Ejemplo n.º 1
0
 /**
  * @param Aop\JoinPoint\BeforeMethod $before
  * @throws \Nette\Security\AuthenticationException
  *
  * @Aop\Before("methodAnnotatedWith(Secure\Delete)")
  */
 public function secureDelete(Aop\JoinPoint\BeforeMethod $before)
 {
     $delete = $this->reader->getMethodAnnotation($before->getTargetReflection(), 'Secure\\Delete');
     if (!$this->authorizator->isAtLeastInRole($delete->allow, $this->user)) {
         $this->throwExcetion($before, $delete->allow);
     }
 }
Ejemplo n.º 2
0
 /**
  * {@inheritdoc}
  */
 public function isAllowed($role, $resource, $privilege)
 {
     if (NULL === ($allowed = $this->cache->load([$role, $resource, $privilege]))) {
         $allowed = $this->cache->save([$role, $resource, $privilege], function () use($role, $resource, $privilege) {
             return $this->authorizator->isAllowed($role, $resource, $privilege);
         }, [Cache::TAGS => ['role/' . serialize($role), 'resource/' . serialize($resource), 'privilege/' . serialize($privilege)]]);
     }
     return $allowed;
 }
Ejemplo n.º 3
0
 public function isAllowed($role = IAuthorizator::ALL, $resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL)
 {
     if (!$this->acl->hasRole($role)) {
         $this->onUndefinedRole($role);
     }
     if (!$this->acl->hasResource($resource)) {
         $this->onUndefinedResource($resource);
     }
     return $this->acl->isAllowed($role, $resource, $privilege);
 }
Ejemplo n.º 4
0
 /**
  * {@inheritdoc}
  */
 public function isAllowed($role, $resource, $privilege)
 {
     if (!isset($this->authorizator)) {
         throw new \Ark8\Security\Exceptions\SkipException('Authorizator is not set.');
     }
     if ($resource instanceof IResource) {
         if (!$resource instanceof GenericResource) {
             throw new \Ark8\Security\Exceptions\SkipException(sprintf('Resource must be instance of %s, %s given.', GenericResource::class, gettype($resource)));
         }
         $privilege = $resource->getPrivilege();
         $resource = $resource->getResourceId();
     }
     return $this->authorizator->isAllowed($role, $resource, $privilege);
 }