/** * Retrieve value by attributeId from request context * * @param XacmlRequest $request * @param string $attributeId * @return mixed * @throws \Exception */ public function getValue(XacmlRequest $request, $attributeId) { $attributeParts = explode('.', trim($attributeId)); $array = []; foreach ($attributeParts as $key => $attributePart) { //First check Category - top level in XacmlRequest if ($key === 0) { $array = $request->get($attributePart); if (empty($array)) { //Check if attribute part is Resource $array = $request->get('Resource'); if (!empty($array) && isset($array[$attributePart])) { if ($array[$attributePart] instanceof XacmlResource) { /** @var XacmlResource $resource */ $resource = $array[$attributeParts[0]]; $array = $this->getEntity($resource); } elseif (is_object($array[$attributePart])) { $array = $array[$attributePart]; } } } if (empty($array)) { throw new \Exception("Attribute {$attributeId} not found"); } continue; } if (is_array($array) && isset($array[$attributePart])) { $array = $array[$attributePart]; } elseif (is_object($array)) { $getter = $this->getGetter($attributePart); $array = $array->{$getter}(); } else { throw new \Exception("Attribute {$attributeId} not found"); } } return $array; }
public function evaluate(XacmlRequest $request) { $action = $request->get('Action'); //Error pages not have Action name /** * Permit access to: * - Error pages with empty Action name * - Actions for debug, started with "_" */ if (empty($action) || substr($action, 0, 1) === '_') { return Decision::PERMIT; } $policies = $this->em->getRepository(PolicySet::class)->findNotLinkedPolicySets(); if (empty($policies)) { $policies = $this->em->getRepository(Policy::class)->findNotLinkedPolicies(); } if (!empty($policies)) { $result = $this->combiningAlgorithmRegistry->get($this->combiningAlgId)->evaluate($request, $policies); if (in_array($result, [Decision::PERMIT, Decision::DENY])) { return $result; } } return $this->defaultDecision; }