Exemple #1
 public function testThrowExceptionIfIdentityIsWrongType()
     $this->setExpectedException('ZfjRbac\\Exception\\RuntimeException', 'ZfjRbac expects your identity to implement ZfjRbac\\Identity\\IdentityInterface, "stdClass" given');
     $identityProvider = $this->getMock('ZfjRbac\\Identity\\IdentityProviderInterface');
     $identityProvider->expects($this->any())->method('getIdentity')->will($this->returnValue(new \stdClass()));
     $roleService = new RoleService($identityProvider, $this->getMock('ZfjRbac\\Role\\RoleProviderInterface'), $this->getMock('Rbac\\Traversal\\Strategy\\TraversalStrategyInterface'));
  * Create an object
  * @param  ContainerInterface $container
  * @param  string             $requestedName
  * @param  null|array         $options
  * @return object
  * @throws ServiceNotFoundException if unable to resolve the service.
  * @throws ServiceNotCreatedException if an exception is raised when
  *     creating a service.
  * @throws ContainerException if any other error occurs
 public function __invoke(ContainerInterface $container, $requestedName, array $options = null)
     /* @var \ZfjRbac\Options\ModuleOptions $moduleOptions */
     $moduleOptions = $container->get('ZfjRbac\\Options\\ModuleOptions');
     /* @var \ZfjRbac\Identity\IdentityProviderInterface $identityProvider */
     $identityProvider = $container->get($moduleOptions->getIdentityProvider());
     $roleProviderConfig = $moduleOptions->getRoleProvider();
     if (empty($roleProviderConfig)) {
         throw new RuntimeException('No role provider has been set for ZfjRbac');
     /* @var \ZfjRbac\Role\RoleProviderPluginManager $pluginManager */
     $pluginManager = $container->get('ZfjRbac\\Role\\RoleProviderPluginManager');
     /* @var \ZfjRbac\Role\RoleProviderInterface $roleProvider */
     $roleProvider = $pluginManager->get(key($roleProviderConfig), current($roleProviderConfig));
     $roleService = new RoleService($identityProvider, $roleProvider);
     return $roleService;
  * Check if the permission is granted to the current identity
  * @param string|PermissionInterface $permission
  * @param mixed                      $context
  * @return bool
 public function isGranted($permission, $context = null)
     $roles = $this->roleService->getIdentityRoles();
     if (empty($roles)) {
         return false;
     if (!$this->rbac->isGranted($roles, $permission)) {
         return false;
     if ($this->hasAssertion($permission)) {
         return $this->assert($this->assertions[(string) $permission], $context);
     return true;
Exemple #4
  * {@inheritDoc}
 public function isGranted(MvcEvent $event)
     $matchedRouteName = $event->getRouteMatch()->getMatchedRouteName();
     $allowedRoles = null;
     foreach (array_keys($this->rules) as $routeRule) {
         if (fnmatch($routeRule, $matchedRouteName, FNM_CASEFOLD)) {
             $allowedRoles = $this->rules[$routeRule];
     // If no rules apply, it is considered as granted or not based on the protection policy
     if (null === $allowedRoles) {
         return $this->protectionPolicy === self::POLICY_ALLOW;
     if (in_array('*', $allowedRoles)) {
         return true;
     return $this->roleService->matchIdentityRoles($allowedRoles);
Exemple #5
  * {@inheritDoc}
 public function isGranted(MvcEvent $event)
     $routeMatch = $event->getRouteMatch();
     $controller = strtolower($routeMatch->getParam('controller'));
     $action = strtolower($routeMatch->getParam('action'));
     // If no rules apply, it is considered as granted or not based on the protection policy
     if (!isset($this->rules[$controller])) {
         return $this->protectionPolicy === self::POLICY_ALLOW;
     // Algorithm is as follow: we first check if there is an exact match (controller + action), if not
     // we check if there are rules set globally for the whole controllers (see the index "0"), and finally
     // if nothing is matched, we fallback to the protection policy logic
     if (isset($this->rules[$controller][$action])) {
         $allowedRoles = $this->rules[$controller][$action];
     } elseif (isset($this->rules[$controller][0])) {
         $allowedRoles = $this->rules[$controller][0];
     } else {
         return $this->protectionPolicy === self::POLICY_ALLOW;
     if (in_array('*', $allowedRoles)) {
         return true;
     return $this->roleService->matchIdentityRoles($allowedRoles);
Exemple #6
  * @param string|string[] $roleOrRoles
  * @return bool
 public function __invoke($roleOrRoles)
     return $this->roleService->matchIdentityRoles((array) $roleOrRoles);
Exemple #7
  * Collect roles and permissions
  * @param  RoleService $roleService
  * @return void
 private function collectIdentityRolesAndPermissions(RoleService $roleService)
     $identityRoles = $roleService->getIdentityRoles();
     foreach ($identityRoles as $role) {
         $roleName = $role->getName();
         if (!$role instanceof HierarchicalRoleInterface) {
             $this->collectedRoles[] = $roleName;
         } else {
             $iteratorIterator = new RecursiveIteratorIterator(new \RecursiveArrayIterator($role->getChildren()), RecursiveIteratorIterator::SELF_FIRST);
             foreach ($iteratorIterator as $childRole) {
                 $this->collectedRoles[$roleName][] = $childRole->getName();