If $assertion is provided, then it must return TRUE in order for rule to apply.
public deny ( $roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL ) : self | ||
Résultat | self |
/** @return Nette\Security\Permission */ public function create() { if (!$this->cmsInstalled) { return new Nette\Security\Permission(); } $acl = $this->cache->load('acl'); if ($acl === NULL) { $acl = new Nette\Security\Permission(); try { foreach ($this->roleService->findAll() as $role) { $acl->addRole($role->name, $role->parent === NULL ? NULL : $role->parent->name); } } catch (Kdyby\Doctrine\DBALException $ex) { return new Nette\Security\Permission(); } foreach ($this->resourceService->findAll() as $resource) { $acl->addResource($resource->name); } foreach ($this->aclService->findAll() as $aclEntry) { if ($aclEntry->allow) { $acl->allow($aclEntry->role->name, $aclEntry->permission->resource->name, $aclEntry->permission->privilege->name); } else { $acl->deny($aclEntry->role->name, $aclEntry->permission->resource->name, $aclEntry->permission->privilege->name); } } $this->cache->save('acl', $acl, [Nette\Caching\Cache::TAGS => self::CACHE_TAG]); } return $acl; }
private function defineRelationships(Permission $authorizator) { $authorizator->allow('employee', 'listing', Permission::ALL, [$this, 'isOwner']); $authorizator->allow('employee', 'message', ['send', 'remove', 'view', 'mark_as_read'], [$this, 'isOwner']); $authorizator->allow('admin', null, Permission::ALL); $authorizator->deny('admin', 'message', 'mark_as_read', [$this, 'isNotOwner']); }
/** * Denies one or more Roles access to [certain $privileges upon] the specified Resource(s). * If $assertion is provided, then it must return TRUE in order for rule to apply. * * @param string|array|Permission::ALL $roles * @param string|array|Permission::ALL $resources * @param string|array|Permission::ALL $privileges * @param callable $assertion * @return self */ public function deny($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = null) { if ($assertion !== null) { $assertion = function () use($assertion) { return Callback::invoke($assertion, $this->identity, $this->getQueriedResource(), $this->getQueriedRole()); }; } return parent::deny($roles, $resources, $privileges, $assertion); }
public static function createAuthorizator() { $perm = new Permission; $perm->addRole("guest"); $perm->addRole("user", "guest"); $perm->addRole("admin", "user"); $perm->deny(); $perm->allow("admin"); return $perm; }
public static function createAuthorizator() { $perm = new Permission(); $perm->addRole("guest"); $perm->addRole("user", "guest"); $perm->addRole("admin", "user"); $perm->addResource('clip'); $perm->addResource('comment'); $perm->deny(); $perm->allow("admin"); $perm->allow("user", "comment", "add"); return $perm; }
/** * If $resource is not defined, creates new one (for each if is array) * For more info see \Nette\Security\Permission::deny doc */ public function deny($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL) { if ($resources != self::ALL) { if (!is_array($resources)) { $resources = array($resources); } foreach ($resources as $resource) { if ($resource != self::ALL && !$this->hasResource($resource)) { $this->addResourceToDb($resource); $this->addResource($resource); } } } return parent::deny($roles, $resources, $privileges, $assertion); }
private function loadPermissions(Permission $acl) { $permissions = $this->em->createQuery('SELECT p, pr FROM ' . \Users\Authorization\Permission::class . ' p LEFT JOIN p.privilege pr')->execute(); /** @var \Users\Authorization\Permission $permission */ foreach ($permissions as $permission) { if ($permission->isAllowed() === true) { $acl->allow($permission->getRoleName(), $permission->getResourceName(), $permission->getPrivilegeName()); } else { $acl->deny($permission->getRoleName(), $permission->getResourceName(), $permission->getPrivilegeName()); } } $acl->allow(Role::GOD, IAuthorizator::ALL, IAuthorizator::ALL); }
private function setRules(Permission $p) { try { $rules = $this->rulesService->getRules(); } catch (Exceptions\DataErrorException $e) { $this->logError($e->getMessage()); } foreach ($rules as $r) { if ($r->isPermit()) { $p->allow($r->getRole()->getName(), $r->hasResource() ? $r->getResource() : Permission::ALL, $r->hasPrivilege() ? $r->getPrivileges() : Permission::ALL); } else { $p->deny($r->getRole()->getName(), $r->hasResource() ? $r->getResource() : Permission::ALL, $r->hasPrivilege() ? $r->getPrivileges() : Permission::ALL); } } }