public function onKernelRequest(GetResponseEvent $event)
{
$pdpDecision = $this->pdp->evaluate($this->xacmlRequest);
if ($pdpDecision == Decision::DENY) {
$response = new Response('Access denied', 403);
$event->setResponse($response);
}
}
/**
* Checks if action are granted against XacmlRequest and optionally supplied entity.
*
* @param mixed $action
* @param object|string $entity
* @param mixed $id
* @return bool
*/
public function isGranted($action, $entity = null, $id = null)
{
$xacml = clone $this->xacmlRequest;
$xacml->set('Resource', null);
if (!is_string($entity) && !is_null($id)) {
$resource = $this->getResource($entity, $id);
$xacml->set('Resource', $resource);
} elseif (is_object($entity)) {
$xacml->set('Resource', [$this->getBaseClassName(get_class($entity)) => $entity]);
}
$xacml->set('Action', $action);
$result = $this->pdp->evaluate($xacml);
return $result === Decision::PERMIT;
}
