Example of usage
use Bluz\Proxy\Acl;
if (!Acl::isAllowed('users', 'profile')) {
throw new Exception('You do not have permission to access user profiles');
}
/**
* Is allowed controller/widget/etc
* @param string $module
* @param string $controller
* @throws ApplicationException
* @return bool
*/
public function isAllowed($module, $controller)
{
$file = $this->getControllerFile($module, $controller);
$reflection = $this->reflection($file);
if ($privilege = $reflection->getPrivilege()) {
return Acl::isAllowed($module, $privilege);
}
return true;
}
<?php
/**
* Bluz Framework Component
*
* @copyright Bluz PHP Team
* @link https://github.com/bluzphp/framework
*/
/**
* @namespace
*/
namespace Bluz\Controller\Helper;
use Bluz\Controller\Controller;
use Bluz\Proxy\Acl;
/**
* Check privilege
*
* @param $privilege
* @return bool
*/
return function ($privilege) {
/**
* @var Controller $this
*/
return Acl::isAllowed($this->module, $privilege);
};
/**
* Run REST controller
* @return mixed
* @throws ForbiddenException
* @throws NotImplementedException
*/
public function run()
{
// check implementation
if (!isset($this->map[$this->method])) {
throw new NotImplementedException();
}
$map = $this->map[$this->method];
// check permissions
if (isset($map['acl'])) {
if (!Acl::isAllowed($this->module, $map['acl'])) {
throw new ForbiddenException();
}
}
// dispatch controller
return Application::getInstance()->dispatch($map['module'], $map['controller'], ['crud' => $this->getCrud(), 'primary' => $this->getPrimaryKey(), 'data' => $this->data]);
}
/**
* Check `Privilege`
*
* @throws ForbiddenException
*/
public function checkPrivilege()
{
if ($privilege = $this->getReflection()->getPrivilege()) {
if (!Acl::isAllowed($this->module, $privilege)) {
throw new ForbiddenException();
}
}
}
/**
* Test deny access
*/
public function testDeny()
{
Proxy\Auth::setIdentity(new UserGuest());
$this->assertFalse(Proxy\Acl::isAllowed('any', 'any'));
}
