/**
* @param Aop\JoinPoint\BeforeMethod $before
* @throws \Nette\Security\AuthenticationException
*
* @Aop\Before("methodAnnotatedWith(Secure\Delete)")
*/
public function secureDelete(Aop\JoinPoint\BeforeMethod $before)
{
$delete = $this->reader->getMethodAnnotation($before->getTargetReflection(), 'Secure\\Delete');
if (!$this->authorizator->isAtLeastInRole($delete->allow, $this->user)) {
$this->throwExcetion($before, $delete->allow);
}
}
/**
* {@inheritdoc}
*/
public function isAllowed($role, $resource, $privilege)
{
if (NULL === ($allowed = $this->cache->load([$role, $resource, $privilege]))) {
$allowed = $this->cache->save([$role, $resource, $privilege], function () use($role, $resource, $privilege) {
return $this->authorizator->isAllowed($role, $resource, $privilege);
}, [Cache::TAGS => ['role/' . serialize($role), 'resource/' . serialize($resource), 'privilege/' . serialize($privilege)]]);
}
return $allowed;
}
public function isAllowed($role = IAuthorizator::ALL, $resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL)
{
if (!$this->acl->hasRole($role)) {
$this->onUndefinedRole($role);
}
if (!$this->acl->hasResource($resource)) {
$this->onUndefinedResource($resource);
}
return $this->acl->isAllowed($role, $resource, $privilege);
}
/**
* {@inheritdoc}
*/
public function isAllowed($role, $resource, $privilege)
{
if (!isset($this->authorizator)) {
throw new \Ark8\Security\Exceptions\SkipException('Authorizator is not set.');
}
if ($resource instanceof IResource) {
if (!$resource instanceof GenericResource) {
throw new \Ark8\Security\Exceptions\SkipException(sprintf('Resource must be instance of %s, %s given.', GenericResource::class, gettype($resource)));
}
$privilege = $resource->getPrivilege();
$resource = $resource->getResourceId();
}
return $this->authorizator->isAllowed($role, $resource, $privilege);
}
