deny() public method

If $assertion is provided, then it must return TRUE in order for rule to apply.
public deny ( $roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL ) : self
return self
Beispiel #1
0
 /** @return Nette\Security\Permission */
 public function create()
 {
     if (!$this->cmsInstalled) {
         return new Nette\Security\Permission();
     }
     $acl = $this->cache->load('acl');
     if ($acl === NULL) {
         $acl = new Nette\Security\Permission();
         try {
             foreach ($this->roleService->findAll() as $role) {
                 $acl->addRole($role->name, $role->parent === NULL ? NULL : $role->parent->name);
             }
         } catch (Kdyby\Doctrine\DBALException $ex) {
             return new Nette\Security\Permission();
         }
         foreach ($this->resourceService->findAll() as $resource) {
             $acl->addResource($resource->name);
         }
         foreach ($this->aclService->findAll() as $aclEntry) {
             if ($aclEntry->allow) {
                 $acl->allow($aclEntry->role->name, $aclEntry->permission->resource->name, $aclEntry->permission->privilege->name);
             } else {
                 $acl->deny($aclEntry->role->name, $aclEntry->permission->resource->name, $aclEntry->permission->privilege->name);
             }
         }
         $this->cache->save('acl', $acl, [Nette\Caching\Cache::TAGS => self::CACHE_TAG]);
     }
     return $acl;
 }
 private function defineRelationships(Permission $authorizator)
 {
     $authorizator->allow('employee', 'listing', Permission::ALL, [$this, 'isOwner']);
     $authorizator->allow('employee', 'message', ['send', 'remove', 'view', 'mark_as_read'], [$this, 'isOwner']);
     $authorizator->allow('admin', null, Permission::ALL);
     $authorizator->deny('admin', 'message', 'mark_as_read', [$this, 'isNotOwner']);
 }
Beispiel #3
0
 /**
  * Denies one or more Roles access to [certain $privileges upon] the specified Resource(s).
  * If $assertion is provided, then it must return TRUE in order for rule to apply.
  *
  * @param string|array|Permission::ALL $roles
  * @param string|array|Permission::ALL $resources
  * @param string|array|Permission::ALL $privileges
  * @param callable $assertion
  * @return self
  */
 public function deny($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = null)
 {
     if ($assertion !== null) {
         $assertion = function () use($assertion) {
             return Callback::invoke($assertion, $this->identity, $this->getQueriedResource(), $this->getQueriedRole());
         };
     }
     return parent::deny($roles, $resources, $privileges, $assertion);
 }
Beispiel #4
0
	public static function createAuthorizator()
	{
		$perm = new Permission;
		$perm->addRole("guest");
		$perm->addRole("user", "guest");
		$perm->addRole("admin", "user");
		$perm->deny();
		$perm->allow("admin");
		return $perm;
	}
Beispiel #5
0
 public static function createAuthorizator()
 {
     $perm = new Permission();
     $perm->addRole("guest");
     $perm->addRole("user", "guest");
     $perm->addRole("admin", "user");
     $perm->addResource('clip');
     $perm->addResource('comment');
     $perm->deny();
     $perm->allow("admin");
     $perm->allow("user", "comment", "add");
     return $perm;
 }
Beispiel #6
0
 /**
  * If $resource is not defined, creates new one (for each if is array)
  * For more info see \Nette\Security\Permission::deny doc
  */
 public function deny($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL)
 {
     if ($resources != self::ALL) {
         if (!is_array($resources)) {
             $resources = array($resources);
         }
         foreach ($resources as $resource) {
             if ($resource != self::ALL && !$this->hasResource($resource)) {
                 $this->addResourceToDb($resource);
                 $this->addResource($resource);
             }
         }
     }
     return parent::deny($roles, $resources, $privileges, $assertion);
 }
Beispiel #7
0
 private function loadPermissions(Permission $acl)
 {
     $permissions = $this->em->createQuery('SELECT p, pr FROM ' . \Users\Authorization\Permission::class . ' p
          LEFT JOIN p.privilege pr')->execute();
     /** @var \Users\Authorization\Permission $permission */
     foreach ($permissions as $permission) {
         if ($permission->isAllowed() === true) {
             $acl->allow($permission->getRoleName(), $permission->getResourceName(), $permission->getPrivilegeName());
         } else {
             $acl->deny($permission->getRoleName(), $permission->getResourceName(), $permission->getPrivilegeName());
         }
     }
     $acl->allow(Role::GOD, IAuthorizator::ALL, IAuthorizator::ALL);
 }
Beispiel #8
0
 private function setRules(Permission $p)
 {
     try {
         $rules = $this->rulesService->getRules();
     } catch (Exceptions\DataErrorException $e) {
         $this->logError($e->getMessage());
     }
     foreach ($rules as $r) {
         if ($r->isPermit()) {
             $p->allow($r->getRole()->getName(), $r->hasResource() ? $r->getResource() : Permission::ALL, $r->hasPrivilege() ? $r->getPrivileges() : Permission::ALL);
         } else {
             $p->deny($r->getRole()->getName(), $r->hasResource() ? $r->getResource() : Permission::ALL, $r->hasPrivilege() ? $r->getPrivileges() : Permission::ALL);
         }
     }
 }