isAllowed() public method

This method checks Role inheritance using a depth-first traversal of the Role list. The highest priority parent (i.e., the parent most recently added) is checked first, and its respective parents are checked similarly before the lower-priority parents of the Role are checked.
public isAllowed ( $role = self::ALL, $resource = self::ALL, $privilege = self::ALL ) : boolean
return boolean
Example #1
0
 /**
  * @param string $role
  * @param IResource|string $resource
  * @param $privilege
  * @return bool
  */
 public function isAllowed($role, $resource, $privilege)
 {
     $roles = [];
     if ($role instanceof User) {
         $roles = $role->getRoles();
     } elseif ($role instanceof \Nette\Security\User) {
         $userIdentity = $role->getIdentity();
         if ($userIdentity !== null) {
             $roles = $role->getIdentity()->getRoles();
         }
     } elseif ($role instanceof Role) {
         $roles[] = $role->getName();
     } elseif (Validators::is($role, 'unicode:1..')) {
         $roles[] = $role;
     } else {
         return false;
     }
     try {
         foreach ($roles as $role) {
             if ($this->acl->isAllowed($role, $resource, $privilege) === true) {
                 return true;
             }
         }
         return false;
     } catch (InvalidStateException $e) {
         return false;
         // role does not exists
     }
 }
Example #2
0
 /**
  * Ověření zda má uživatelská role potřebné privilegium k práci se zdrojem.
  * @param string $role
  * @param string $resource
  * @param string $privilege
  * @return boolean
  */
 public function isAllowed($role, $resource, $privilege)
 {
     if ($this->acl->isAllowed($role, $resource, $privilege)) {
         return true;
     } else {
         return false;
     }
 }
Example #3
0
 public function isAllowed($role = IAuthorizator::ALL, $resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL)
 {
     if (!$this->acl->hasRole($role)) {
         $this->onUndefinedRole($role);
     }
     if (!$this->acl->hasResource($resource)) {
         $this->onUndefinedResource($resource);
     }
     return $this->acl->isAllowed($role, $resource, $privilege);
 }
Example #4
0
 public function check($resource, $privilege)
 {
     if ($this->user->isInRole(static::ROOT_ROLE)) {
         return true;
     }
     if (!array_reduce($this->user->getRoles(), function ($prev, $role) use($resource, $privilege) {
         return $this->acl->hasRole($role) && $this->acl->hasResource($resource) && $this->acl->isAllowed($role, $resource, $privilege) || $prev;
     }, false)) {
         throw new \AclException("Unauthorized access to resource '{$resource}' privilege '{$privilege}' :(", 403);
     }
 }
 public function startup()
 {
     parent::startup();
     // redirect if not logged in
     (new \App\Tools\UserAuxFactory($this))->testLoginStatus();
     $role = $this->user->getIdentity()->getData()['role'];
     if (!$this->_permission->isAllowed($role, 'Admin:Article:Insert')) {
         $this->flashMessage('Přístup odmítnut!');
         $this->redirect('Homepage:Default');
     }
 }
Example #6
0
 public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL)
 {
     if ($resource !== self::ALL && !$this->hasResource($resource)) {
         $this->addResource($resource);
     }
     return parent::isAllowed($role, $resource, $privilege);
 }
Example #7
0
 public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL)
 {
     if (in_array($resource, $this->getResources())) {
         return parent::isAllowed($role, $resource, $privilege);
     } else {
         return false;
     }
 }
Example #8
0
 /**
  * @param null $role
  * @param null $resource
  * @param null $privilege
  * @return bool|null
  */
 public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL)
 {
     if ($role == "root") {
         return TRUE;
     }
     try {
         $this->Init($role);
         return $this->acl->isAllowed($role, $resource, $privilege);
     } catch (InvalidStateException $e) {
         return FALSE;
     }
 }
 /**
  * Funkce pro kontrolu oprávnění přístupu ke zvolenému zdroji
  * @param  string|Permission::ALL|IRole  role
  * @param  string|Permission::ALL|IResource  resource
  * @param  string|Permission::ALL  privilege
  * @throws \Nette\InvalidStateException
  * @return bool
  */
 public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL)
 {
     /*if ($resource instanceof IOwnerResource){
         if ($role instanceof OwnerRole){
           //TODO kontrola oprávnění...
           return ($role->getUserId()==$resource->getUserId());
         }else{
           return false;
         }
       }*/
     //vrácení standartních oprávnění...
     return parent::isAllowed($role, $resource, $privilege);
 }
Example #10
0
 public function isAllowed($role = \Nette\Security\Permission::ALL, $resource = \Nette\Security\Permission::ALL, $privilege = \Nette\Security\Permission::ALL)
 {
     if (is_array($resource)) {
         @(list($resource, $type) = $resource);
         // @ intentionally
     } else {
         $type = NULL;
     }
     if ($resource instanceof IResourceEntity) {
         $resource = $resource->getClassName();
         $type = $type ?: 'entities';
     }
     try {
         if ($type && !$this->hasResource($type)) {
             throw new Nette\InvalidStateException();
         }
         return parent::isAllowed($role, $resource, $privilege);
     } catch (Nette\InvalidStateException $e) {
         $this->addMissingRole($role);
         $this->addMissingResource($resource, $type);
     }
     return parent::isAllowed($role, $resource, $privilege);
 }
Example #11
0
 function isAllowed($role, $resource, $privilege)
 {
     return $this->acl->isAllowed($role, $resource, $privilege);
 }
Example #12
0
 public function isAllowed($role = Permission::ALL, $resource = Permission::ALL, $privilege = Permission::ALL)
 {
     return $this->authorizator->isAllowed($role, $resource, $privilege);
 }
Example #13
0
 /**
  * Is user allowed to acces this presenter and action.
  * 
  * @throws Nette\InvalidStateException
  * @return bool
  */
 protected function isAllowed()
 {
     $role = $this->user->isLoggedIn() ? $this->user->getIdentity()->role : $this->user->guestRole;
     $resource = $this->getResource();
     return $this->acl->isAllowed($role, $resource);
 }