* @package WB * @subpackage vfs */ WBClass::load('WBVFS_AccessControlRule'); /** * Virtual File System: Access Control Rule: DenyFileOfUser * * Check permission denied if file is owned by one of listed users' (id). * * Configuration example: * - uid => array(123, 345, ...) // uid is array of ids * - group => '' // group name like staff * * @version 0.1.1 * @package WB * @subpackage vfs */ class WBVFS_AccessControlRule_DenyFileOfUser extends WBVFS_AccessControlRule { const USER_PRIMARY = 'uid'; /** * 2nc Constructor * * Called after configuration was set */ protected function init() { // normalize config if (empty($this->config[self::USER_PRIMARY])) { $this->config[self::USER_PRIMARY] = array(); } if (!is_array($this->config[self::USER_PRIMARY])) { $this->config[self::USER_PRIMARY] = array($this->config[self::USER_PRIMARY]); } if (empty($this->config['group'])) { $this->config['group'] = ''; } } /** * Check Permissions 4 Request * * @param WBRequest * @return bool */ public function isRequestGranted($req) { if (empty($this->config[self::USER_PRIMARY])) { $this->log->debug($this->getLogMsg($this::GRANT_ALLOW, 'Empty config')); return true; } $uid = $this->file->getUserId(); if (!in_array($uid, $this->config[self::USER_PRIMARY])) { return true; } /** @var WBUser_Auth */ $user = WBUser::getCurrent(); // any group if (empty($this->config['group']) && $user->isAuthenticated()) { $this->log->debug($this->getLogMsg($this::GRANT_ALLOW, sprintf('File %s - current user %s authenticated', $this->file->getId(), $user->getId()))); return true; } // specific group if ($user->isInGroup($this->config['group'])) { $this->log->debug($this->getLogMsg($this::GRANT_ALLOW, sprintf('File %s - current user %s in group %s', $this->file->getId(), $user->getId(), $this->config['group']))); return true; } $this->log->debug($this->getLogMsg($this::GRANT_DENY, sprintf('File %s - current user %s not in group %s', $this->file->getId(), $user->getId(), $this->config['group']))); return false; } }