phpcr/src/PHPCR/Security/AccessControlManagerInterface.php

Show: PublicProtectedPrivateinherited
    Table of Contents
    This file is part of the PHPCR API and was originally ported from the Java JCR API to PHP by Karsten Dambekalns for the FLOW3 project.

    Copyright 2008-2011 Karsten Dambekalns karsten@typo3.org

    Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

    License
    Apache Software License 2.0  
    Link
    http://phpcr.github.com/  

    \PHPCR\Security\AccessControlManagerInterface
    jump to top

    Package: Default
    The AccessControlManager object is accessed via SessionInterface::getAccessControlManager().

    It provides methods for:

    • Access control discovery
    • Assigning access control policies
    Api
     

    Methods

    methodpublicgetApplicablePolicies(string | null $absPath) : \Iterator

    Returns the access control policies that are capable of being applied to the object specified by $absPath.

    If $absPath is the absolute path of an accessible node then the specified object is that node. If $absPath is null then the specified object is the repository as a whole.

    Parameters
    NameTypeDescription
    $absPathstring | null

    The absolute path to the node of which privileges are requested or null for the repository as a whole.

    Returns
    TypeDescription
    \Iteratorover the applicable access control policies implementing <b>SeekableIterator</b> and <b>Countable</b>. Values are the AccessControlPolicyInterface instances. Keys have no meaning. Returns an empty iterator if no policies are applicable.
    Throws
    ExceptionDescription
    \PHPCR\PathNotFoundExceptionif $absPath is non-null and no node at $absPath exists or the session does not have sufficient access to retrieve a node at that location.
    \PHPCR\AccessDeniedExceptionif the session lacks READ_ACCESS_CONTROL privilege for the absPath node.
    \PHPCR\RepositoryExceptionif another error occurs.
    Details
    Api
     
    methodpublicgetEffectivePolicies(string | null $absPath) : array

    Gets the access control policies currently in effect.

    Returns the AccessControlPolicy objects that currently are in effect for the object specified by $absPath. If $absPath is the absolute path of an accessible node then the specified object is that node. If $absPath is null then the specified object is the repository as a whole.

    The policies returned by this method may include both those set through this API and implementation specific policies.

    Parameters
    NameTypeDescription
    $absPathstring | null

    The absolute path to the node of which privileges are requested or null for non-node privileges.

    Returns
    TypeDescription
    arrayan array of AccessControlPolicy objects.
    Throws
    ExceptionDescription
    \PHPCR\PathNotFoundExceptionif $absPath is non-null and no node at $absPath exists or the session does not have sufficient access to retrieve a node at that location.
    \PHPCR\AccessDeniedExceptionif the session lacks READ_ACCESS_CONTROL privilege for the absPath node.
    \PHPCR\RepositoryExceptionif another error occurs.
    Details
    Api
     
    methodpublicgetPolicies(string | null $absPath) : array

    Gets the access control policies previously set.

    Returns the AccessControlPolicy objects that have been set to the object specified by $absPath. If $absPath is the absolute path of an accessible node then the specified object is that node. If $absPath is null then the specified object is the repository as a whole. If no policy has been set for the specified object, an empty array is returned. This method reflects the binding state, including transient policy modifications.

    Use getEffectivePolicies() in order to determine the policy that effectively applies to $absPath.

    Parameters
    NameTypeDescription
    $absPathstring | null

    The absolute path to a node the privileges shall be fetched of or null to fetch non-node privileges.

    Returns
    TypeDescription
    arrayan array of AccessControlPolicy objects or an empty array if no policy has been set.
    Throws
    ExceptionDescription
    \PHPCR\PathNotFoundExceptionif $absPath is non-null and no node at $absPath exists or the session does not have sufficient access to retrieve a node at that location.
    \PHPCR\AccessDeniedExceptionif the session lacks READ_ACCESS_CONTROL privilege for the absPath node.
    \PHPCR\RepositoryExceptionif another error occurs.
    Details
    Api
     
    methodpublicgetPrivileges(string | null $absPath = null) : array

    Reads the privileges of the current session.

    Returns the privileges for the object specified by $absPath. If $absPath is the absolute path of an accessible node then the specified object is that node. If $absPath is null then the specified object is the repository as a whole and the privileges in question are those that are not associated with any particular node. This includes such privileges as being able administer the node type registry, for example.

    The returned privileges are those for which AccessControlManagerInterface::hasPrivileges() would return true.

    The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on SessionInterface::save() and are only then reflected in the results of the privilege test methods.

    Parameters
    NameTypeDescription
    $absPathstring | null

    The absolute path to a node the privileges shall be fetched of or null to fetch non-node privileges.

    Returns
    TypeDescription
    arrayan array of Privileges.
    Throws
    ExceptionDescription
    \PHPCR\PathNotFoundExceptionif $absPath is non-null and no node at $absPath exists or the session does not have sufficient access to retrieve a node at that location.
    \PHPCR\RepositoryExceptionif another error occurs.
    Details
    Api
     
    methodpublicgetSupportedPrivileges(string | null $absPath = null) : array

    Gets privileges of an existing node identified by its path.

    Returns the privileges supported for absolute path $absPath, or, if $absPath is null, the privileges supported by the repository that are not associated with any particular node (for example, the privilege of being able to administer the node type registry).

    If $absPath is neither the absolute path of an accessible node nor null, then this method throws a PathNotFoundException.

    Note that this method does not return the privileges held by the current session, but rather the privileges supported by the repository. supports.

    Parameters
    NameTypeDescription
    $absPathstring | null

    The absolute path to a node the privileges shall be fetched of.

    Returns
    TypeDescription
    arrayAn array of Privileges.
    Throws
    ExceptionDescription
    \PHPCR\PathNotFoundExceptionif $absPath is non-null and either no node exists at that path or the session does not have sufficient access to retrieve a node at that path.
    \PHPCR\RepositoryExceptionif another error occurs.
    Details
    Api
     
    methodpublichasPrivileges(string | null $absPath, array $privileges) : boolean

    Determines whether the session has a given set of privileges.

    Returns whether the session has the specified privileges for absolute path $absPath, which must be an existing node or, if $absPath is null, then whether the session has all the specified non-node-related privileges (such as being able administer the node type registry, for example).

    Testing an aggregate privilege is equivalent to testing each non aggregate privilege among the set returned by calling PrivilegeInterface::getAggregatePrivileges() for that privilege.

    The results reported by this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on SessionInterface::save() and are only then reflected in the results of the privilege test methods.

    Parameters
    NameTypeDescription
    $absPathstring | null

    The absolute path to a node the privileges shall be fetched of.

    $privilegesarray

    an array of Privileges.

    Returns
    TypeDescription
    booleantrue if the session has the specified privileges; false otherwise.
    Throws
    ExceptionDescription
    \PHPCR\PathNotFoundExceptionif $absPath is non-null and no node at $absPath exists or the session does not have sufficient access to retrieve a node at that location
    \PHPCR\RepositoryExceptionif another error occurs.
    Details
    Api
     
    methodpublicprivilegeFromName(string $privilegeName) : \PHPCR\Security\PrivilegeInterface

    Returns the privilege with the specified privilegeName.

    Parameters
    NameTypeDescription
    $privilegeNamestring

    The name of an existing privilege.

    Returns
    TypeDescription
    \PHPCR\Security\PrivilegeInterfacethe Privilege with the specified name.
    Throws
    ExceptionDescription
    \PHPCR\Security\AccessControlExceptionif no privilege with the specified name exists.
    \PHPCR\RepositoryExceptionif another error occurs.
    Details
    Api
     
    methodpublicremovePolicy(string | null $absPath, \PHPCR\Security\AccessControlPolicyInterface $policy) : void

    Removes the specified AccessControlPolicy from the object specified by $absPath.

    If $absPath is the absolute path of an accessible node then the specified object is that node. If $absPath is null then the specified object is the repository as a whole.

    An AccessControlPolicyInterface can only be removed if it was earlier bound to the specified object through this API. The effect of the removal only takes place upon SessionInterface::save(). Note, that an implementation default or any other effective AccessControlPolicyInterface that has not been applied through this API may never be removed using this method.

    Parameters
    NameTypeDescription
    $absPathstring | null

    The absolute path to the node from which privileges are removed or null for the repository as a whole.

    $policy\PHPCR\Security\AccessControlPolicyInterface

    the policy to be removed.

    Throws
    ExceptionDescription
    \PHPCR\PathNotFoundExceptionif $absPath is non-null and no node at $absPath exists or the session does not have sufficient access to retrieve a node at that location.
    \PHPCR\Security\AccessControlExceptionif the policy to remove does not exist at the node at absPath.
    \PHPCR\AccessDeniedExceptionif the session lacks MODIFY_ACCESS_CONTROL privilege for the absPath node.
    \PHPCR\Lock\LockExceptionif $absPath specifies a locked node and this implementation performs this validation immediately instead of waiting until save.
    \PHPCR\Version\VersionExceptionif $absPath specifies a node that is read-only due to a checked-in node and this implementation performs this validation immediately instead of waiting until save.
    \PHPCR\RepositoryExceptionif another error occurs.
    Details
    Api
     
    methodpublicsetPolicy(string | null $absPath, \PHPCR\Security\AccessControlPolicyInterface $policy) : void

    Binds the policy to the object specified by $absPath.

    If $absPath is the absolute path of an accessible node then the specified object is that node. If $absPath is null then the specified object is the repository as a whole.

    The behavior of AccessControlManagerInterface::setPolicy() differs depending on how the policy object was originally acquired.

    If the policy was acquired through AccessControlManagerInterface::getApplicablePolicies() then that policy object is added to the object specified by $absPath.

    On the other hand, if the policy was acquired through AccessControlManagerInterface::getPolicies() then that policy object (usually after being altered) replaces its former version on the node at $absPath.

    This is a session-write method and therefore the access control policy assignment is only dispatched on Session::save() and will only take effect upon persist.

    Parameters
    NameTypeDescription
    $absPathstring | null

    The absolute path to the node to which privileges are to be set or null for the repository as a whole.

    $policy\PHPCR\Security\AccessControlPolicyInterface

    The AccessControlPolicy to be applied.

    Throws
    ExceptionDescription
    \PHPCR\PathNotFoundExceptionif $absPath is non-null and no node at $absPath exists or the session does not have sufficient access to retrieve a node at that location.
    \PHPCR\Security\AccessControlExceptionif the policy is not applicable.
    \PHPCR\AccessDeniedExceptionif the session lacks MODIFY_ACCESS_CONTROL privilege for $absPath.
    \PHPCR\Lock\LockExceptionif a lock prevents the assignment and this implementation performs this validation immediately instead of waiting until save.
    \PHPCR\Version\VersionExceptionif the object specified by $absPath is a node in the read-only state (due to a checked-in) node and this implementation performs this validation immediately.
    \PHPCR\RepositoryExceptionif another error occurs.
    Details
    Api
     
    Documentation was generated by phpDocumentor 2.0.0a12.