Example #1
0
 public function __construct(AclAuthorization $authorization)
 {
     $authorization->addRole('member');
     $authorization->addRole('admin');
     $restrictedPrivileges = [Request::METHOD_PUT, Request::METHOD_PATCH, Request::METHOD_DELETE];
     $hasNoRelation = new HasNoRelation();
     $authorization->deny('member', 'Theodia\\V1\\Rest\\Calendar\\Controller::entity', $restrictedPrivileges, $hasNoRelation);
     $authorization->deny('member', 'Theodia\\V1\\Rest\\Event\\Controller::entity', $restrictedPrivileges, $hasNoRelation);
     $authorization->deny('member', 'Theodia\\V1\\Rest\\Place\\Controller::entity', $restrictedPrivileges, $hasNoRelation);
     $authorization->deny('member', 'Theodia\\V1\\Rest\\User\\Controller::entity', $restrictedPrivileges, $hasNoRelation);
     $authorization->deny('member', 'Theodia\\V1\\Rest\\PlaceType\\Controller::entity', $restrictedPrivileges);
     $authorization->deny('member', 'Theodia\\V1\\Rest\\Rite\\Controller::entity', $restrictedPrivileges);
     $authorization->deny('member', 'Theodia\\V1\\Rest\\Tag\\Controller::entity', $restrictedPrivileges);
     $relationRestrictedPrivileges = [Request::METHOD_PUT, Request::METHOD_PATCH];
     $lastRelation = new LastRelation();
     $hasNoRelationOrLastRelation = new AssertionAggregate();
     $hasNoRelationOrLastRelation->addAssertion($hasNoRelation);
     $hasNoRelationOrLastRelation->addAssertion($lastRelation);
     $hasNoRelationOrLastRelation->setMode(AssertionAggregate::MODE_AT_LEAST_ONE);
     $authorization->deny('member', 'Theodia\\V1\\Rest\\UserCalendar\\Controller::entity', $relationRestrictedPrivileges, $hasNoRelation);
     $authorization->deny('member', 'Theodia\\V1\\Rest\\UserPlace\\Controller::entity', $relationRestrictedPrivileges, $hasNoRelation);
     $authorization->deny('member', 'Theodia\\V1\\Rest\\UserCalendar\\Controller::entity', [Request::METHOD_DELETE], $hasNoRelationOrLastRelation);
     $authorization->deny('member', 'Theodia\\V1\\Rest\\UserPlace\\Controller::entity', [Request::METHOD_DELETE], $hasNoRelationOrLastRelation);
     $authorization->deny('admin', 'Theodia\\V1\\Rest\\UserCalendar\\Controller::entity', [Request::METHOD_DELETE], $lastRelation);
     $authorization->deny('admin', 'Theodia\\V1\\Rest\\UserPlace\\Controller::entity', [Request::METHOD_DELETE], $lastRelation);
     $authorization->deny('member', 'Theodia\\V1\\Rest\\UserCalendar\\Controller::collection', [Request::METHOD_POST], $hasNoRelation);
     $authorization->deny('member', 'Theodia\\V1\\Rest\\UserPlace\\Controller::collection', [Request::METHOD_POST], $hasNoRelation);
 }