Summary: Field | Method | Constr Detail: Field | Method | Constr

org.zenmagick.rp.ZMSacsMapper

Class ZMSacsMapper

ZMObject
  |
  +--ZMSacsMapper

public class ZMSacsMapper
extends ZMObject

Handle access control and security mappings.

Access control mappings define the level of authentication required for resources. Resources in this context are controller or page requests.

Controller/resources marked as secure will be enforcer by redirects using SSL (if configured), if non secure HTTP is used to access them.

Author:: DerManoMann
Version:: $Id: ZMSacsMapper.php 2173 2009-04-22 04:55:11Z dermanomann $
Todo:: complete access level via group

Field Summary
final mixed	ANONYMOUS Access level anonymous.
final mixed	GROUP Access level by group.
final mixed	GUEST Access level guest.
final mixed	REGISTERED Access level registered.

Fields inherited from org.zenmagick.ZMObject
properties_

Constructor Summary
ZMSacsMapper() Create new instance.

Constructor Summary

ZMSacsMapper()

Create new instance.

Method Summary
void	ensureAccessMethod(string page) Ensure the page is accessed using proper security.
void	ensureAuthorization(string page, mixed user) Authorize the current request.
protected mixed	getMappingValue(string page, string key, mixed default) Get mapping value.
static void	instance() Get instance.
boolean	secureRequired(string page) Check if a request to the given page [name] is required to be secure.
void	setMapping(string page, string authentication, boolean secure) Set a mapping.

Methods inherited from org.zenmagick.ZMObject
attachMethod, get, getAttachedMethods, getPropertyNames, set, singleton

Field Detail

ANONYMOUS

public final mixed ANONYMOUS = 'anonymous'

Access level anonymous. */

GROUP

public final mixed GROUP = 'group'

Access level by group. */

GUEST

public final mixed GUEST = 'guest'

Access level guest. */

REGISTERED

public final mixed REGISTERED = 'registered'

Access level registered. */

Constructor Detail

ZMSacsMapper

public ZMSacsMapper()

Create new instance. /

Method Detail

ensureAccessMethod

public void ensureAccessMethod(string page)

Ensure the page is accessed using proper security.

If a page is requested using HTTP and the page is mapped as secure, a redirect using SSL will be performed.

Parameters:: page - The page id/name whatever.

ensureAuthorization

public void ensureAuthorization(string page, mixed user)

Authorize the current request.

Parameters:: page - The page id/name whatever.; user - Generic user information; right now ZMAccount.

getMappingValue

protected mixed getMappingValue(string page, string key, mixed default)

Get mapping value.

Parameters:: page - The page [name].; key - The mapping key.; default - The mapping key.
Returns:: The value or the provided default value; default is null.

instance

public static void instance()

Get instance. /

secureRequired

public boolean secureRequired(string page)

Check if a request to the given page [name] is required to be secure.

Parameters:: page - The page [name].
Returns:: true if a secure conenction is required.

setMapping

public void setMapping(string page, string authentication, boolean secure)

Set a mapping.

For Ajax requests, the access level may be configured on method level by using the following format for $page:

[page]#[method]

Example: To limit access to the getProductForId Ajax method of the catalog controller do:
ZMSacsMapper::instance()->setMapping('ajax_catalog#getProductForId', ZMSacsMapper::REGISTERED, false);

Parameters:: page - The page [ie. the request name as in ZM_PAGE_KEY].; authentication - The level of authentication required; default is ZMSacsMapper::REGISTERED.; secure - Mark resource as secure; default is true.

Frames No frames