protected function setRule($toAdd, $type, $roles, $resources, $privileges, $assertion = NULL)
{
// ensure that all specified Roles exist; normalize input to array of Roles or NULL
if ($roles === self::ALL) {
$roles = [self::ALL];
} else {
if (!is_array($roles)) {
$roles = [$roles];
}
foreach ($roles as $role) {
$this->checkRole($role);
}
}
// ensure that all specified Resources exist; normalize input to array of Resources or NULL
if ($resources === self::ALL) {
$resources = [self::ALL];
} else {
if (!is_array($resources)) {
$resources = [$resources];
}
foreach ($resources as $resource) {
$this->checkResource($resource);
}
}
// normalize privileges to array
if ($privileges === self::ALL) {
$privileges = [];
} elseif (!is_array($privileges)) {
$privileges = [$privileges];
}
if ($toAdd) {
// add to the rules
foreach ($resources as $resource) {
foreach ($roles as $role) {
$rules =& $this->getRules($resource, $role, TRUE);
if (count($privileges) === 0) {
$rules['allPrivileges']['type'] = $type;
$rules['allPrivileges']['assert'] = $assertion;
if (!isset($rules['byPrivilege'])) {
$rules['byPrivilege'] = [];
}
} else {
foreach ($privileges as $privilege) {
$rules['byPrivilege'][$privilege]['type'] = $type;
$rules['byPrivilege'][$privilege]['assert'] = $assertion;
}
}
}
}
} else {
// remove from the rules
foreach ($resources as $resource) {
foreach ($roles as $role) {
$rules =& $this->getRules($resource, $role);
if ($rules === NULL) {
continue;
}
if (count($privileges) === 0) {
if ($resource === self::ALL && $role === self::ALL) {
if ($type === $rules['allPrivileges']['type']) {
$rules = ['allPrivileges' => ['type' => self::DENY, 'assert' => NULL], 'byPrivilege' => []];
}
continue;
}
if ($type === $rules['allPrivileges']['type']) {
unset($rules['allPrivileges']);
}
} else {
foreach ($privileges as $privilege) {
if (isset($rules['byPrivilege'][$privilege]) && $type === $rules['byPrivilege'][$privilege]['type']) {
unset($rules['byPrivilege'][$privilege]);
}
}
}
}
}
}
return $this;
}