phpPeanuts  2.2.0
phpPeanuts framework
 All Data Structures Namespaces Files Functions Variables
Public Member Functions | Data Fields
PntSecurityManager Class Reference

Inherited by SecurityManager.

Public Member Functions

 __construct ($baseUrl, $tokenSalt)
 
 getAuthenticator ()
 
 initAuthenticator ()
 
 isAuthenticated ($request, $scout)
 
 authenticate ($username, $password)
 
 newFootprintId ()
 
 checkAccessRef ($handler, $request, $scout)
 
 checkRefEqual ($httpRef, $footprint)
 
 isEntryPage ($handler, $request)
 
 checkAccessApp ($path)
 
 checkViewInDomainDir ($path)
 
 checkModifyInDomainDir ($path)
 
 checkViewClass ($objects, $clsDesc)
 
 checkModifyClass ($objects, $clsDesc)
 
 checkCreateClass ($objects, $clsDesc)
 
 checkEditClass ($objects, $clsDesc)
 
 checkDeleteClass ($objects, $clsDesc)
 
 checkViewObject ($object, $clsDesc)
 
 checkCreateObject ($object, $clsDesc)
 
 checkEditObject ($object, $clsDesc)
 
 checkDeleteObject ($object, $clsDesc)
 
 checkViewProperty ($object, $propDesc)
 
 checkEditProperty ($object, $propDesc)
 
 checkSelectProperty ($objects, $clsDesc, $propertyName)
 
 getMessageDeniedAccessApp ($path)
 
 getMessageDeniedViewInDomainDir ($path)
 
 getMessageDeniedModifyInDomainDir ($path)
 
 getMessageDeniedViewClass ($objects, $clsDesc)
 
 getMessageDeniedModifyClass ($objects, $clsDesc)
 
 getMessageDeniedCreateClass ($objects, $clsDesc)
 
 getMessageDeniedEditClass ($objects, $clsDesc)
 
 getMessageDeniedDeleteClass ($objects, $clsDesc)
 
 getMessageDeniedViewObject ($object, $clsDesc)
 
 getMessageDeniedCreateObject ($object, $clsDesc)
 
 getMessageDeniedEditObject ($object, $clsDesc)
 
 getMessageDeniedDeleteObject ($object, $clsDesc)
 
 getMessageDeniedViewProperty ($object, $propDesc)
 
 getMessageDeniedViewPropertyValues ($object, $propDesc)
 
 getMessageDeniedEditProperty ($object, $propDesc)
 
 getMessageDeniedSelectProperty ($objects, $clsDesc, $propertyName)
 
 getMessageDeniedAccessRef ($pntRef)
 
 getMessageFootprintMismatch ($httpRef, $footprint)
 

Data Fields

 $baseUrl
 
 $tokenSalt
 
 $authenticator
 

Constructor & Destructor Documentation

__construct (   $baseUrl,
  $tokenSalt 
)

Member Function Documentation

authenticate (   $username,
  $password 
)

Authenticate the user. If authenticated, register the user session

Parameters
String$usernameThe username
String$passwordThe password
Returns
true if the user could be authenticated.
checkAccessApp (   $path)
checkAccessRef (   $handler,
  $request,
  $scout 
)

Check the referrer info and token.

Parameters
PntRequestHandlerasking for access
PntHttpRequest$request
ScoutInterface$scout
Returns
string error if not OK PntValidationException if HTTP_REFERER and scouting footprint don't match
checkCreateClass (   $objects,
  $clsDesc 
)
checkCreateObject (   $object,
  $clsDesc 
)
checkDeleteClass (   $objects,
  $clsDesc 
)
checkDeleteObject (   $object,
  $clsDesc 
)
checkEditClass (   $objects,
  $clsDesc 
)
checkEditObject (   $object,
  $clsDesc 
)
checkEditProperty (   $object,
  $propDesc 
)

A property by default may be edited if the object may be edited and the property may be viewed. However, it is more efficient to check if the object may be edited only once for each page, therefore that is not checked here. Currently the user interface only adapts to checkEditProperty by hiding buttons to and accessing MtoNPropertyPages and processing their forms. EditDetailsPages do not (yet) replace (MtoN)DialogWidgets by text, and SaveActions do not checkEditProperty for single value properties, so the user should be allowed to select a value for a property whose type he may not view. For the time being this is to be resolved by the application developer overriding this method and ::checkSelectProperty or overriding getFormWidget on EditDetailsPage.

checkModifyClass (   $objects,
  $clsDesc 
)
checkModifyInDomainDir (   $path)
checkRefEqual (   $httpRef,
  $footprint 
)
Parameters
string$httpReffootprint from HTTP_REFERER
string$footprintfrom scouting
Returns
boolean wheather the footprints should be considered equal
checkSelectProperty (   $objects,
  $clsDesc,
  $propertyName 
)

By default the selection of values is only allowed if the properties type may be viewed. PROBLEM: Form fields are currently not made readOnly in EditDetailsPages if the property is not editable, so the user can try to select a value for it but may not be allowed to do so. It would be nice to by default allow selection too, but we can not verify the properties existence and type. For the time being this is to be resolved by the application developer overriding this method or overriding getFormWidget on EditDetailsPage.

checkViewClass (   $objects,
  $clsDesc 
)
checkViewInDomainDir (   $path)
checkViewObject (   $object,
  $clsDesc 
)
checkViewProperty (   $object,
  $propDesc 
)

A property by default may be viewed if the object may be viewed and the properties values may be viewed. However, it is more efficient to check if the object may be viewed only once for each page, therefore that is not checked here. Getting the properties values for each multi value property button thakes too much time, so for multi value properties only the type is checked

getAuthenticator ( )
getMessageDeniedAccessApp (   $path)
getMessageDeniedAccessRef (   $pntRef)
getMessageDeniedCreateClass (   $objects,
  $clsDesc 
)
getMessageDeniedCreateObject (   $object,
  $clsDesc 
)
getMessageDeniedDeleteClass (   $objects,
  $clsDesc 
)
getMessageDeniedDeleteObject (   $object,
  $clsDesc 
)
getMessageDeniedEditClass (   $objects,
  $clsDesc 
)
getMessageDeniedEditObject (   $object,
  $clsDesc 
)
getMessageDeniedEditProperty (   $object,
  $propDesc 
)
getMessageDeniedModifyClass (   $objects,
  $clsDesc 
)
getMessageDeniedModifyInDomainDir (   $path)
getMessageDeniedSelectProperty (   $objects,
  $clsDesc,
  $propertyName 
)
getMessageDeniedViewClass (   $objects,
  $clsDesc 
)
getMessageDeniedViewInDomainDir (   $path)
getMessageDeniedViewObject (   $object,
  $clsDesc 
)
getMessageDeniedViewProperty (   $object,
  $propDesc 
)
getMessageDeniedViewPropertyValues (   $object,
  $propDesc 
)
getMessageFootprintMismatch (   $httpRef,
  $footprint 
)
initAuthenticator ( )

Initialize the authenticator. Override this method to initialize it to an authenticator that actually does authentication

isAuthenticated (   $request,
  $scout 
)

Initializes the authenticator if not yet initialized

Returns
wheather the user is authenticated, or true if authentication is not required.
Parameters
PntHttpRequest$request
ScoutInterface$scoutsession has been started
isEntryPage (   $handler,
  $request 
)

To be overridden for aditional entry pages if no authentication Default is to delegate to the authenticator

Parameters
PntRequestHandler$handler
PntHttpRequest$request
Returns
boolean whether $handler is an entry page that does not require a valid pntRef if no footprints
newFootprintId ( )
Returns
string a new footPrint

Field Documentation

$authenticator
$baseUrl
$tokenSalt
The documentation for this class was generated from the following file:
Generated on Fri May 24 2013 11:25:13 for phpPeanuts by   doxygen 1.8.3.1