getRoles() public method

Returns a list of effective roles that a user has been granted.
public getRoles ( ) : array
return array
 private function extractRoles()
 {
     $userRoles = $this->user->getRoles();
     if ($this->roleHierarchy) {
         return $this->roleHierarchy->getReachableRoles($userRoles);
     }
     return $userRoles;
 }
Beispiel #2
0
 public function check($resource, $privilege)
 {
     if ($this->user->isInRole(static::ROOT_ROLE)) {
         return true;
     }
     if (!array_reduce($this->user->getRoles(), function ($prev, $role) use($resource, $privilege) {
         return $this->acl->hasRole($role) && $this->acl->hasResource($resource) && $this->acl->isAllowed($role, $resource, $privilege) || $prev;
     }, false)) {
         throw new \AclException("Unauthorized access to resource '{$resource}' privilege '{$privilege}' :(", 403);
     }
 }
Beispiel #3
0
 /**
  * @Around("methodAnnotatedWith(Klimesf\Secured\Secured)")
  */
 public function process(AroundMethod $m)
 {
     $secured = $this->getAnnotation($m);
     foreach ($secured->roles as $role) {
         if (!$this->user->isLoggedIn()) {
             break;
         }
         if (in_array($role, $this->user->getRoles())) {
             return $m->proceed();
         }
     }
     $parentClass = $m->getTargetObjectReflection()->parentClass->name;
     $methodName = $m->getTargetReflection()->name;
     throw new AuthenticationException("User is not allowed to call " . $parentClass . '::' . $methodName . "().");
 }
Beispiel #4
0
 /**
  * @param \Nette\Reflection\Method $element
  */
 protected function checkMethod(Method $element)
 {
     $class = $element->class;
     $name = $element->name;
     $schema = $this->reader->getSchema($class);
     $exception = null;
     // users
     if (isset($schema[$name]['users']) && count($schema[$name]['users']) > 0) {
         $users = $schema[$name]['users'];
         if (!in_array($this->user->getId(), $users)) {
             $exception = sprintf('Access denied for your username: \'%s\'. Require: \'%s\'', $this->user->getId(), implode(', ', $users));
         } else {
             return;
         }
     } elseif (isset($schema[$name]['roles']) && count($schema[$name]['roles']) > 0) {
         $userRoles = $this->user->getRoles();
         $roles = $schema[$name]['roles'];
         if (count(array_intersect($userRoles, $roles)) == 0) {
             $exception = "Access denied for your roles: '" . implode(', ', $userRoles) . "'. Require one of: '" . implode(', ', $roles) . "'";
         } else {
             return;
         }
     } elseif (isset($schema[$name]['resource']) && $schema[$name]['resource']) {
         if (!$this->user->isAllowed($schema[$name]['resource'], $schema[$name]['privilege'])) {
             $exception = sprintf('Access denied for resource: \'%s\' and privilege: \'%s\'', $schema[$name]['resource'], $schema[$name]['privilege']);
         } else {
             return;
         }
     }
     if ($exception) {
         throw new ForbiddenRequestException($exception);
     }
 }
Beispiel #5
0
 public static function loadFromSession(\Nette\Security\User $user)
 {
     $instance = new User();
     $instance->setId($user->getIdentity()->id);
     $instance->setRole($user->getRoles()[0]);
     $instance->setEmail($user->getIdentity()->email);
     $instance->setFirstName($user->getIdentity()->firstName);
     $instance->setLastName($user->getIdentity()->lastName);
     return $instance;
 }
Beispiel #6
0
 /**
  * @return bool
  */
 public function isAtLeastInRole($role, Nette\Security\User $user)
 {
     $result = TRUE;
     foreach ($user->getRoles() as $userRole) {
         if ($userRole === $role) {
             return TRUE;
         }
         $result &= $this->acl->roleInheritsFrom($userRole, $role);
     }
     return (bool) $result;
 }
Beispiel #7
0
 /** Vytvoření komponenty
  *
  * @return \Nette\Application\UI\Form
  */
 protected function createComponentForm()
 {
     $form = new Form();
     $form->addText("login", "Přihlašovací jméno:")->setAttribute("autocomplete", "off")->setRequired("Prosím zadejte přihlašovací jméno.");
     $form->addPassword("password1", "Heslo:")->setAttribute("class", "form-control")->setAttribute("autocomplete", "off");
     $form->addPassword("password2", "Heslo pro kontrolu:")->setAttribute("class", "form-control")->setAttribute("autocomplete", "off");
     $roles = $this->roleRepository->read()->where("name != ?", "root");
     if (!$this->user->isInRole("root")) {
         $roles->where("name NOT(?)", $this->user->getRoles());
     }
     $roles = $roles->fetchPairs("aclRoleID", "name");
     $form->addSelect("role", "Oprávnění:", $roles)->setAttribute("class", "form-control");
     $form->addCheckbox("active", "Aktivní");
     $form->addButton("cancel", "Storno")->setHtmlId("cancel");
     $form->addSubmit("sender", "Uložit změny")->setHtmlId("sender");
     $form->addHidden("userID");
     $form['password2']->addRule(Form::EQUAL, 'Hesla se neshodují', $form['password1']);
     if ($this->rsuserID) {
         $userEntity = $this->userRepository->get($this->rsuserID);
         if ($userEntity) {
             $form['login']->setValue($userEntity->login);
             $form['login']->setAttribute("readonly");
             $form['userID']->setValue($this->rsuserID);
             $form['active']->setValue($userEntity->getActive());
             if ($userEntity->getUserID() == $this->user->getId()) {
                 $form['role']->setDisabled();
             }
             if ($userEntity->getLogin() != "root" && $userEntity->getUserID() !== $this->user->getId()) {
                 $form['role']->setValue($userEntity->aclRoleID);
             }
         }
     } else {
         $form['password1']->setRequired("Prosím zadejte heslo.");
     }
     $form->onSuccess[] = callback($this, "Submit");
     $form->onError[] = callback($this, "FormError");
     return $form;
 }
Beispiel #8
0
 /**
  * @param User $user
  * @param $permission
  * @return bool
  */
 private function baseIsAllowed(&$secured, &$source, &$cache, User $user, $permission)
 {
     if (!$secured) {
         return TRUE;
     }
     if (!isset($cache[$user->id][$permission])) {
         if (!isset($cache[$user->id])) {
             $cache[$user->id] = array();
         }
         if ($user->isInRole('admin')) {
             $cache[$user->id][$permission] = TRUE;
             return TRUE;
         }
         if (isset($source[$permission])) {
             $permissionEntity = $source[$permission];
             if (!$user->isLoggedIn()) {
                 $cache[$user->id][$permission] = FALSE;
                 return FALSE;
             }
             if ($permissionEntity->getAll()) {
                 $cache[$user->id][$permission] = TRUE;
                 return TRUE;
             }
             foreach ($user->getRoles() as $role) {
                 if (isset($permissionEntity->roles[$role])) {
                     $cache[$user->id][$permission] = TRUE;
                     return TRUE;
                 }
             }
         }
         $cache[$user->id][$permission] = FALSE;
     }
     return $cache[$user->id][$permission];
 }
Beispiel #9
0
 public function getRoles() : array
 {
     return $this->user->getRoles();
 }