/**
* Attempt to authorize the discovered identity based on the ACLs present
*
* @param MvcAuthEvent $mvcAuthEvent
* @return bool
*/
public function __invoke(MvcAuthEvent $mvcAuthEvent)
{
if ($mvcAuthEvent->isAuthorized()) {
return;
}
$mvcEvent = $mvcAuthEvent->getMvcEvent();
$request = $mvcEvent->getRequest();
if (!$request instanceof Request) {
return;
}
$response = $mvcEvent->getResponse();
if (!$response instanceof Response) {
return;
}
$routeMatch = $mvcEvent->getRouteMatch();
if (!$routeMatch instanceof RouteMatch) {
return;
}
$identity = $mvcAuthEvent->getIdentity();
if (!$identity instanceof IdentityInterface) {
return;
}
$resource = $mvcAuthEvent->getResource();
$identity = $mvcAuthEvent->getIdentity();
return $this->authorization->isAuthorized($identity, $resource, $request->getMethod());
}
/**
* Determine if we have an authorization failure, and, if so, return a 403 response
*
* @param MvcAuthEvent $mvcAuthEvent
* @return null|ApiProblemResponse
*/
public function __invoke(MvcAuthEvent $mvcAuthEvent)
{
if ($mvcAuthEvent->isAuthorized()) {
return;
}
$response = new ApiProblemResponse(new ApiProblem(403, 'Forbidden'));
$mvcEvent = $mvcAuthEvent->getMvcEvent();
$mvcEvent->setResponse($response);
return $response;
}
/**
* Determine if we have an authorization failure, and, if so, return a 403 response
*
* @param MvcAuthEvent $mvcAuthEvent
* @return null|ApiProblemResponse
*/
public function __invoke(MvcAuthEvent $mvcAuthEvent)
{
if ($mvcAuthEvent->isAuthorized()) {
return;
}
$mvcEvent = $mvcAuthEvent->getMvcEvent();
$mvcResponse = $mvcEvent->getResponse();
// If we have already an ApiProblemResponse, return immediately
if ($mvcResponse instanceof ApiProblemResponse) {
return $mvcResponse;
}
$response = new ApiProblemResponse(new ApiProblem(403, 'Forbidden'));
$mvcEvent->setResponse($response);
return $response;
}
/**
* Determine if we have an authorization failure, and, if so, return a 403 response
*
* @param MvcAuthEvent $mvcAuthEvent
* @return null|\Zend\Http\Response
*/
public function __invoke(MvcAuthEvent $mvcAuthEvent)
{
$mvcEvent = $mvcAuthEvent->getMvcEvent();
$response = $mvcEvent->getResponse();
if ($mvcAuthEvent->isAuthorized()) {
if ($response instanceof HttpResponse) {
if ($response->getStatusCode() != 200) {
$response->setStatusCode(200);
}
}
return;
}
if (!$response instanceof HttpResponse) {
return $response;
}
$response->setStatusCode(403);
$response->setReasonPhrase('Forbidden');
return $response;
}
/**
* @depends testAuthorizedFlagIsFalseByDefault
*/
public function testAuthorizedFlagIsMutable()
{
$this->mvcAuthEvent->setIsAuthorized(true);
$this->assertTrue($this->mvcAuthEvent->isAuthorized());
}
