Beispiel #1
0
 /**
  * Check if the permission is granted to the current identity
  *
  * @param string|PermissionInterface $permission
  * @param mixed                      $context
  * @return bool
  */
 public function isGranted($permission, $context = null)
 {
     $roles = $this->roleService->getIdentityRoles();
     if (empty($roles)) {
         return false;
     }
     if (!$this->rbac->isGranted($roles, $permission)) {
         return false;
     }
     if ($this->hasAssertion($permission)) {
         return $this->assert($this->assertions[(string) $permission], $context);
     }
     return true;
 }
Beispiel #2
0
 /**
  * Check if the permission is granted to the current identity
  *
  * @param string|PermissionInterface $permission
  * @param mixed                      $context
  * @return bool
  */
 public function isGranted($permission, $context = null)
 {
     $roles = $this->roleService->getIdentityRoles();
     if (empty($roles)) {
         return false;
     }
     if (!$this->rbac->isGranted($roles, $permission)) {
         return false;
     }
     if (!$this->hasAssertion($permission)) {
         return true;
     }
     // multiple assertions
     if (is_array($this->assertions[(string) $permission])) {
         $map = $this->assertions[(string) $permission];
         if (empty($map['assertions'])) {
             return true;
         }
         if (!is_array($map['assertions'])) {
             // convert single assertion to array
             $map['assertions'] = [$map['assertions']];
         }
         $condition = isset($map['condition']) ? $map['condition'] : AssertionInterface::CONDITION_AND;
         if (AssertionInterface::CONDITION_AND === $condition) {
             foreach ($map['assertions'] as $assertion) {
                 if (!$this->assert($assertion, $context)) {
                     return false;
                 }
             }
             return true;
         }
         if (AssertionInterface::CONDITION_OR === $condition) {
             foreach ($map['assertions'] as $assertion) {
                 if ($this->assert($assertion, $context)) {
                     return true;
                 }
             }
             return false;
         }
         throw new Exception\InvalidArgumentException(sprintf('Condition must be either "AND" or "OR", %s given', is_object($condition) ? get_class($condition) : gettype($condition)));
     } else {
         // single assertion
         return $this->assert($this->assertions[(string) $permission], $context);
     }
 }
Beispiel #3
0
 /**
  * @covers Rbac\Rbac::isGranted
  */
 public function testReturnFalseIfNoHierarchicalRoleHasPermission()
 {
     $childRole = new Role('Bar');
     $parentRole = new HierarchicalRole('Foo');
     $parentRole->addChild($childRole);
     $rbac = new Rbac();
     $this->assertFalse($rbac->isGranted($parentRole, 'permission'));
 }
Beispiel #4
0
 public function testReturnFalseIfNoRoleHasPermission()
 {
     $roles = [new Role('Foo'), new Role('Bar')];
     $rbac = new Rbac(new RecursiveRoleIteratorStrategy());
     $this->assertFalse($rbac->isGranted($roles, 'permission'));
 }