/**
* Return true if both user and object respects all the rules conditions
* If the objectId is null, policy rules about its attributes will be ignored
* In case of mismatch between attributes and expected values,
* an array with the concerned attributes slugs will be returned.
*
* Available options are :
* * dynamic_attributes: array
* * cache_result: boolean
* * cache_ttl: integer
* * cache_driver: string
*
* Available cache drivers are :
* * memory
*
* @param string $ruleName
* @param object $user
* @param object $resource
* @param array $options
* @return boolean|array
*/
public function enforce($ruleName, $user, $resource = null, $options = [])
{
// If there is dynamic attributes, we pass them to the comparison manager
// When a comparison will be performed, the passed values will be retrieved and used
if (isset($options['dynamic_attributes'])) {
$this->comparisonManager->setDynamicAttributes($options['dynamic_attributes']);
}
// Retrieve cache value for the current rule and values if cache item is valid
if (($cacheResult = isset($options['cache_result']) && $options['cache_result'] === true) === true) {
$cacheItem = $this->cacheManager->getItem("{$ruleName}-{$user->getId()}-" . ($resource !== null ? $resource->getId() : ''), isset($options['cache_driver']) ? $options['cache_driver'] : null, isset($options['cache_ttl']) ? $options['cache_ttl'] : null);
// We check if the cache value s valid before returning it
if (($cacheValue = $cacheItem->get()) !== null) {
return $cacheValue;
}
}
$policyRule = $this->policyRuleManager->getRule($ruleName, $user, $resource);
// For each policy rule attribute, we retrieve the attribute value and proceed configured extra data
foreach ($policyRule->getPolicyRuleAttributes() as $pra) {
$attribute = $pra->getAttribute();
$attribute->setValue($this->attributeManager->retrieveAttribute($attribute, $user, $resource));
if (count($pra->getExtraData()) > 0) {
$this->processExtraData($pra, $user, $resource);
}
$this->comparisonManager->compare($pra);
}
// The given result could be an array of rejected attributes or true
// True means that the rule is correctly enforced for the given user and resource
$result = $this->comparisonManager->getResult();
if ($cacheResult) {
$cacheItem->set($result);
$this->cacheManager->save($cacheItem);
}
return $result;
}
public function testGetItemPool()
{
$pool = $this->cacheManager->getItemPool('memory');
$item = $pool->getItem('php_abac.test');
$this->cacheManager->save($item);
$items = $pool->getItems(['php_abac.test']);
$this->assertInstanceOf('Psr\\Cache\\CacheItemPoolInterface', $pool);
$this->assertCount(1, $items);
$this->assertarrayHasKey('php_abac.test', $items);
$this->assertEquals($item, $items['php_abac.test']);
}
