Beispiel #1
0
 /**
  * Return true if both user and object respects all the rules conditions
  * If the objectId is null, policy rules about its attributes will be ignored
  * In case of mismatch between attributes and expected values,
  * an array with the concerned attributes slugs will be returned.
  *
  * Available options are :
  * * dynamic_attributes: array
  * * cache_result: boolean
  * * cache_ttl: integer
  * * cache_driver: string
  *
  * Available cache drivers are :
  * * memory
  *
  * @param string $ruleName
  * @param object $user
  * @param object $resource
  * @param array $options
  * @return boolean|array
  */
 public function enforce($ruleName, $user, $resource = null, $options = [])
 {
     // If there is dynamic attributes, we pass them to the comparison manager
     // When a comparison will be performed, the passed values will be retrieved and used
     if (isset($options['dynamic_attributes'])) {
         $this->comparisonManager->setDynamicAttributes($options['dynamic_attributes']);
     }
     // Retrieve cache value for the current rule and values if cache item is valid
     if (($cacheResult = isset($options['cache_result']) && $options['cache_result'] === true) === true) {
         $cacheItem = $this->cacheManager->getItem("{$ruleName}-{$user->getId()}-" . ($resource !== null ? $resource->getId() : ''), isset($options['cache_driver']) ? $options['cache_driver'] : null, isset($options['cache_ttl']) ? $options['cache_ttl'] : null);
         // We check if the cache value s valid before returning it
         if (($cacheValue = $cacheItem->get()) !== null) {
             return $cacheValue;
         }
     }
     $policyRule = $this->policyRuleManager->getRule($ruleName, $user, $resource);
     // For each policy rule attribute, we retrieve the attribute value and proceed configured extra data
     foreach ($policyRule->getPolicyRuleAttributes() as $pra) {
         $attribute = $pra->getAttribute();
         $attribute->setValue($this->attributeManager->retrieveAttribute($attribute, $user, $resource));
         if (count($pra->getExtraData()) > 0) {
             $this->processExtraData($pra, $user, $resource);
         }
         $this->comparisonManager->compare($pra);
     }
     // The given result could be an array of rejected attributes or true
     // True means that the rule is correctly enforced for the given user and resource
     $result = $this->comparisonManager->getResult();
     if ($cacheResult) {
         $cacheItem->set($result);
         $this->cacheManager->save($cacheItem);
     }
     return $result;
 }
Beispiel #2
0
 /**
  * This method is meant to convert attribute data from array to formatted policy rule attribute
  *
  * @param array $attributes
  * @param object $user
  * @param object $resource
  */
 public function processRuleAttributes($attributes, $user, $resource)
 {
     foreach ($attributes as $attributeName => $attribute) {
         $pra = (new PolicyRuleAttribute())->setAttribute($this->attributeManager->getAttribute($attributeName))->setComparison($attribute['comparison'])->setComparisonType($attribute['comparison_type'])->setValue(isset($attribute['value']) ? $attribute['value'] : null);
         $this->processRuleAttributeComparisonType($pra, $user, $resource);
         // In the case the user configured more keys than the basic ones
         // it will be stored as extra data
         foreach ($attribute as $key => $value) {
             if (!in_array($key, ['comparison', 'comparison_type', 'value'])) {
                 $pra->addExtraData($key, $value);
             }
         }
         // This generator avoid useless memory consumption instead of returning a whole array
         (yield $pra);
     }
 }
Beispiel #3
0
 /**
  * Function to prepare Getter Params when getter require parameters ( this parameters must be specified in configuration file)
  *
  * @param $getter_params
  * @param $user
  * @param $resource
  *
  * @return array
  */
 private function prepareGetterParams($getter_params, $user, $resource)
 {
     if (empty($getter_params)) {
         return [];
     }
     $values = [];
     foreach ($getter_params as $getter_name => $params) {
         foreach ($params as $param) {
             if ('@' !== $param['param_name'][0]) {
                 $values[$getter_name][] = $param['param_value'];
             } else {
                 $values[$getter_name][] = $this->attributeManager->retrieveAttribute($this->attributeManager->getAttribute($param['param_value']), $user, $resource);
             }
         }
     }
     return $values;
 }
 public function testRetrieveEnvironmentAttribute()
 {
     $this->assertEquals('OPEN', $this->manager->retrieveAttribute($this->manager->getAttribute('environment.service_state'), (new User())->setAge(18)));
 }