eZPublish  4.5
eZWebDAVContentBackendAuth Class Reference

Basic authentication for WebDAV. More...

+ Inheritance diagram for eZWebDAVContentBackendAuth:
+ Collaboration diagram for eZWebDAVContentBackendAuth:

Public Member Functions

 assignLock ($user, $lockToken)
 Assign a $lockToken to a given $user. More...
 
 authenticateAnonymous (ezcWebdavAnonymousAuth $data)
 
 authenticateBasic (ezcWebdavBasicAuth $data)
 Checks authentication for the given $user. More...
 
 authorize ($user, $path, $access=self::ACCESS_READ)
 Checks authorization of the given $user to a given $path. More...
 
 ownsLock ($user, $lockToken)
 Returns if the given $lockToken is owned by the given $user. More...
 
 releaseLock ($user, $lockToken)
 Removes the assignment of $lockToken from $user. More...
 

Protected Member Functions

 splitFirstPathElement ($path, &$element)
 Takes the first path element from $path and removes it from the path, the extracted part will be placed in $name. More...
 

Detailed Description

Basic authentication for WebDAV.

Manages WebDAV basic authentication.

Member Function Documentation

eZWebDAVContentBackendAuth::assignLock (   $user,
  $lockToken 
)

Assign a $lockToken to a given $user.

The authorization backend needs to save an arbitrary number of lock tokens per user. A lock token is a of maximum length 255 containing:

  • characters
  • numbers
  • dashes (-)
Parameters
string$user
string$lockToken
Returns
void
eZWebDAVContentBackendAuth::authenticateAnonymous ( ezcWebdavAnonymousAuth  $data)
eZWebDAVContentBackendAuth::authenticateBasic ( ezcWebdavBasicAuth  $data)

Checks authentication for the given $user.

This method checks the given user/password credentials encapsulated in $data. Returns true if the user was succesfully recognized and the password is valid for him, false otherwise. In case no username and/or password was provided in the request, empty strings are provided as the parameters of this method.

Parameters
ezcWebdavBasicAuth$data
Returns
bool
eZWebDAVContentBackendAuth::authorize (   $user,
  $path,
  $access = self::ACCESS_READ 
)

Checks authorization of the given $user to a given $path.

This method checks if the given $user has the permission $access to the resource identified by $path. The $path is the result of a translation by the servers ezcWebdavPathFactory from the request URI.

The $access parameter can be one of

The implementation of this method must only check the given $path, but MUST not check descendant paths, since the back end will issue dedicated calls for such paths. In contrast, the algoritm MUST ensure, that parent permission constraints of the given $paths are met.

Examples: Permission is rejected for the paths "/a", "/b/beamme" and "/c/connect":

<?php var_dump( $auth->authorize( 'johndoe', '/a' ) ); // false var_dump( $auth->authorize( 'johndoe', '/b' ) ); // true var_dump( $auth->authorize( 'johndoe', '/b/beamme' ) ); // false var_dump( $auth->authorize( 'johndoe', '/c/connect/some/deeper/path' ) ); // false ?>

Parameters
string$user
string$path
int$access
Returns
bool
eZWebDAVContentBackendAuth::ownsLock (   $user,
  $lockToken 
)

Returns if the given $lockToken is owned by the given $user.

Returns true, if the $lockToken is owned by $user, false otherwise.

Parameters
string$user
string$lockToken
Returns
bool
eZWebDAVContentBackendAuth::releaseLock (   $user,
  $lockToken 
)

Removes the assignment of $lockToken from $user.

After a $lockToken has been released from the $user, the ownsLock() method must return false for the given combination. It might happen, that a lock is to be released, which already has been removed. This case must be ignored by the method.

Parameters
string$user
string$lockToken
eZWebDAVContentBackendAuth::splitFirstPathElement (   $path,
$element 
)
protected

Takes the first path element from $path and removes it from the path, the extracted part will be placed in $name.

$path = '/path/to/item/'; $newPath = self::splitFirstPathElement( $path, $root ); print( $root ); // prints 'path', $newPath is now 'to/item/' $newPath = self::splitFirstPathElement( $newPath, $second ); print( $second ); // prints 'to', $newPath is now 'item/' $newPath = self::splitFirstPathElement( $newPath, $third ); print( $third ); // prints 'item', $newPath is now ''

Parameters
string$pathA path of elements delimited by a slash, if the path ends with a slash it will be removed
string&$elementThe name of the first path element without any slashes
Returns
string The rest of the path without the ending slash
Todo:
remove or replace

Referenced by authorize().


The documentation for this class was generated from the following file: