protected function _matchPermission(array $permission, array $user, $role, Request $request)
{
$issetController = isset($permission['controller']) || isset($permission['*controller']);
$issetAction = isset($permission['action']) || isset($permission['*action']);
$issetUser = isset($permission['user']) || isset($permission['*user']);
if (!$issetController || !$issetAction) {
$this->log(__d('CakeDC/Users', "Cannot evaluate permission when 'controller' and/or 'action' keys are absent"), LogLevel::DEBUG);
return false;
}
if ($issetUser) {
$this->log(__d('CakeDC/Users', "Permission key 'user' is illegal, cannot evaluate the permission"), LogLevel::DEBUG);
return false;
}
$permission += ['allowed' => true];
$userArr = ['user' => $user];
$reserved = ['prefix' => Hash::get($request->params, 'prefix'), 'plugin' => $request->plugin, 'extension' => Hash::get($request->params, '_ext'), 'controller' => $request->controller, 'action' => $request->action, 'role' => $role];
foreach ($permission as $key => $value) {
$inverse = $this->_startsWith($key, '*');
if ($inverse) {
$key = ltrim($key, '*');
}
if (is_callable($value)) {
$return = (bool) call_user_func($value, $user, $role, $request);
} elseif ($value instanceof Rule) {
$return = (bool) $value->allowed($user, $role, $request);
} elseif ($key === 'allowed') {
$return = (bool) $value;
} elseif (array_key_exists($key, $reserved)) {
$return = $this->_matchOrAsterisk($value, $reserved[$key], true);
} else {
if (!$this->_startsWith($key, 'user.')) {
$key = 'user.' . $key;
}
$return = $this->_matchOrAsterisk($value, Hash::get($userArr, $key));
}
if ($inverse) {
$return = !$return;
}
if ($key === 'allowed') {
return $return;
}
if (!$return) {
break;
}
}
return null;
}