/**
* Return true if both user and object respects all the rules conditions
* If the objectId is null, policy rules about its attributes will be ignored
* In case of mismatch between attributes and expected values,
* an array with the concerned attributes slugs will be returned.
*
* Available options are :
* * dynamic_attributes: array
* * cache_result: boolean
* * cache_ttl: integer
* * cache_driver: string
*
* Available cache drivers are :
* * memory
*
* @param string $ruleName
* @param object $user
* @param object $resource
* @param array $options
* @return boolean|array
*/
public function enforce($ruleName, $user, $resource = null, $options = [])
{
// If there is dynamic attributes, we pass them to the comparison manager
// When a comparison will be performed, the passed values will be retrieved and used
if (isset($options['dynamic_attributes'])) {
$this->comparisonManager->setDynamicAttributes($options['dynamic_attributes']);
}
// Retrieve cache value for the current rule and values if cache item is valid
if (($cacheResult = isset($options['cache_result']) && $options['cache_result'] === true) === true) {
$cacheItem = $this->cacheManager->getItem("{$ruleName}-{$user->getId()}-" . ($resource !== null ? $resource->getId() : ''), isset($options['cache_driver']) ? $options['cache_driver'] : null, isset($options['cache_ttl']) ? $options['cache_ttl'] : null);
// We check if the cache value s valid before returning it
if (($cacheValue = $cacheItem->get()) !== null) {
return $cacheValue;
}
}
$policyRule = $this->policyRuleManager->getRule($ruleName, $user, $resource);
// For each policy rule attribute, we retrieve the attribute value and proceed configured extra data
foreach ($policyRule->getPolicyRuleAttributes() as $pra) {
$attribute = $pra->getAttribute();
$attribute->setValue($this->attributeManager->retrieveAttribute($attribute, $user, $resource));
if (count($pra->getExtraData()) > 0) {
$this->processExtraData($pra, $user, $resource);
}
$this->comparisonManager->compare($pra);
}
// The given result could be an array of rejected attributes or true
// True means that the rule is correctly enforced for the given user and resource
$result = $this->comparisonManager->getResult();
if ($cacheResult) {
$cacheItem->set($result);
$this->cacheManager->save($cacheItem);
}
return $result;
}
/**
* This method is meant to convert attribute data from array to formatted policy rule attribute
*
* @param array $attributes
* @param object $user
* @param object $resource
*/
public function processRuleAttributes($attributes, $user, $resource)
{
foreach ($attributes as $attributeName => $attribute) {
$pra = (new PolicyRuleAttribute())->setAttribute($this->attributeManager->getAttribute($attributeName))->setComparison($attribute['comparison'])->setComparisonType($attribute['comparison_type'])->setValue(isset($attribute['value']) ? $attribute['value'] : null);
$this->processRuleAttributeComparisonType($pra, $user, $resource);
// In the case the user configured more keys than the basic ones
// it will be stored as extra data
foreach ($attribute as $key => $value) {
if (!in_array($key, ['comparison', 'comparison_type', 'value'])) {
$pra->addExtraData($key, $value);
}
}
// This generator avoid useless memory consumption instead of returning a whole array
(yield $pra);
}
}
/**
* Function to prepare Getter Params when getter require parameters ( this parameters must be specified in configuration file)
*
* @param $getter_params
* @param $user
* @param $resource
*
* @return array
*/
private function prepareGetterParams($getter_params, $user, $resource)
{
if (empty($getter_params)) {
return [];
}
$values = [];
foreach ($getter_params as $getter_name => $params) {
foreach ($params as $param) {
if ('@' !== $param['param_name'][0]) {
$values[$getter_name][] = $param['param_value'];
} else {
$values[$getter_name][] = $this->attributeManager->retrieveAttribute($this->attributeManager->getAttribute($param['param_value']), $user, $resource);
}
}
}
return $values;
}
public function testRetrieveEnvironmentAttribute()
{
$this->assertEquals('OPEN', $this->manager->retrieveAttribute($this->manager->getAttribute('environment.service_state'), (new User())->setAge(18)));
}