/**
* Check if logged user has permission to acces required resource
*
* @param \THCFrame\Security\Model\BasicUser $user
* @param string $requiredRole
*/
public function isGranted($user, $requiredRole)
{
if ($user === null) {
$actualRole = 'role_guest';
} elseif ($user instanceof BasicUser) {
$actualRole = strtolower($user->getRole());
} else {
$actualRole = 'role_guest';
}
$requiredRole = strtolower(trim($requiredRole));
if (substr($requiredRole, 0, 5) != 'role_') {
throw new Exception\Role(sprintf('Role %s is not valid', $requiredRole));
} elseif (!$this->_roleManager->roleExist($requiredRole)) {
throw new Exception\Role(sprintf('Role %s is not deffined', $requiredRole));
} else {
$actualRoles = $this->_roleManager->getRole($actualRole);
if (NULL !== $actualRoles) {
if (in_array($requiredRole, $actualRoles)) {
return true;
} else {
return false;
}
} else {
throw new Exception\Role(sprintf('User role %s is not valid role', $actualRole));
}
}
}
/**
* Method erases all authentication tokens for logged user and regenerates
* session
*/
public function logout()
{
$session = Registry::get('session');
$session->erase('authUser')->erase('lastActive')->erase('csrf');
BasicUser::deleteAuthenticationToken();
$this->_user = NULL;
@session_regenerate_id();
}
