1. class
  2. Andromeda
  3. \
  4. Apps
  5. \
  6. Files
  7. \
  8. ItemAccess

ItemAccess

class ItemAccess

Authenticator class that implements item access rules

Andromeda's access model goes as follows - 1) if you own an item (created it), you can access it and anything under it 2) users and groups can be granted access to an item (and its contents) via a Share 2b) Shares can control granular permissions like read/write/reshare, etc.

Properties

private $item
private $share

Methods

__construct(Item $item, Share|null $share)

No description

Item
GetItem()

Returns the item that is being accessed

File
GetFile()

Returns the item that is being accessed (if applicable)

Folder
GetFolder()

Returns the item that is being accessed (if applicable)

Share|null
GetShare()

Returns the share object that grants access, or null if the item is owned

static ItemAccess
Authenticate(ObjectDatabase $database, Input $input, Authenticator|null $authenticator, Item|null $item = null)

Primary authentication routine for granting access to an item

static bool
ItemOwnerAccess(Item $item, Account $account)

Returns whether the given account can access the given item without a share.

static ItemAccess|null
TryAuthenticate(ObjectDatabase $database, Input $input, Authenticator|null $authenticator, Item|null $item = null)

Same as ItemAccess::Authenticate() but returns null rather than client exceptions

Details

at line 27
private __construct(Item $item, Share|null $share)

No description

Parameters

Item $item
Share|null $share

at line 31
Item GetItem()

Returns the item that is being accessed

Return Value

Item

at line 34
File GetFile()

Returns the item that is being accessed (if applicable)

Return Value

File

at line 37
Folder GetFolder()

Returns the item that is being accessed (if applicable)

Return Value

Folder

at line 40
Share|null GetShare()

Returns the share object that grants access, or null if the item is owned

Return Value

Share|null

at line 59
static ItemAccess Authenticate(ObjectDatabase $database, Input $input, Authenticator|null $authenticator, Item|null $item = null)

Primary authentication routine for granting access to an item

First option is the item is given and the account owns either the item or one of its parents. Second option is a share ID is given. Either the account must have access via a share, or a share key must be provided. The shared object will be used if one is not given.

Parameters

ObjectDatabase $database

database reference
Input $input

user input possibly containing share info
Authenticator|null $authenticator

current account auth
Item|null $item

the item being requested access to (or null if implicit via the share)

Return Value

ItemAccess

new ItemAccess object

Exceptions

InvalidSharePasswordException

if the input share password is invalid
AuthenticationFailedException

if a specific item is requested and auth is null

See also

\Andromeda\Apps\Files\ItemAccess::OwnerInChain() possible method of access
Share::Authenticate access via account
Share::AuthenticateByLink access via link

at line 114
static protected bool ItemOwnerAccess(Item $item, Account $account)

Returns whether the given account can access the given item without a share.

The account must own either the item or one of its parents

Parameters

Item $item

item to access
Account $account

account accessing

Return Value

bool

true if access is allowed

at line 128
static ItemAccess|null TryAuthenticate(ObjectDatabase $database, Input $input, Authenticator|null $authenticator, Item|null $item = null)

Same as ItemAccess::Authenticate() but returns null rather than client exceptions

Parameters

ObjectDatabase $database
Input $input
Authenticator|null $authenticator
Item|null $item

Return Value

ItemAccess|null

See also

ItemAccess::Authenticate