/**
  * Attempt to authorize the discovered identity based on the ACLs present
  *
  * @param MvcAuthEvent $mvcAuthEvent
  * @return bool
  */
 public function __invoke(MvcAuthEvent $mvcAuthEvent)
 {
     if ($mvcAuthEvent->isAuthorized()) {
         return;
     }
     $mvcEvent = $mvcAuthEvent->getMvcEvent();
     $request = $mvcEvent->getRequest();
     if (!$request instanceof Request) {
         return;
     }
     $response = $mvcEvent->getResponse();
     if (!$response instanceof Response) {
         return;
     }
     $routeMatch = $mvcEvent->getRouteMatch();
     if (!$routeMatch instanceof RouteMatch) {
         return;
     }
     $identity = $mvcAuthEvent->getIdentity();
     if (!$identity instanceof IdentityInterface) {
         return;
     }
     $resource = $mvcAuthEvent->getResource();
     $identity = $mvcAuthEvent->getIdentity();
     return $this->authorization->isAuthorized($identity, $resource, $request->getMethod());
 }
 public function authorization(MvcAuthEvent $event)
 {
     /** @var \ZF\MvcAuth\Identity\AuthenticatedIdentity $identity */
     $identity = $event->getIdentity();
     if (!$identity instanceof IdentityInterface || $identity instanceof GuestIdentity) {
         return;
     }
     $method = $event->getMvcEvent()->getRequest()->getMethod();
     /** @var \ZF\MvcAuth\Authorization\AclAuthorization $authorization */
     $authorization = $event->getAuthorizationService();
     $sl = $event->getMvcEvent()->getApplication()->getServiceManager();
     /** @var \Zend\Permissions\Acl\Assertion\AssertionInterface $resourceAssertion */
     $resourceAssertion = $sl->get('Zfegg\\Admin\\MvcAuth\\Authorization\\ResourceAssertion');
     if (!$authorization->hasRole($identity)) {
         $authorization->addRole($identity);
     }
     if (!$authorization->hasResource($event->getResource())) {
         $authorization->addResource($event->getResource());
     }
     $authorization->deny($identity, $event->getResource(), $method, $resourceAssertion);
 }
 /**
  * Attempt to authorize the discovered identity based on the ACLs present
  *
  * @param MvcAuthEvent $mvcAuthEvent
  * @void
  */
 public function __invoke(MvcAuthEvent $mvcAuthEvent)
 {
     $imageService = $this->getServiceLocator()->get('AqilixAPI\\Image\\Service\\Image');
     $authService = $mvcAuthEvent->getAuthorizationService();
     $config = $this->getServiceLocator()->get('Config')['authorization'];
     $imageService->setUser($this->getServiceLocator()->get('image.authenticated.user'));
     $identity = $mvcAuthEvent->getIdentity();
     if ($identity instanceof \ZF\MvcAuth\Identity\GuestIdentity) {
         return;
     }
     // resource:method
     $requestedResource = $mvcAuthEvent->getResource() . ':' . $mvcAuthEvent->getMvcEvent()->getRequest()->getMethod();
     foreach ($config['scopes'] as $scope => $scopeConfig) {
         $resource = $scopeConfig['resource'] . ':' . $scopeConfig['method'];
         // if authorization resource equals to requested resource
         if ($resource == $requestedResource) {
             // check scope in identity
             if (!in_array($scope, explode(' ', $identity->getAuthenticationIdentity()['scope']))) {
                 return $mvcAuthEvent->getMvcEvent()->getResponse()->setStatusCode(401);
             }
         }
     }
 }
Example #4
0
 /**
  * @depends testResourceStringIsNullByDefault
  */
 public function testResourceStringIsMutable()
 {
     $this->mvcAuthEvent->setResource('foo');
     $this->assertEquals('foo', $this->mvcAuthEvent->getResource());
 }