storage = $storage; $this->authenticator = $authenticator; $this->authorizator = $authorizator; } /** * @return IUserStorage */ public function getStorage() { return $this->storage; } /********************* Authentication ****************d*g**/ /** * Conducts the authentication process. Parameters are optional. * @param mixed optional parameter (e.g. username or IIdentity) * @param mixed optional parameter (e.g. password) * @return void * @throws AuthenticationException if authentication was not successful */ public function login($id = NULL, $password = NULL) { $this->logout(TRUE); if (!$id instanceof IIdentity) { $id = $this->getAuthenticator()->authenticate(func_get_args()); } $this->storage->setIdentity($id); $this->storage->setAuthenticated(TRUE); $this->onLoggedIn($this); } /** * Logs out the user from the current session. * @param bool clear the identity from persistent storage? * @return void */ public function logout($clearIdentity = FALSE) { if ($this->isLoggedIn()) { $this->onLoggedOut($this); $this->storage->setAuthenticated(FALSE); } if ($clearIdentity) { $this->storage->setIdentity(NULL); } } /** * Is this user authenticated? * @return bool */ public function isLoggedIn() { return $this->storage->isAuthenticated(); } /** * Returns current user identity, if any. * @return IIdentity|NULL */ public function getIdentity() { return $this->storage->getIdentity(); } /** * Returns current user ID, if any. * @return mixed */ public function getId() { $identity = $this->getIdentity(); return $identity ? $identity->getId() : NULL; } /** * Sets authentication handler. * @return self */ public function setAuthenticator(IAuthenticator $handler) { $this->authenticator = $handler; return $this; } /** * Returns authentication handler. * @return IAuthenticator */ public function getAuthenticator($need = TRUE) { if ($need && !$this->authenticator) { throw new Nette\InvalidStateException('Authenticator has not been set.'); } return $this->authenticator; } /** * Enables log out after inactivity. * @param string|int|DateTime number of seconds or timestamp * @param bool log out when the browser is closed? * @param bool clear the identity from persistent storage? * @return self */ public function setExpiration($time, $whenBrowserIsClosed = TRUE, $clearIdentity = FALSE) { $flags = ($whenBrowserIsClosed ? IUserStorage::BROWSER_CLOSED : 0) | ($clearIdentity ? IUserStorage::CLEAR_IDENTITY : 0); $this->storage->setExpiration($time, $flags); return $this; } /** * Why was user logged out? * @return int */ public function getLogoutReason() { return $this->storage->getLogoutReason(); } /********************* Authorization ****************d*g**/ /** * Returns a list of effective roles that a user has been granted. * @return array */ public function getRoles() { if (!$this->isLoggedIn()) { return array($this->guestRole); } $identity = $this->getIdentity(); return $identity && $identity->getRoles() ? $identity->getRoles() : array($this->authenticatedRole); } /** * Is a user in the specified effective role? * @param string * @return bool */ public function isInRole($role) { return in_array($role, $this->getRoles(), TRUE); } /** * Has a user effective access to the Resource? * If $resource is NULL, then the query applies to all resources. * @param string resource * @param string privilege * @return bool */ public function isAllowed($resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL) { foreach ($this->getRoles() as $role) { if ($this->getAuthorizator()->isAllowed($role, $resource, $privilege)) { return TRUE; } } return FALSE; } /** * Sets authorization handler. * @return self */ public function setAuthorizator(IAuthorizator $handler) { $this->authorizator = $handler; return $this; } /** * Returns current authorization handler. * @return IAuthorizator */ public function getAuthorizator($need = TRUE) { if ($need && !$this->authorizator) { throw new Nette\InvalidStateException('Authorizator has not been set.'); } return $this->authorizator; } }