public function roles($aro)
{
$aros = [];
$aro = $this->resolve($aro);
$stack = [[$aro, 0]];
while (!empty($stack)) {
list($element, $depth) = array_pop($stack);
$aros[$depth][] = $element;
foreach ($this->_tree as $node => $children) {
if (in_array($element, $children)) {
array_push($stack, [$node, $depth + 1]);
}
}
}
return array_reverse($aros);
} /**
* Main ACL check function. Checks to see if the ARO (access request object) has access to the
* ACO (access control object).
*
* @param string $aro ARO
* @param string $aco ACO
* @param string $action Action
* @return bool true if access is granted, false otherwise
*/
public function check($aro, $aco, $action = "*")
{
$allow = $this->options['policy'];
$prioritizedAros = $this->Aro->roles($aro);
if ($action && $action !== "*") {
$aco .= '/' . $action;
}
$path = $this->Aco->path($aco);
if (empty($path)) {
return $allow;
}
foreach ($path as $node) {
foreach ($prioritizedAros as $aros) {
if (!empty($node['allow'])) {
$allow = $allow || count(array_intersect($node['allow'], $aros));
}
if (!empty($node['deny'])) {
$allow = $allow && !count(array_intersect($node['deny'], $aros));
}
}
}
return $allow;
}