I am currently looking into re-working a permissions system in PHP that was built a while ago. The current version has exact permissions so for Admin you would have the following permissions:
acl.manage.self
acl.manage.others
That would say the user has access to manage his own permissions, as-well as others.
However while working on some new applications, I attempted to tap into the current permissions system by giving myself access to my entire application via:
lst.*
That way I don't have to give myself a bunch .view .manage etc.
It seems as though the existing system does not understand the * wildcard. So I am sitting here trying to re-write the "has_permission"
So my current working test environment I have created a user with the following permissions:
array(3) { [0]=> string(1) "*" [1]=> string(15) "fake.permission" [2]=> string(27) "none.of.these.should.matter" }
Technically the only permission that matters is [0] which says I should have permission to do anything and everything I want.
I am at a loss as to how to implement this flow into my method:
function has_perm($perm){
//if I am checking if I have the perm 'acl.manage.all'
//This function should return true if I have any of the following:
// *, acl.*, acl.manage.*, acl.manage.all
//exact check
foreach($this->perms as $p){
if($p===$perm){ return true; }
}
}
any nudge in the right direction would be awesome.
Your current code returns true if the needed permission $perm exactly matches any of your permissions $p.
You just need to change it to return true if the needed permission $perm matches any of the fnmatch() patterns $p.
Try this:
foreach($this->perms as $p) {
if (fnmatch($p, $perm)) { return true; }
}
You don't need to keep the exact match check, because fnmatch() will still detect exact matches if your permissions don't contain wildcards.