allow() public method

If $assertion is provided, then it must return TRUE in order for rule to apply.
public allow ( $roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL ) : self
return self
Esempio n. 1
0
 private function defineRelationships(Permission $authorizator)
 {
     $authorizator->allow('employee', 'listing', Permission::ALL, [$this, 'isOwner']);
     $authorizator->allow('employee', 'message', ['send', 'remove', 'view', 'mark_as_read'], [$this, 'isOwner']);
     $authorizator->allow('admin', null, Permission::ALL);
     $authorizator->deny('admin', 'message', 'mark_as_read', [$this, 'isNotOwner']);
 }
Esempio n. 2
0
 public function __construct()
 {
     $this->acl = new NS\Permission();
     $this->acl->addRole('guest');
     $this->acl->addRole('user', 'registered');
     $this->acl->addRole('admin', 'user');
     $this->acl->addResource('backend');
     $this->acl->addResource('users');
     $this->acl->allow('user', array('backend'), array('view'));
     $this->acl->allow('admin');
 }
Esempio n. 3
0
 public static function createAuthorizator()
 {
     $perm = new Permission();
     $perm->addRole("guest");
     $perm->addRole("user", "guest");
     $perm->addRole("admin", "user");
     $perm->addResource('clip');
     $perm->addResource('comment');
     $perm->deny();
     $perm->allow("admin");
     $perm->allow("user", "comment", "add");
     return $perm;
 }
Esempio n. 4
0
 /**
  * Namapuje role a oprávnění.
  */
 private function createAcl()
 {
     $this->defineRoles();
     $this->defineResources();
     foreach ($this->permissionRepository->selectMappedPermissions() as $gra) {
         if ($gra->getActionCode() == -1) {
             $actionName = self::ALL;
         } else {
             $actionName = $gra->getAction()->getName();
         }
         $this->acl->allow($gra->getGroup()->getName(), $gra->getResource()->getName(), $actionName);
     }
 }
Esempio n. 5
0
 public function startup()
 {
     parent::startup();
     if ($this->getName() != 'Admin:Sign' && !$this->user->isLoggedIn()) {
         $this->redirect('Sign:default');
     }
     //nastavim prava
     foreach ($this->roles->getAll() as $role) {
         $this->acl->addRole($role['system_name']);
     }
     foreach ($this->resources->getAll() as $resource) {
         $this->acl->addResource($resource['system_name']);
     }
     foreach ($this->permissions->getAll() as $permission) {
         $this->acl->allow($permission->role->system_name, $permission->resource->system_name, $permission->privilege->system_name);
     }
     $this->acl->addRole('super_admin');
     $this->acl->allow('super_admin');
     //homepage a sign maji pristup vsichni
     $this->acl->addResource('homepage');
     $this->acl->allow(\App\AdminModule\Components\Authorizator::ALL, 'homepage');
     $this->acl->addResource('sign');
     $this->acl->allow(\App\AdminModule\Components\Authorizator::ALL, 'sign');
     //vychozi role
     $this->acl->addRole('guest');
     //kontrola prav
     if ($this->getName() != 'Admin:Image' && $this->getAction() != 'ordering' && $this->getAction() != 'orderingCategory' && $this->getAction() != 'deleteImage' && $this->getAction() != 'changePassword' && $this->getAction() != 'getCity' && $this->getAction() != 'download') {
         if (!$this->getUser()->isAllowed($this->getNameSimple(), $this->getAction())) {
             $this->flashMessage($this->translator->translate('admin.login.noAccess'), 'error');
             $this->redirect('Homepage:default');
         }
     }
     //projedu vsek moduly a pokusim se najit presentery
     $presenters = array();
     $vsekDir = dirname(__FILE__) . '/../../../';
     $ch = opendir($vsekDir);
     while (($file = readdir($ch)) !== false) {
         if (!in_array($file, array('.', '..'))) {
             if (file_exists($vsekDir . $file . '/src/setting.xml')) {
                 $xml = simplexml_load_file($vsekDir . $file . '/src/setting.xml');
                 if (isset($xml->presenter)) {
                     $this->menuModules[] = array('name' => (string) $xml->presenter->name, 'resource' => (string) $xml->presenter->resource);
                 }
             }
         }
     }
     closedir($ch);
 }
Esempio n. 6
0
 /** @return Nette\Security\Permission */
 public function create()
 {
     if (!$this->cmsInstalled) {
         return new Nette\Security\Permission();
     }
     $acl = $this->cache->load('acl');
     if ($acl === NULL) {
         $acl = new Nette\Security\Permission();
         try {
             foreach ($this->roleService->findAll() as $role) {
                 $acl->addRole($role->name, $role->parent === NULL ? NULL : $role->parent->name);
             }
         } catch (Kdyby\Doctrine\DBALException $ex) {
             return new Nette\Security\Permission();
         }
         foreach ($this->resourceService->findAll() as $resource) {
             $acl->addResource($resource->name);
         }
         foreach ($this->aclService->findAll() as $aclEntry) {
             if ($aclEntry->allow) {
                 $acl->allow($aclEntry->role->name, $aclEntry->permission->resource->name, $aclEntry->permission->privilege->name);
             } else {
                 $acl->deny($aclEntry->role->name, $aclEntry->permission->resource->name, $aclEntry->permission->privilege->name);
             }
         }
         $this->cache->save('acl', $acl, [Nette\Caching\Cache::TAGS => self::CACHE_TAG]);
     }
     return $acl;
 }
Esempio n. 7
0
 /**
  * Allows one or more Roles access to [certain $privileges upon] the specified Resource(s).
  * If $assertion is provided, then it must return TRUE in order for rule to apply.
  *
  * @param string|array|Permission::ALL $roles
  * @param string|array|Permission::ALL $resources
  * @param string|array|Permission::ALL $privileges
  * @param callable $assertion
  * @return self
  */
 public function allow($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = null)
 {
     if ($assertion !== null) {
         $assertion = function () use($assertion) {
             return Callback::invoke($assertion, $this->identity, $this->getQueriedResource(), $this->getQueriedRole());
         };
     }
     return parent::allow($roles, $resources, $privileges, $assertion);
 }
Esempio n. 8
0
	public static function createAuthorizator()
	{
		$perm = new Permission;
		$perm->addRole("guest");
		$perm->addRole("user", "guest");
		$perm->addRole("admin", "user");
		$perm->deny();
		$perm->allow("admin");
		return $perm;
	}
Esempio n. 9
0
 public function __construct()
 {
     $acl = new Nette\Security\Permission();
     // definice rolí
     $acl->addRole('guest');
     $acl->addRole('demo', 'guest');
     // demo dědí od guest
     $acl->addRole('admin', 'demo');
     // a od něj dědí admin
     // seznam zdrojů, ke kterým mohou uživatelé přistupovat
     $acl->addResource('Admin:Admin');
     $acl->addResource('Front');
     // pravidla, určující, kdo co může s čím dělat
     $acl->allow('guest', 'Front', self::READ);
     $acl->allow('demo', 'Admin:Admin', self::READ);
     $acl->allow('admin', Permission::ALL, Permission::ALL);
     // Nastaveno!
     $this->acl = $acl;
 }
Esempio n. 10
0
 /**
  * Init
  */
 protected function Init($role)
 {
     if ($this->isInitialized === FALSE) {
         if ($this->aclRoleID) {
             $this->InitRole();
             $this->InitResource();
             $this->InitPermission($role);
             $this->acl->allow('root');
             $this->isInitialized = TRUE;
         } else {
             throw new InvalidStateException("Please set first aclRoleID variable.");
         }
     }
 }
 public function allow($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL)
 {
     if ($roles == "owner") {
         parent::allow("owner", $resources, $privileges, function ($permission, $role, $resource, $privilege) {
             $queRole = $permission->getQueriedRole();
             $queResource = $permission->getQueriedResource();
             if ($queRole instanceof OwnerRole && $queResource instanceof IOwnerResource) {
                 return $queRole->getUserId() === $queResource->getUserId();
             } else {
                 return false;
             }
         });
     } else {
         parent::allow($roles, $resources, $privileges, $assertion);
     }
 }
Esempio n. 12
0
 public function allow($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL)
 {
     $this->addResources($resources);
     $this->addRoles($roles);
     $this->acl->allow($roles, $resources, $privileges, $assertion);
 }
Esempio n. 13
0
 /**
  * If $resource is not defined, creates new one (for each if is array)
  * For more info see \Nette\Security\Permission::allow doc
  */
 public function allow($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL)
 {
     if ($resources != self::ALL) {
         if (!is_array($resources)) {
             $resources = array($resources);
         }
         foreach ($resources as $resource) {
             if ($resource != self::ALL && !$this->hasResource($resource)) {
                 $this->addResourceToDb($resource);
                 $this->addResource($resource);
             }
         }
     }
     return parent::allow($roles, $resources, $privileges, $assertion);
 }
Esempio n. 14
0
 /**
  * Setup permission by role
  *
  * @param Permission $permission
  * @param string $role
  * @return Permission
  */
 protected function setPermissionsByRole(Permission $permission, $role)
 {
     if ($role == 'admin') {
         $permission->allow('admin', Permission::ALL);
         return $permission;
     }
     if ($this->checkConnection->invoke()) {
         $roleEntity = $this->roleRepository->findOneByName($role);
         if ($roleEntity) {
             if ($roleEntity->parent) {
                 $this->setPermissionsByRole($permission, $roleEntity->parent->name);
             }
             if ($roleEntity && !$permission->hasRole($role)) {
                 $permission->addRole($role, $roleEntity->parent ? $roleEntity->parent->name : NULL);
             }
             // allow/deny
             foreach ($roleEntity->permissions as $perm) {
                 if ($permission->hasResource($perm->resource)) {
                     if ($perm->allow) {
                         $permission->allow($role, $perm->resource, $perm->privilege ? $perm->privilege : NULL);
                     } else {
                         $permission->deny($role, $perm->resource, $perm->privilege ? $perm->privilege : NULL);
                     }
                 }
             }
         }
     }
     return $permission;
 }
Esempio n. 15
0
 private function loadPermissions(Permission $acl)
 {
     $permissions = $this->em->createQuery('SELECT p, pr FROM ' . \Users\Authorization\Permission::class . ' p
          LEFT JOIN p.privilege pr')->execute();
     /** @var \Users\Authorization\Permission $permission */
     foreach ($permissions as $permission) {
         if ($permission->isAllowed() === true) {
             $acl->allow($permission->getRoleName(), $permission->getResourceName(), $permission->getPrivilegeName());
         } else {
             $acl->deny($permission->getRoleName(), $permission->getResourceName(), $permission->getPrivilegeName());
         }
     }
     $acl->allow(Role::GOD, IAuthorizator::ALL, IAuthorizator::ALL);
 }
Esempio n. 16
0
 private function setRules(Permission $p)
 {
     try {
         $rules = $this->rulesService->getRules();
     } catch (Exceptions\DataErrorException $e) {
         $this->logError($e->getMessage());
     }
     foreach ($rules as $r) {
         if ($r->isPermit()) {
             $p->allow($r->getRole()->getName(), $r->hasResource() ? $r->getResource() : Permission::ALL, $r->hasPrivilege() ? $r->getPrivileges() : Permission::ALL);
         } else {
             $p->deny($r->getRole()->getName(), $r->hasResource() ? $r->getResource() : Permission::ALL, $r->hasPrivilege() ? $r->getPrivileges() : Permission::ALL);
         }
     }
 }