public function __construct(AclAuthorization $authorization) { $authorization->addRole('member'); $authorization->addRole('admin'); $restrictedPrivileges = [Request::METHOD_PUT, Request::METHOD_PATCH, Request::METHOD_DELETE]; $hasNoRelation = new HasNoRelation(); $authorization->deny('member', 'Theodia\\V1\\Rest\\Calendar\\Controller::entity', $restrictedPrivileges, $hasNoRelation); $authorization->deny('member', 'Theodia\\V1\\Rest\\Event\\Controller::entity', $restrictedPrivileges, $hasNoRelation); $authorization->deny('member', 'Theodia\\V1\\Rest\\Place\\Controller::entity', $restrictedPrivileges, $hasNoRelation); $authorization->deny('member', 'Theodia\\V1\\Rest\\User\\Controller::entity', $restrictedPrivileges, $hasNoRelation); $authorization->deny('member', 'Theodia\\V1\\Rest\\PlaceType\\Controller::entity', $restrictedPrivileges); $authorization->deny('member', 'Theodia\\V1\\Rest\\Rite\\Controller::entity', $restrictedPrivileges); $authorization->deny('member', 'Theodia\\V1\\Rest\\Tag\\Controller::entity', $restrictedPrivileges); $relationRestrictedPrivileges = [Request::METHOD_PUT, Request::METHOD_PATCH]; $lastRelation = new LastRelation(); $hasNoRelationOrLastRelation = new AssertionAggregate(); $hasNoRelationOrLastRelation->addAssertion($hasNoRelation); $hasNoRelationOrLastRelation->addAssertion($lastRelation); $hasNoRelationOrLastRelation->setMode(AssertionAggregate::MODE_AT_LEAST_ONE); $authorization->deny('member', 'Theodia\\V1\\Rest\\UserCalendar\\Controller::entity', $relationRestrictedPrivileges, $hasNoRelation); $authorization->deny('member', 'Theodia\\V1\\Rest\\UserPlace\\Controller::entity', $relationRestrictedPrivileges, $hasNoRelation); $authorization->deny('member', 'Theodia\\V1\\Rest\\UserCalendar\\Controller::entity', [Request::METHOD_DELETE], $hasNoRelationOrLastRelation); $authorization->deny('member', 'Theodia\\V1\\Rest\\UserPlace\\Controller::entity', [Request::METHOD_DELETE], $hasNoRelationOrLastRelation); $authorization->deny('admin', 'Theodia\\V1\\Rest\\UserCalendar\\Controller::entity', [Request::METHOD_DELETE], $lastRelation); $authorization->deny('admin', 'Theodia\\V1\\Rest\\UserPlace\\Controller::entity', [Request::METHOD_DELETE], $lastRelation); $authorization->deny('member', 'Theodia\\V1\\Rest\\UserCalendar\\Controller::collection', [Request::METHOD_POST], $hasNoRelation); $authorization->deny('member', 'Theodia\\V1\\Rest\\UserPlace\\Controller::collection', [Request::METHOD_POST], $hasNoRelation); }