public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next = null) { /** @var $response ResourceDoResponse */ $this->checkResponseOrDie($response); $action = $this->getAction($request); $resourceDO = $response->getContent(); $resourceNamespace = $resourceDO->getNamespace(); $userNamespace = $this->user->getNamespace(); $AclResourceCommon = get_class($resourceDO); $AclResourceUnique = $resourceDO instanceof ResourceInterface ? $resourceDO->getResourceId() : null; if ($this->isAllowedForUser($AclResourceCommon, $action, '') || $this->isAllowedForUser($AclResourceUnique, $action, '') || !$resourceNamespace && $this->isAllowedForUser($AclResourceCommon, $action, ResourceDOInterface::NAMESPACES_WILDCARD) || $resourceNamespace && $this->isAllowedForUser($AclResourceCommon, $action, $resourceNamespace) || $resourceNamespace === $userNamespace && $this->isAllowedForUser($AclResourceCommon, $action, UserInterface::NAMESPACES_WILDCARD) || $resourceNamespace !== $userNamespace && 0 === strpos($resourceNamespace, UserInterface::NAMESPACES) && $this->isAllowedForGuest($AclResourceCommon, $action, UserInterface::NAMESPACES_WILDCARD)) { return $next($request, $response); } return new EmptyResponse(403); }