Packages

  • Nette
    • Application
      • Diagnostics
      • Responses
      • Routers
      • UI
    • Caching
      • Storages
    • ComponentModel
    • Config
      • Adapters
      • Extensions
    • Database
      • Diagnostics
      • Drivers
      • Reflection
      • Table
    • DI
      • Diagnostics
    • Diagnostics
    • Forms
      • Controls
      • Rendering
    • Http
    • Iterators
    • Latte
      • Macros
    • Loaders
    • Localization
    • Mail
    • Reflection
    • Security
      • Diagnostics
    • Templating
    • Utils
      • PhpGenerator
  • NetteModule
  • None
  • PHP

Classes

  • NIdentity
  • NPermission
  • NSimpleAuthenticator
  • NUser

Interfaces

  • IAuthenticator
  • IAuthorizator
  • IIdentity
  • IResource
  • IRole
  • IUserStorage

Exceptions

  • NAuthenticationException
  • Overview
  • Package
  • Class
  • Tree
  1: <?php
  2: 
  3: /**
  4:  * This file is part of the Nette Framework (http://nette.org)
  5:  *
  6:  * Copyright (c) 2004 David Grudl (http://davidgrudl.com)
  7:  *
  8:  * For the full copyright and license information, please view
  9:  * the file license.txt that was distributed with this source code.
 10:  * @package Nette\Security
 11:  */
 12: 
 13: 
 14: 
 15: /**
 16:  * User authentication and authorization.
 17:  *
 18:  * @author     David Grudl
 19:  *
 20:  * @property-read bool $loggedIn
 21:  * @property-read IIdentity $identity
 22:  * @property-read mixed $id
 23:  * @property   IAuthenticator $authenticator
 24:  * @property-read int $logoutReason
 25:  * @property-read array $roles
 26:  * @property   IAuthorizator $authorizator
 27:  * @package Nette\Security
 28:  */
 29: class NUser extends NObject
 30: {
 31:     /** @var string  default role for unauthenticated user */
 32:     public $guestRole = 'guest';
 33: 
 34:     /** @var string  default role for authenticated user without own identity */
 35:     public $authenticatedRole = 'authenticated';
 36: 
 37:     /** @var array of function(User $sender); Occurs when the user is successfully logged in */
 38:     public $onLoggedIn;
 39: 
 40:     /** @var array of function(User $sender); Occurs when the user is logged out */
 41:     public $onLoggedOut;
 42: 
 43:     /** @var IUserStorage Session storage for current user */
 44:     private $storage;
 45: 
 46:     /** @var IAuthenticator */
 47:     private $authenticator;
 48: 
 49:     /** @var IAuthorizator */
 50:     private $authorizator;
 51: 
 52:     /** @var NDIContainer */
 53:     private $context;
 54: 
 55: 
 56: 
 57:     public function __construct(IUserStorage $storage, NDIContainer $context)
 58:     {
 59:         $this->storage = $storage;
 60:         $this->context = $context; // with IAuthenticator, IAuthorizator
 61:     }
 62: 
 63: 
 64: 
 65:     /**
 66:      * @return IUserStorage
 67:      */
 68:     final public function getStorage()
 69:     {
 70:         return $this->storage;
 71:     }
 72: 
 73: 
 74: 
 75:     /********************* Authentication ****************d*g**/
 76: 
 77: 
 78: 
 79:     /**
 80:      * Conducts the authentication process. Parameters are optional.
 81:      * @param  mixed optional parameter (e.g. username or IIdentity)
 82:      * @param  mixed optional parameter (e.g. password)
 83:      * @return void
 84:      * @throws NAuthenticationException if authentication was not successful
 85:      */
 86:     public function login($id = NULL, $password = NULL)
 87:     {
 88:         $this->logout(TRUE);
 89:         if (!$id instanceof IIdentity) {
 90:             $credentials = func_get_args();
 91:             $id = $this->getAuthenticator()->authenticate($credentials);
 92:         }
 93:         $this->storage->setIdentity($id);
 94:         $this->storage->setAuthenticated(TRUE);
 95:         $this->onLoggedIn($this);
 96:     }
 97: 
 98: 
 99: 
100:     /**
101:      * Logs out the user from the current session.
102:      * @param  bool  clear the identity from persistent storage?
103:      * @return void
104:      */
105:     final public function logout($clearIdentity = FALSE)
106:     {
107:         if ($this->isLoggedIn()) {
108:             $this->onLoggedOut($this);
109:             $this->storage->setAuthenticated(FALSE);
110:         }
111:         if ($clearIdentity) {
112:             $this->storage->setIdentity(NULL);
113:         }
114:     }
115: 
116: 
117: 
118:     /**
119:      * Is this user authenticated?
120:      * @return bool
121:      */
122:     final public function isLoggedIn()
123:     {
124:         return $this->storage->isAuthenticated();
125:     }
126: 
127: 
128: 
129:     /**
130:      * Returns current user identity, if any.
131:      * @return IIdentity|NULL
132:      */
133:     final public function getIdentity()
134:     {
135:         return $this->storage->getIdentity();
136:     }
137: 
138: 
139: 
140:     /**
141:      * Returns current user ID, if any.
142:      * @return mixed
143:      */
144:     public function getId()
145:     {
146:         $identity = $this->getIdentity();
147:         return $identity ? $identity->getId() : NULL;
148:     }
149: 
150: 
151: 
152:     /**
153:      * Sets authentication handler.
154:      * @return NUser  provides a fluent interface
155:      */
156:     public function setAuthenticator(IAuthenticator $handler)
157:     {
158:         $this->authenticator = $handler;
159:         return $this;
160:     }
161: 
162: 
163: 
164:     /**
165:      * Returns authentication handler.
166:      * @return IAuthenticator
167:      */
168:     final public function getAuthenticator()
169:     {
170:         return ($tmp=$this->authenticator) ? $tmp : $this->context->getByType('IAuthenticator');
171:     }
172: 
173: 
174: 
175:     /**
176:      * Enables log out after inactivity.
177:      * @param  string|int|DateTime number of seconds or timestamp
178:      * @param  bool  log out when the browser is closed?
179:      * @param  bool  clear the identity from persistent storage?
180:      * @return NUser  provides a fluent interface
181:      */
182:     public function setExpiration($time, $whenBrowserIsClosed = TRUE, $clearIdentity = FALSE)
183:     {
184:         $flags = ($whenBrowserIsClosed ? IUserStorage::BROWSER_CLOSED : 0) | ($clearIdentity ? IUserStorage::CLEAR_IDENTITY : 0);
185:         $this->storage->setExpiration($time, $flags);
186:         return $this;
187:     }
188: 
189: 
190: 
191:     /**
192:      * Why was user logged out?
193:      * @return int
194:      */
195:     final public function getLogoutReason()
196:     {
197:         return $this->storage->getLogoutReason();
198:     }
199: 
200: 
201: 
202:     /********************* Authorization ****************d*g**/
203: 
204: 
205: 
206:     /**
207:      * Returns a list of effective roles that a user has been granted.
208:      * @return array
209:      */
210:     public function getRoles()
211:     {
212:         if (!$this->isLoggedIn()) {
213:             return array($this->guestRole);
214:         }
215: 
216:         $identity = $this->getIdentity();
217:         return $identity && $identity->getRoles() ? $identity->getRoles() : array($this->authenticatedRole);
218:     }
219: 
220: 
221: 
222:     /**
223:      * Is a user in the specified effective role?
224:      * @param  string
225:      * @return bool
226:      */
227:     final public function isInRole($role)
228:     {
229:         return in_array($role, $this->getRoles(), TRUE);
230:     }
231: 
232: 
233: 
234:     /**
235:      * Has a user effective access to the Resource?
236:      * If $resource is NULL, then the query applies to all resources.
237:      * @param  string  resource
238:      * @param  string  privilege
239:      * @return bool
240:      */
241:     public function isAllowed($resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL)
242:     {
243:         $authorizator = $this->getAuthorizator();
244:         foreach ($this->getRoles() as $role) {
245:             if ($authorizator->isAllowed($role, $resource, $privilege)) {
246:                 return TRUE;
247:             }
248:         }
249: 
250:         return FALSE;
251:     }
252: 
253: 
254: 
255:     /**
256:      * Sets authorization handler.
257:      * @return NUser  provides a fluent interface
258:      */
259:     public function setAuthorizator(IAuthorizator $handler)
260:     {
261:         $this->authorizator = $handler;
262:         return $this;
263:     }
264: 
265: 
266: 
267:     /**
268:      * Returns current authorization handler.
269:      * @return IAuthorizator
270:      */
271:     final public function getAuthorizator()
272:     {
273:         return ($tmp=$this->authorizator) ? $tmp : $this->context->getByType('IAuthorizator');
274:     }
275: 
276: 
277: 
278:     /********************* deprecated ****************d*g**/
279: 
280:     /** @deprecated */
281:     function setNamespace($namespace)
282:     {
283:         trigger_error(__METHOD__ . '() is deprecated; use getStorage()->setNamespace() instead.', E_USER_WARNING);
284:         $this->storage->setNamespace($namespace);
285:         return $this;
286:     }
287: 
288:     /** @deprecated */
289:     function getNamespace()
290:     {
291:         trigger_error(__METHOD__ . '() is deprecated; use getStorage()->getNamespace() instead.', E_USER_WARNING);
292:         return $this->storage->getNamespace();
293:     }
294: 
295:     /** @deprecated */
296:     function setAuthenticationHandler($v)
297:     {
298:         trigger_error(__METHOD__ . '() is deprecated; use setAuthenticator() instead.', E_USER_WARNING);
299:         return $this->setAuthenticator($v);
300:     }
301: 
302:     /** @deprecated */
303:     function setAuthorizationHandler($v)
304:     {
305:         trigger_error(__METHOD__ . '() is deprecated; use setAuthorizator() instead.', E_USER_WARNING);
306:         return $this->setAuthorizator($v);
307:     }
308: 
309: }
310: 
Nette Framework 2.0.6 (for PHP 5.2, prefixed) API API documentation generated by ApiGen 2.7.0