/** * {@inheritdoc} */ public function callAction($controller, $action = '', array $parameters = []) { if (!isset($this->config->controllers()[$controller])) { throw new ControllerException("Undefined vault controller '{$controller}'", ControllerException::NOT_FOUND); } $permission = "{$this->config->securityNamespace()}.{$controller}"; if (!$this->guard()->allows($permission, compact('action'))) { throw new ControllerException("Unreachable vault controller '{$controller}'", ControllerException::FORBIDDEN); } return $this->executeController($controller, $action, $parameters); }
/** * @param PermissionsInterface $permissions * @param VaultConfig $config */ public function boot(PermissionsInterface $permissions, VaultConfig $config) { if (!$permissions->hasRole(static::ROLE)) { $permissions->addRole(static::ROLE); } $namespace = $config->securityNamespace(); //Following rule will raise log message to notify that insecure setting were used $permissions->associate(static::ROLE, "{$namespace}.*", InsecureRule::class); $permissions->associate(static::ROLE, "{$namespace}.*.*", InsecureRule::class); $permissions->associate(static::ROLE, "{$namespace}.*.*.*", InsecureRule::class); $permissions->associate(static::ROLE, "{$namespace}.*.*.*.*", InsecureRule::class); }