|
public $_policies = [];
|
|
|
|
/** @var int */
|
|
public $_combiningAlgorithm;
|
|
|
|
/** @var int the default effect if none of the policies in the set applies */
|
|
public $_effectIfNoPolicyApplies = AuthorizationPolicy::AUTHORIZATION_DENY;
|
|
|
|
|
|
/**
|
|
* Constructor
|
|
*
|
|
* @param int $combiningAlgorithm COMBINING_...
|
|
*/
|
|
public function __construct($combiningAlgorithm = self::COMBINING_DENY_OVERRIDES)
|
|
{
|
|
$this->_combiningAlgorithm = $combiningAlgorithm;
|
|
}
|
|
|
|
//
|
|
// Setters and Getters
|
|
//
|
|
/**
|
|
* Add a policy or a nested policy set.
|
|
*
|
|
* @param AuthorizationPolicy|PolicySet $policyOrPolicySet
|
|
* @param bool $addToTop whether to insert the new policy
|
|
* to the top of the list.
|
|
*/
|
|
public function addPolicy($policyOrPolicySet, $addToTop = false)
|
|
{
|
|
assert($policyOrPolicySet instanceof AuthorizationPolicy || $policyOrPolicySet instanceof self);
|
|
if ($addToTop) {
|
|
array_unshift($this->_policies, $policyOrPolicySet);
|
|
} else {
|
|
$this->_policies[] = & $policyOrPolicySet;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Get all policies within this policy set.
|
|
*
|
|
* @return array a list of AuthorizationPolicy or PolicySet objects.
|
|
*/
|
|
public function &getPolicies()
|
|
{
|
|
return $this->_policies;
|
|
}
|
|
|
|
/**
|
|
* Return the combining algorithm
|
|
*
|
|
* @return int
|
|
*/
|
|
public function getCombiningAlgorithm()
|
|
{
|
|
return $this->_combiningAlgorithm;
|
|
}
|
|
|
|
/**
|
|
* Set the default effect if none of the policies in the set applies
|
|
*
|
|
* @param int $effectIfNoPolicyApplies
|
|
*/
|
|
public function setEffectIfNoPolicyApplies($effectIfNoPolicyApplies)
|
|
{
|
|
assert($effectIfNoPolicyApplies == AuthorizationPolicy::AUTHORIZATION_PERMIT ||
|
|
$effectIfNoPolicyApplies == AuthorizationPolicy::AUTHORIZATION_DENY ||
|
|
$effectIfNoPolicyApplies == AuthorizationDecisionManager::AUTHORIZATION_NOT_APPLICABLE);
|
|
$this->_effectIfNoPolicyApplies = $effectIfNoPolicyApplies;
|
|
}
|
|
|
|
/**
|
|
* Get the default effect if none of the policies in the set applies
|
|
*
|
|
* @return int
|
|
*/
|
|
public function getEffectIfNoPolicyApplies()
|
|
{
|
|
return $this->_effectIfNoPolicyApplies;
|
|
}
|
|
}
|
|
|
|
if (!PKP_STRICT_MODE) {
|
|
class_alias('\PKP\security\authorization\PolicySet', '\PolicySet');
|
|
define('COMBINING_DENY_OVERRIDES', PolicySet::COMBINING_DENY_OVERRIDES);
|
|
define('COMBINING_PERMIT_OVERRIDES', PolicySet::COMBINING_PERMIT_OVERRIDES);
|
|
}
|