<?php
/**
 * authorize module Group
 * 
 * @author gERD Schaufelberger <gerd@exit0.net>
 * @copyright 2004 by http://wombat.exit0.net
 * @package wombatSite
 * @subpackage user
 */
 
/**
 * Authorize by group
 * 
 * Managing user in groups is a very common way handling 
 * differnt authorisation levels. Therefore the group module 
 * checks whether a user belongs to the specified group and 
 * grants access on a positive result.
 * 
 * The required group is defined by name in the rule. 
 * 
 * To gain the opposite effect, the group module support nagtive 
 * rules - marked by an "!" in front of the group name. 
 *
 * @version 0.1
 * @package wombatSite
 * @subpackage user
 */
class wbAuthorize_Group
{
   /**
    * authorize against rule
	*
	* @access public
	* @param string $rule 
	* @return boolean $result true on success
	*/
    function checkAuthorisation( $rule )
    {
		$user	=&	wbFactory::singleton( 'wbUser' );
		
		// check if user is logged in
		if( !$user->isAuthenticated() )
		{
			return false;
		}
		
		// check for negation
		if( $rule[0] === '!' )
		{
			$rule	=	substr( $rule, 1 );
			return !$user->checkGroup( $rule );
		}

		return $user->checkGroup( $rule );
    }
}
?>