Merge branch 'feature/2374' into develop

Close zendframework/zendframework#2374
zendframework · Sep 18, 2012 · a90bdee · a90bdee
commit a90bdee
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 1 deletion.
diff --git a/src/Acl.php b/src/Acl.php
@@ -15,7 +15,7 @@
  * @package    Zend_Permissions
  * @subpackage Acl
  */
-class Acl
+class Acl implements AclInterface
 {
     /**
      * Rule type: allow

diff --git a/src/AclInterface.php b/src/AclInterface.php
@@ -0,0 +1,57 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link      http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://framework.zend.com/license/new-bsd New BSD License
+ * @package   Zend_Permissions
+ */
+
+namespace Zend\Permissions\Acl;
+
+/**
+ * @category   Zend
+ * @package    Zend_Permissions
+ * @subpackage Acl
+ */
+interface AclInterface
+{
+    /**
+     * Returns true if and only if the Resource exists in the ACL
+     *
+     * The $resource parameter can either be a Resource or a Resource identifier.
+     *
+     * @param  Resource\ResourceInterface|string $resource
+     * @return boolean
+     */
+    public function hasResource($resource);
+
+    /**
+     * Returns true if and only if the Role has access to the Resource
+     *
+     * The $role and $resource parameters may be references to, or the string identifiers for,
+     * an existing Resource and Role combination.
+     *
+     * If either $role or $resource is null, then the query applies to all Roles or all Resources,
+     * respectively. Both may be null to query whether the ACL has a "blacklist" rule
+     * (allow everything to all). By default, Zend_Acl creates a "whitelist" rule (deny
+     * everything to all), and this method would return false unless this default has
+     * been overridden (i.e., by executing $acl->allow()).
+     *
+     * If a $privilege is not provided, then this method returns false if and only if the
+     * Role is denied access to at least one privilege upon the Resource. In other words, this
+     * method returns true if and only if the Role is allowed all privileges on the Resource.
+     *
+     * This method checks Role inheritance using a depth-first traversal of the Role registry.
+     * The highest priority parent (i.e., the parent most recently added) is checked first,
+     * and its respective parents are checked similarly before the lower-priority parents of
+     * the Role are checked.
+     *
+     * @param  Role\RoleInterface|string            $role
+     * @param  Resource\ResourceInterface|string    $resource
+     * @param  string                               $privilege
+     * @return boolean
+     */
+    public function isAllowed($role = null, $resource = null, $privilege = null);
+}