Overview

Namespaces

  • LeanCloud
    • Engine
    • Operation
    • Storage
    • Uploader

Classes

  • LeanCloud\ACL
  • LeanCloud\AppRouter
  • LeanCloud\Bytes
  • LeanCloud\Client
  • LeanCloud\Engine\Cloud
  • LeanCloud\Engine\LaravelEngine
  • LeanCloud\Engine\LeanEngine
  • LeanCloud\Engine\SlimEngine
  • LeanCloud\File
  • LeanCloud\GeoPoint
  • LeanCloud\LeanObject
  • LeanCloud\MIMEType
  • LeanCloud\Operation\ArrayOperation
  • LeanCloud\Operation\DeleteOperation
  • LeanCloud\Operation\IncrementOperation
  • LeanCloud\Operation\RelationOperation
  • LeanCloud\Operation\SetOperation
  • LeanCloud\Push
  • LeanCloud\Query
  • LeanCloud\Region
  • LeanCloud\Relation
  • LeanCloud\Role
  • LeanCloud\RouteCache
  • LeanCloud\SaveOption
  • LeanCloud\SMS
  • LeanCloud\Storage\CookieStorage
  • LeanCloud\Storage\SessionStorage
  • LeanCloud\Uploader\QCloudUploader
  • LeanCloud\Uploader\QiniuUploader
  • LeanCloud\Uploader\S3Uploader
  • LeanCloud\Uploader\SimpleUploader
  • LeanCloud\User

Interfaces

  • LeanCloud\Operation\IOperation
  • LeanCloud\Storage\IStorage

Exceptions

  • LeanCloud\BatchRequestError
  • LeanCloud\CloudException
  • LeanCloud\Engine\FunctionError
  • Overview
  • Namespace
  • Class 
  1:   2:   3:   4:   5:   6:   7:   8:   9:  10:  11:  12:  13:  14:  15:  16:  17:  18:  19:  20:  21:  22:  23:  24:  25:  26:  27:  28:  29:  30:  31:  32:  33:  34:  35:  36:  37:  38:  39:  40:  41:  42:  43:  44:  45:  46:  47:  48:  49:  50:  51:  52:  53:  54:  55:  56:  57:  58:  59:  60:  61:  62:  63:  64:  65:  66:  67:  68:  69:  70:  71:  72:  73:  74:  75:  76:  77:  78:  79:  80:  81:  82:  83:  84:  85:  86:  87:  88:  89:  90:  91:  92:  93:  94:  95:  96:  97:  98:  99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231: 232: 233: 234: 235: 236: 237: 238: 239: 240: 241: 242: 243: 244: 245: 246: 247: 248: 249: 250: 251: 252: 253: 254: 255: 256: 257: 258: 259: 260: 261: 262: 263: 264: 265: 266: 267: 268: 269: 270: 271: 272: 273: 274: 275: 276: 277: 278: 279: 280: 281: 282: 283: 284: 285: 286: 287: 288: 289: 290: 291: 292: 293: 294: 295: 296: 297: 298: 299: 300: 301: 302: 303: 304: 305: 306: 307: 308: 309: 310: 311: 312: 
<?php
namespace LeanCloud;

/**
 * Access Control List representation on LeanCloud
 *
 * An ACL is a field that specifies who can or cannot read/write an
 * object. The read/write access can be speified for public, or any
 * users and roles. There can be as many users and roles as possible
 * in an ACL.
 *
 * @see Role
 */
class ACL {
    /**
     * Public access key in ACL field
     */
    const PUBLIC_KEY = "*";

    /**
     * ACL data
     *
     * @var array
     */
    private $data;

    /**
     * Initialize an ACL object
     *
     * It accepts user, or JSON encoded ACL data. In the former, the
     * user will be granted both read and write access. While the
     * latter will be interpretted as JSON encoded array.
     *
     * With empty param, it creates an ACL with no permission granted.
     *
     * @param mixed $val User or JSON encoded ACL array
     */
    public function __construct($val=array()) {
        $this->data = array();

        if ($val instanceof User) {
            $this->setReadAccess($val, true);
            $this->setWriteAccess($val, true);
        } else if (is_array($val)) {
            forEach($val as $id => $attr) {
                if (!is_string($id)) {
                    throw new \RuntimeException("Invalid ACL target");
                }
                if (isset($attr["read"]) || isset($attr["write"])) {
                    $this->data[$id] = $attr;
                } else {
                    throw new \RuntimeException("Invalid ACL access type");
                }
            }
        } else {
            throw new \RuntimeException("Invalid ACL data.");
        }
    }

    /**
     * Set access on a target
     *
     * @param string $target     The target label for user, role, or public
     * @param string $accessType Either read or write
     * @param bool   $flag       Enable or disable the access
     * @throws InvalidArgumentException
     */
    private function setAccess($target, $accessType, $flag) {
        if (empty($target)) {
            throw new \InvalidArgumentException("ACL target cannot be empty");
        }
        if (!in_array($accessType, array("read", "write"))) {
            throw new \InvalidArgumentException("ACL access type must be" .
                                                " either read or write.");
        }

        $access = array();
        if (isset($this->data[$target])) {
            $access = $this->data[$target];
        }
        $access[$accessType] = $flag;
        $this->data[$target] = $access;
    }

    /**
     * Get access flag for target
     *
     * It returns true only if it has been explicitly set to true.
     *
     * @param string $target     Target label for user, role, or public
     * @param string $accessType Either read or write
     * @return bool
     */
    private function getAccess($target, $accessType) {
        if (empty($target)) {
            throw new \InvalidArgumentException("Access target cannot be empty");
        }
        if (!in_array($accessType, array("read", "write"))) {
            throw new \InvalidArgumentException("ACL access type must be" .
                                                " either read or write.");
        }
        if (isset($this->data[$target][$accessType])) {
            return $this->data[$target][$accessType];
        }
        return false;
    }

    /**
     * Get whether public is allowed to read
     *
     * @return bool
     */
    public function getPublicReadAccess() {
        return $this->getAccess(self::PUBLIC_KEY, "read");
    }

    /**
     * Get whether public is allowed to write
     *
     * @return bool
     */
    public function getPublicWriteAccess() {
        return $this->getAccess(self::PUBLIC_KEY, "write");
    }

    /**
     * Set read access for public
     *
     * @param bool $flag Enable or disable public read
     * @return self
     */
    public function setPublicReadAccess($flag) {
        $this->setAccess(self::PUBLIC_KEY, "read", $flag);
        return $this;
    }

    /**
     * Set write access for public
     *
     * @param bool $flag Enable or disable public write
     * @return self
     */
    public function setPublicWriteAccess($flag) {
        $this->setAccess(self::PUBLIC_KEY, "write", $flag);
        return $this;
    }

    /**
     * Get explicit read access for role
     *
     * Even if it returns false, the group may still be able to access
     * object if object is accessible to public.
     *
     * @param string|Role Role object or name
     * @return bool
     */
    public function getRoleReadAccess($role) {
        if ($role instanceof Role) {
            $role = $role->getName();
        }
        return $this->getAccess("role:$role", "read");
    }

    /**
     * Get explicit write access for role
     *
     * Even if it returns false, the group may still be able to access
     * object if object is accessible to public.
     *
     * @param string|Role Role object or name
     * @return bool
     */
    public function getRoleWriteAccess($role) {
        if ($role instanceof Role) {
            $role = $role->getName();
        }
        return $this->getAccess("role:$role", "write");
    }

    /**
     * Set read access for role
     *
     * @param string|Role $role Role object or role name
     * @param bool            $flag
     * @return self
     */
    public function setRoleReadAccess($role, $flag) {
        if ($role instanceof Role) {
            $role = $role->getName();
        }
        if (!is_string($role)) {
            throw new \InvalidArgumentException("role must be either " .
                                                "Role or string.");
        }
        $this->setAccess("role:$role", "read", $flag);
        return $this;
    }

    /**
     * Set write access for role
     *
     * @param string|Role $role Role object or role name
     * @param bool            $flag
     * @return self
     */
    public function setRoleWriteAccess($role, $flag) {
        if ($role instanceof Role) {
            $role = $role->getName();
        }
        if (!is_string($role)) {
            throw new \InvalidArgumentException("role must be either " .
                                                "Role or string.");
        }
        $this->setAccess("role:$role", "write", $flag);
        return $this;
    }

    /**
     * Get explicit read access for user
     *
     * Even if it returns false, the user may still be able to access
     * object if object is accessible to public or a role the user
     * belongs to.
     *
     * @param string|User $user Target user or user id
     * @return bool
     */
    public function getReadAccess($user) {
        if ($user instanceof User) {
            $user = $user->getObjectId();
        }
        return $this->getAccess($user, "read");
    }

    /**
     * Get explicit write access for user
     *
     * Even if it returns false, the user may still be able to access
     * object if object is accessible to public or a role the user
     * belongs to.
     *
     * @param string|User $user Target user or user id
     * @return bool
     */
    public function getWriteAccess($user) {
        if ($user instanceof User) {
            $user = $user->getObjectId();
        }
        return $this->getAccess($user, "write");
    }

    /**
     * Set read access for user
     *
     * @param string|User $user Target user or user id
     * @param bool            $flag Enable or disable read for user
     * @return self
     */
    public function setReadAccess($user, $flag) {
        if ($user instanceof User) {
            if (!$user->getObjectId()) {
                throw new \RuntimeException("user must be saved before " .
                                            "being assigned in ACL.");
            }
            $user = $user->getObjectId();
        }
        if (!is_string($user)) {
            throw new \InvalidArgumentException("user must be either " .
                                                " User or objectId.");
        }
        $this->setAccess($user, "read", $flag);
        return $this;
    }

    /**
     * Set write access for user
     *
     * @param string|User $user Target user or user id
     * @param bool            $flag Enable or disable write for user
     * @return self
     */
    public function setWriteAccess($user, $flag) {
        if ($user instanceof User) {
            if (!$user->getObjectId()) {
                throw new \RuntimeException("user must be saved before " .
                                            "being assigned in ACL.");
            }
            $user = $user->getObjectId();
        }
        if (!is_string($user)) {
            throw new \InvalidArgumentException("user must be either " .
                                                " User or objectId.");
        }
        $this->setAccess($user, "write", $flag);
        return $this;
    }

    /**
     * Encode to JSON representation
     *
     * It returns an associative array, or an empty object if
     * empty. The latter is a workaround as we need to json encode
     * empty ACL as json object, instead of array.
     *
     * @return array|object
     */
    public function encode() {
        return empty($this->data) ? new \stdClass() : $this->data;
    }
}
API documentation generated by ApiGen