/**
* Attempt to authorize the discovered identity based on the ACLs present
*
* @param MvcAuthEvent $mvcAuthEvent
* @return bool
*/
public function __invoke(MvcAuthEvent $mvcAuthEvent)
{
if ($mvcAuthEvent->isAuthorized()) {
return;
}
$mvcEvent = $mvcAuthEvent->getMvcEvent();
$request = $mvcEvent->getRequest();
if (!$request instanceof Request) {
return;
}
$response = $mvcEvent->getResponse();
if (!$response instanceof Response) {
return;
}
$routeMatch = $mvcEvent->getRouteMatch();
if (!$routeMatch instanceof RouteMatch) {
return;
}
$identity = $mvcAuthEvent->getIdentity();
if (!$identity instanceof IdentityInterface) {
return;
}
$resource = $mvcAuthEvent->getResource();
$identity = $mvcAuthEvent->getIdentity();
return $this->authorization->isAuthorized($identity, $resource, $request->getMethod());
}
public function authorization(MvcAuthEvent $event)
{
/** @var \ZF\MvcAuth\Identity\AuthenticatedIdentity $identity */
$identity = $event->getIdentity();
if (!$identity instanceof IdentityInterface || $identity instanceof GuestIdentity) {
return;
}
$method = $event->getMvcEvent()->getRequest()->getMethod();
/** @var \ZF\MvcAuth\Authorization\AclAuthorization $authorization */
$authorization = $event->getAuthorizationService();
$sl = $event->getMvcEvent()->getApplication()->getServiceManager();
/** @var \Zend\Permissions\Acl\Assertion\AssertionInterface $resourceAssertion */
$resourceAssertion = $sl->get('Zfegg\\Admin\\MvcAuth\\Authorization\\ResourceAssertion');
if (!$authorization->hasRole($identity)) {
$authorization->addRole($identity);
}
if (!$authorization->hasResource($event->getResource())) {
$authorization->addResource($event->getResource());
}
$authorization->deny($identity, $event->getResource(), $method, $resourceAssertion);
}
/**
* Attempt to authorize the discovered identity based on the ACLs present
*
* @param MvcAuthEvent $mvcAuthEvent
* @void
*/
public function __invoke(MvcAuthEvent $mvcAuthEvent)
{
$imageService = $this->getServiceLocator()->get('AqilixAPI\\Image\\Service\\Image');
$authService = $mvcAuthEvent->getAuthorizationService();
$config = $this->getServiceLocator()->get('Config')['authorization'];
$imageService->setUser($this->getServiceLocator()->get('image.authenticated.user'));
$identity = $mvcAuthEvent->getIdentity();
if ($identity instanceof \ZF\MvcAuth\Identity\GuestIdentity) {
return;
}
// resource:method
$requestedResource = $mvcAuthEvent->getResource() . ':' . $mvcAuthEvent->getMvcEvent()->getRequest()->getMethod();
foreach ($config['scopes'] as $scope => $scopeConfig) {
$resource = $scopeConfig['resource'] . ':' . $scopeConfig['method'];
// if authorization resource equals to requested resource
if ($resource == $requestedResource) {
// check scope in identity
if (!in_array($scope, explode(' ', $identity->getAuthenticationIdentity()['scope']))) {
return $mvcAuthEvent->getMvcEvent()->getResponse()->setStatusCode(401);
}
}
}
}
/**
* @depends testResourceStringIsNullByDefault
*/
public function testResourceStringIsMutable()
{
$this->mvcAuthEvent->setResource('foo');
$this->assertEquals('foo', $this->mvcAuthEvent->getResource());
}