/**
* Initializes annotations in application.
*
* @param Core $core
*/
public function init(Core $core)
{
AnnotationRegistry::registerAutoloadNamespace('\\Dgafka\\AuthorizationSecurity\\UI\\Annotation\\Type', __DIR__ . '/Type');
$expressionReader = new ExpressionReader(new ExpressionLanguage($core->config()->debugMode() ? null : new ExpressionLanguageCache(new FilesystemCache($core->config()->cachePath() . '/expressions'))));
$aopKernel = Kernel::getInstance();
$aopKernel->init(array('debug' => $core->config()->debugMode(), 'cacheDir' => $core->config()->cachePath() . '/aop', 'includePaths' => $core->config()->includePaths()));
$core->initialize(DIContainer::getInstance(), $expressionReader);
}
/**
* Check if user with given context is authorized to do some action
*
* @param SecurityCommand $securityCommand
*
* @return bool
*/
public function isAuthorized(SecurityCommand $securityCommand)
{
/** @var Security $security */
$security = DIContainer::getInstance()->get('security');
$isAuthorized = true;
try {
$security->authorize($securityCommand);
} catch (SecurityAccessDenied $e) {
$isAuthorized = false;
}
return $isAuthorized;
}
/**
* This method will check, if user is authorized
*
* @param MethodInvocation $invocation
* @Around("$this->authorizePointcut")
*/
public function authorize(MethodInvocation $invocation)
{
$rflMethod = $invocation->getMethod();
$type = null;
$userFactory = null;
$expression = null;
$resourceFactory = null;
$resourceFactoryAdditionalParameters = null;
$policies = array();
foreach ($rflMethod->getAnnotations() as $annotation) {
switch ($annotation) {
case $annotation instanceof AuthorizationSecurity:
$type = $annotation->securityTypeName();
$userFactory = $annotation->userFactoryName();
break;
case $annotation instanceof AuthorizationExpression:
$expression = $annotation->expression();
break;
case $annotation instanceof AuthorizationResourceFactory:
$resourceFactory = $annotation->resourceFactoryName();
$resourceFactoryAdditionalParameters = $annotation->additionalParameters();
break;
case $annotation instanceof AuthorizationPolicy:
$policies[] = $annotation->policyName();
break;
}
}
/** @var Security $securityAPI */
$securityAPI = DIContainer::getInstance()->get('security');
if (!is_null($resourceFactory)) {
/** @var ResourceFactory $userFactory */
$resourceFactoryForArguments = DIContainer::getInstance()->getResourceFactory($resourceFactory);
$resourceFactoryForArguments->setArguments($invocation->getArguments());
$resourceFactoryForArguments->setAdditionalParameters($resourceFactoryAdditionalParameters);
}
$securityCommand = new SecurityCommand($type, $userFactory, $expression, $resourceFactory, $policies);
$securityAPI->authorize($securityCommand);
$invocation->proceed();
}
