public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL)
{
$this->queriedRole = $role;
if ($role !== self::ALL) {
if ($role instanceof IRole) {
$role = $role->getRoleId();
}
$this->checkRole($role);
}
$this->queriedResource = $resource;
if ($resource !== self::ALL) {
if ($resource instanceof IResource) {
$resource = $resource->getResourceId();
}
$this->checkResource($resource);
}
do {
// depth-first search on $role if it is not 'allRoles' pseudo-parent
if ($role !== NULL && NULL !== ($result = $this->searchRolePrivileges($privilege === self::ALL, $role, $resource, $privilege))) {
break;
}
if ($privilege === self::ALL) {
if ($rules = $this->getRules($resource, self::ALL)) {
// look for rule on 'allRoles' psuedo-parent
foreach ($rules['byPrivilege'] as $privilege => $rule) {
if (self::DENY === ($result = $this->getRuleType($resource, NULL, $privilege))) {
break 2;
}
}
if (NULL !== ($result = $this->getRuleType($resource, NULL, NULL))) {
break;
}
}
} else {
if (NULL !== ($result = $this->getRuleType($resource, NULL, $privilege))) {
// look for rule on 'allRoles' pseudo-parent
break;
} elseif (NULL !== ($result = $this->getRuleType($resource, NULL, NULL))) {
break;
}
}
$resource = $this->resources[$resource]['parent'];
// try next Resource
} while (TRUE);
$this->queriedRole = $this->queriedResource = NULL;
return $result;
}