Get the identity roles from the current identity, applying some more logic
| public getIdentityRoles ( ) : Rbac\Role\RoleInterface[] | ||
| return | Rbac\Role\RoleInterface[] | |
public function testThrowExceptionIfIdentityIsWrongType()
{
$this->setExpectedException('ZfcRbac\\Exception\\RuntimeException', 'ZfcRbac expects your identity to implement ZfcRbac\\Identity\\IdentityInterface, "stdClass" given');
$identityProvider = $this->getMock('ZfcRbac\\Identity\\IdentityProviderInterface');
$identityProvider->expects($this->any())->method('getIdentity')->will($this->returnValue(new \stdClass()));
$roleService = new RoleService($identityProvider, $this->getMock('ZfcRbac\\Role\\RoleProviderInterface'), $this->getMock('Rbac\\Traversal\\Strategy\\TraversalStrategyInterface'));
$roleService->getIdentityRoles();
}
/**
* Check if the permission is granted to the current identity
*
* @param string|PermissionInterface $permission
* @param mixed $context
* @return bool
*/
public function isGranted($permission, $context = null)
{
$roles = $this->roleService->getIdentityRoles();
if (empty($roles)) {
return false;
}
if (!$this->rbac->isGranted($roles, $permission)) {
return false;
}
if ($this->hasAssertion($permission)) {
return $this->assert($this->assertions[(string) $permission], $context);
}
return true;
}
/**
* Check if the permission is granted to the current identity
*
* @param string|PermissionInterface $permission
* @param mixed $context
* @return bool
*/
public function isGranted($permission, $context = null)
{
$roles = $this->roleService->getIdentityRoles();
if (empty($roles)) {
return false;
}
if (!$this->rbac->isGranted($roles, $permission)) {
return false;
}
if (!$this->hasAssertion($permission)) {
return true;
}
// multiple assertions
if (is_array($this->assertions[(string) $permission])) {
$map = $this->assertions[(string) $permission];
if (empty($map['assertions'])) {
return true;
}
if (!is_array($map['assertions'])) {
// convert single assertion to array
$map['assertions'] = [$map['assertions']];
}
$condition = isset($map['condition']) ? $map['condition'] : AssertionInterface::CONDITION_AND;
if (AssertionInterface::CONDITION_AND === $condition) {
foreach ($map['assertions'] as $assertion) {
if (!$this->assert($assertion, $context)) {
return false;
}
}
return true;
}
if (AssertionInterface::CONDITION_OR === $condition) {
foreach ($map['assertions'] as $assertion) {
if ($this->assert($assertion, $context)) {
return true;
}
}
return false;
}
throw new Exception\InvalidArgumentException(sprintf('Condition must be either "AND" or "OR", %s given', is_object($condition) ? get_class($condition) : gettype($condition)));
} else {
// single assertion
return $this->assert($this->assertions[(string) $permission], $context);
}
}
/**
* Collect roles and permissions
*
* @param RoleService $roleService
* @return void
*/
private function collectIdentityRolesAndPermissions(RoleService $roleService)
{
$identityRoles = $roleService->getIdentityRoles();
foreach ($identityRoles as $role) {
$roleName = $role->getName();
if (!$role instanceof HierarchicalRoleInterface) {
$this->collectedRoles[] = $roleName;
} else {
$iteratorIterator = new RecursiveIteratorIterator(new RecursiveRoleIterator($role->getChildren()), RecursiveIteratorIterator::SELF_FIRST);
foreach ($iteratorIterator as $childRole) {
$this->collectedRoles[$roleName][] = $childRole->getName();
$this->collectPermissions($childRole);
}
}
$this->collectPermissions($role);
}
}
