This method checks Role inheritance using a depth-first traversal of the Role list.
The highest priority parent (i.e., the parent most recently added) is checked first,
and its respective parents are checked similarly before the lower-priority parents of
the Role are checked.
/**
* @param string $role
* @param IResource|string $resource
* @param $privilege
* @return bool
*/
public function isAllowed($role, $resource, $privilege)
{
$roles = [];
if ($role instanceof User) {
$roles = $role->getRoles();
} elseif ($role instanceof \Nette\Security\User) {
$userIdentity = $role->getIdentity();
if ($userIdentity !== null) {
$roles = $role->getIdentity()->getRoles();
}
} elseif ($role instanceof Role) {
$roles[] = $role->getName();
} elseif (Validators::is($role, 'unicode:1..')) {
$roles[] = $role;
} else {
return false;
}
try {
foreach ($roles as $role) {
if ($this->acl->isAllowed($role, $resource, $privilege) === true) {
return true;
}
}
return false;
} catch (InvalidStateException $e) {
return false;
// role does not exists
}
}
/**
* Ověření zda má uživatelská role potřebné privilegium k práci se zdrojem.
* @param string $role
* @param string $resource
* @param string $privilege
* @return boolean
*/
public function isAllowed($role, $resource, $privilege)
{
if ($this->acl->isAllowed($role, $resource, $privilege)) {
return true;
} else {
return false;
}
}
public function isAllowed($role = IAuthorizator::ALL, $resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL)
{
if (!$this->acl->hasRole($role)) {
$this->onUndefinedRole($role);
}
if (!$this->acl->hasResource($resource)) {
$this->onUndefinedResource($resource);
}
return $this->acl->isAllowed($role, $resource, $privilege);
}
public function check($resource, $privilege)
{
if ($this->user->isInRole(static::ROOT_ROLE)) {
return true;
}
if (!array_reduce($this->user->getRoles(), function ($prev, $role) use($resource, $privilege) {
return $this->acl->hasRole($role) && $this->acl->hasResource($resource) && $this->acl->isAllowed($role, $resource, $privilege) || $prev;
}, false)) {
throw new \AclException("Unauthorized access to resource '{$resource}' privilege '{$privilege}' :(", 403);
}
}
public function startup()
{
parent::startup();
// redirect if not logged in
(new \App\Tools\UserAuxFactory($this))->testLoginStatus();
$role = $this->user->getIdentity()->getData()['role'];
if (!$this->_permission->isAllowed($role, 'Admin:Article:Insert')) {
$this->flashMessage('Přístup odmítnut!');
$this->redirect('Homepage:Default');
}
}
public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL)
{
if ($resource !== self::ALL && !$this->hasResource($resource)) {
$this->addResource($resource);
}
return parent::isAllowed($role, $resource, $privilege);
}
public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL)
{
if (in_array($resource, $this->getResources())) {
return parent::isAllowed($role, $resource, $privilege);
} else {
return false;
}
}
/**
* @param null $role
* @param null $resource
* @param null $privilege
* @return bool|null
*/
public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL)
{
if ($role == "root") {
return TRUE;
}
try {
$this->Init($role);
return $this->acl->isAllowed($role, $resource, $privilege);
} catch (InvalidStateException $e) {
return FALSE;
}
}
/**
* Funkce pro kontrolu oprávnění přístupu ke zvolenému zdroji
* @param string|Permission::ALL|IRole role
* @param string|Permission::ALL|IResource resource
* @param string|Permission::ALL privilege
* @throws \Nette\InvalidStateException
* @return bool
*/
public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL)
{
/*if ($resource instanceof IOwnerResource){
if ($role instanceof OwnerRole){
//TODO kontrola oprávnění...
return ($role->getUserId()==$resource->getUserId());
}else{
return false;
}
}*/
//vrácení standartních oprávnění...
return parent::isAllowed($role, $resource, $privilege);
}
public function isAllowed($role = \Nette\Security\Permission::ALL, $resource = \Nette\Security\Permission::ALL, $privilege = \Nette\Security\Permission::ALL)
{
if (is_array($resource)) {
@(list($resource, $type) = $resource);
// @ intentionally
} else {
$type = NULL;
}
if ($resource instanceof IResourceEntity) {
$resource = $resource->getClassName();
$type = $type ?: 'entities';
}
try {
if ($type && !$this->hasResource($type)) {
throw new Nette\InvalidStateException();
}
return parent::isAllowed($role, $resource, $privilege);
} catch (Nette\InvalidStateException $e) {
$this->addMissingRole($role);
$this->addMissingResource($resource, $type);
}
return parent::isAllowed($role, $resource, $privilege);
}
function isAllowed($role, $resource, $privilege)
{
return $this->acl->isAllowed($role, $resource, $privilege);
}
public function isAllowed($role = Permission::ALL, $resource = Permission::ALL, $privilege = Permission::ALL)
{
return $this->authorizator->isAllowed($role, $resource, $privilege);
}
/**
* Is user allowed to acces this presenter and action.
*
* @throws Nette\InvalidStateException
* @return bool
*/
protected function isAllowed()
{
$role = $this->user->isLoggedIn() ? $this->user->getIdentity()->role : $this->user->guestRole;
$resource = $this->getResource();
return $this->acl->isAllowed($role, $resource);
}
