ePages 6.17.35 - DE_EPAGES/Permission/API/Permission.pm

Package DE_EPAGES::Permission::API::Permission

This package provides helper functions for actions, roles and permissions.

@EXPORT_OK
IsActionAllowed
LogAction
ActionByName
ExistsActionByName
DirectActionByName
ExistsDirectActionByName
HaveSameSite
Everyone
EveryoneCanDoIt
Registered
RegisteredCanDoIt
Anonymous
AnonymousCanDoIt
SwitchInherit
GetRelatedTrustees
RoleByName
DirectRoleByName
PERMISSION_ALLOW
PERMISSION_DENY

Functions

ActionByName
Anonymous
AnonymousCanDoIt
DirectActionByName
DirectRoleByName
Everyone
EveryoneCanDoIt
ExistsActionByName
ExistsDirectActionByName
GetRelatedTrustees
HaveSameSite
IsActionAllowed
LogAction
Registered
RegisteredCanDoIt
RoleByName
SwitchInherit

PERMISSION_ALLOW (int)

Constant value used in access control lists
(DE_EPAGES::Permission::API::Table::Permission)
to indicates that permission is allowed. (value=1)

PERMISSION_DENY (int)

Constant value used in access control lists
(DE_EPAGES::Permission::API::Table::Permission)
to indicates that permission is denied. (value=2)

ActionByName

Returns the action object by alias. The action may be inherited from a super class. If $IsMobile is true, returns the action 'MobileSF-'.$Alias if it exists for the same class where $Alias exists.

Syntax
$Action = ActionByName( $Class, $Alias );
$Action = ActionByName( $Class, $Alias, $IsMobile );
Example
$Action = ActionByName( LoadClassByAlias('Shop'), 'Delete' );
Input
$Class (object)
class
$Alias (string)
action alias
$IsMobile (boolean)
(optional, default=0) is mobile device
Return
$Action (object)
action

Anonymous

System user which contains permissions, which every anonymous user can do or better dont can do.

Syntax
$AnonymousUser = Anonymous();
Return
$AnonymousUser (object)
user

AnonymousCanDoIt

Checks if registered users are allowed to perform an action on an object.

Syntax
$Allow = AnonymousCanDoIt( $Object, $ActionName );
Input
$Object (object)
permission object
$ActionName (string)
action name
Return
$Allow (boolean)
true if the action is allowed

DirectActionByName

Returns the action object by alias. The action must be defined directly in the class $Class and cannot be inherited from a super class.

Syntax
$Action = DirectActionByName( $Class, $Alias );
Example
$Action = DirectActionByName( LoadClassByAlias('Object'), 'Delete' );
Input
$Class (object)
class
$Alias (string)
action alias
Return
$Action (object)
action

DirectRoleByName

Returns the role object by alias. The role must be defined directly in the class $Class and cannot be inherited from a super class.

Syntax
$Role = DirectRoleByName( $Class, $Alias );
Example
$Role = DirectRoleByName( LoadClassByAlias('Shop'), 'Merchant' );
Input
$Class (object)
class
$Alias (string)
role alias
Return
$Role (object)
action

Everyone

System user which contains permissions, which everybody can do.

Syntax
$EveryoneUser = Everyone();
Return
$EveryoneUser (object)
user

EveryoneCanDoIt

Checks if all users are allowed to perform an action on an object.

Syntax
$Allow = EveryoneCanDoIt( $Object, $ActionName );
Input
$Object (object)
permission object
$ActionName (string)
action name
Return
$Allow (boolean)
true if the action is allowed

ExistsActionByName

Returns true if action exists. The action may be inherited from a super class.

Syntax
$Exists = ExistsActionByName( $Class, $Alias );
Example
$Exists = ExistsActionByName( LoadClassByAlias('Shop'), 'Delete' );
Input
$Class (object)
class
$Alias (string)
action alias
Return
$Exists (boolean)
exists action

ExistsDirectActionByName

Returns true if the action is defined directly in the class $Class and not inherited from a super class.

Syntax
$Exists = ExistsDirectActionByName( $Class, $Alias );
Example
if( ExistsDirectActionByName( LoadClassByAlias('Object'), 'Delete' ) ) {
    ...
}
Input
$Class (object)
class
$Alias (string)
action alias
Return
$Exists (boolean)
true if the action is defined in the class

GetRelatedTrustees

Returns a set of all related trustees including $UserOrGroup. The set always contains the group 'Everyone'. If $UserOrGroup is an instance of class 'User', then either the group 'Anonymous' or 'Registered' is added to the result set, too. For example, related trustees for the user 'mmustermann' are Everyone, NewCustomer, and Registered in a freshly installed shop.

Syntax
$aTrustees = GetRelatedTrustees($Trustee);
Example
my $Shop = LoadObjectByPath('/Shops/DemoShop');
my $User = $Shop->child('Users')->child('mmustermann');
$aTrustees = GetRelatedTrustees($User);
Input
$UserOrGroup (object)
(optional) trustee object
Return
$aTrustees (ref.array.object)
reference to an array of trustees

HaveSameSite

Returns whether a list of objects have the same site.

Syntax
$Role = HaveSameSite( $Site, $User );
Example
$Role = HaveSameSite( $Shop, $LoginUser );
Input
$Objects (object)
an object having a site as an attribute
Return
$HaveSameSite (boolean)
Do all objects have the same site

IsActionAllowed

Checks if the specified user is allowed to perform an action on an object.

If the parameter $User is undefined, only the permissions of the user group "Everyone" apply. Writes a debug message to log category AUDITING.(Allow|Deny).$ClassAlias.$ActionAlias

Syntax
$Allow = IsActionAllowed( $Object, $UserOrGroup, $ActionOrRole );
Example
if( IsActionAllowed( $Object, $UserOrGroup, $ActionOrRole ) ) { .. }
Input
$Object (object)
permission object
$UserOrGroup (object)
(optional) user or group object
$ActionOrRole (object)
action object
Return
$Allow (boolean)
true if the action is allowed

LogAction

Writes a debug message to log category AUDITING.$Category.$ClassAlias.$ActionAlias

Syntax
LogAction($Category, $Object, $User, $Action, @Params)
Input
$Category (string)
sub category, e.g. Allow|Deny|Execute
$Object (object)
permission object
$Trustee (object)
(optional) trustee object
$Action (object)
action object
@Params (array.string)
(optional) addtional parameters that will be added to the log
file line

Registered

System user which contains permissions, which every registered user can do.

Syntax
$RegisteredUser = Registered();
Return
$RegisteredUser (object)
user

RegisteredCanDoIt

Checks if registered users are allowed to perform an action on an object.

Syntax
$Allow = RegisteredCanDoIt( $Object, $ActionName );
Input
$Object (object)
permission object
$ActionName (string)
action name
Return
$Allow (boolean)
true if the action is allowed

RoleByName

Returns the role object by alias. The role may be inherited from a super class.

Syntax
$Role = RoleByName( $Class, $Alias );
Example
$Role = RoleByName( LoadClassByAlias('Shop'), 'Merchant' );
Input
$Class (object)
class
$Alias (string)
role alias
Return
$Role (object)
role

SwitchInherit

Switches the inherit flag of the object and copies/removes the permissions of parent object.

Syntax
SwitchInherit( $Object );
Input
$Object (object)
permission object