public function assert(AuthorizationResult $result, $role = null)
{
if (!$role instanceof RoleInterface) {
throw new InvalidArgumentException();
}
$instanceManager = $this->getInstanceManager();
$permissionService = $this->getPermissionService();
$assertion = new InstanceAssertion($instanceManager, $permissionService, $this->traversalStrategy);
$checkPermission = $result->getPermission() . '.' . $role->getName();
$result = clone $result;
$instancesToCheck = [];
$rolesToCheck = $assertion->flattenRoles([$role]);
foreach ($rolesToCheck as $roleToCheck) {
foreach ($roleToCheck->getPermissions() as $permission) {
$instance = $permission->getParameter('instance');
if (!in_array($instance, $instancesToCheck)) {
$instancesToCheck[] = $instance;
}
}
}
try {
$this->getPermissionService()->findPermissionByName($checkPermission);
} catch (PermissionNotFoundException $e) {
$checkPermission = $result->getPermission();
}
$result->setPermission($checkPermission);
foreach ($instancesToCheck as $instance) {
if (!$assertion->assert($result, $instance)) {
return false;
}
}
return true;
}
/**
* Check if this assertion is true
*
* @param AuthorizationResult $authorization
* @param mixed $context
* @throws RuntimeException
* @throws InvalidArgumentException
* @return bool
*/
public function assert(AuthorizationResult $authorization, $context = null)
{
if ($context === null) {
$instance = null;
} elseif ($context instanceof InstanceProviderInterface) {
$instance = $context->getInstance();
if (!is_object($instance)) {
throw new RuntimeException(sprintf('%s provides an instance of null', get_class($context)));
}
} elseif ($context instanceof InstanceInterface) {
$instance = $context;
} else {
throw new InvalidArgumentException(sprintf('Expected null, InstanceProviderInterface or InstanceInterface but got %s', is_object($context) ? get_class($context) : gettype($context)));
}
$permissionToCheck = $authorization->getPermission();
$rolesToCheck = $this->flattenRoles($authorization->getRoles());
$permissions = $this->permissionService->findParametrizedPermissions($permissionToCheck, 'instance', $instance);
if ($this->isGranted($rolesToCheck, $permissions)) {
return true;
}
// Not found..well, that's unfortunate! Let's check if it's satisfiable with global permissions
if ($instance !== null) {
$permissions = $this->permissionService->findParametrizedPermissions($permissionToCheck, 'instance', null);
if ($this->isGranted($rolesToCheck, $permissions)) {
return true;
}
}
return false;
}
/**
* Check if this assertion is true
*
* @param AuthorizationResult $authorization
* @param mixed $context
* @return bool
* @throws InvalidArgumentException
*/
public function assert(AuthorizationResult $authorization, $context = null)
{
if ($context instanceof PageRepositoryInterface) {
} elseif ($context instanceof PageRevisionInterface) {
$context = $context->getRepository();
} else {
throw new InvalidArgumentException();
}
$flattened = $this->flattenRoles($authorization->getRoles());
foreach ($context->getRoles() as $role) {
if (in_array($role, $flattened)) {
return true;
}
}
return false;
}
/**
* @param string $permission
* @param array $roles
* @return AuthorizationResult
*/
protected function createResult($permission, $roles)
{
$result = new AuthorizationResult();
$result->setPermission($permission);
$result->setIdentity($this->getIdentity());
$result->setRoles($roles);
$result->setAuthorizationService($this);
return $result;
}
