Get the current identity from the role service
| public getIdentity ( ) : ZfcRbac\Identity\IdentityInterface | null | ||
| return | ZfcRbac\Identity\IdentityInterface | null | |
/**
* Return an array of roles which may be granted the permission based on
* the options.
*
* @param mixed $options Options provided from configuration.
*
* @return array
*/
public function getPermissions($options)
{
// If no user is logged in, or the user doesn't match the passed-in
// whitelist, we can't grant the permission to any roles.
if (!($user = $this->auth->getIdentity())) {
return [];
}
// which user attribute has to match which pattern to get permissions?
$criteria = [];
foreach ((array) $options as $option) {
$parts = explode(' ', $option, 2);
if (count($parts) < 2) {
$this->logError("configuration option '{$option}' invalid");
return [];
} else {
list($attribute, $pattern) = $parts;
// check user attribute values against the pattern
if (!preg_match('/^\\/.*\\/$/', $pattern)) {
$pattern = '/' . $pattern . '/';
}
if (preg_match($pattern, $user[$attribute])) {
return ['loggedin'];
}
}
}
//no matches found, so the user don't get any permissions
return [];
}
public function readAction()
{
$user = $this->authorizationService->getIdentity();
if ($user) {
$this->notificationManager->markRead($user);
$this->notificationManager->flush();
}
return new JsonModel([]);
}
/**
* @return array
* @throws UnauthorizedException
*/
public function findAll()
{
if ($this->authorizationService->isGranted('recipe.admin')) {
return $this->objectRepository->findBy([], ['dateUpdated' => 'DESC']);
}
if ($this->authorizationService->isGranted('recipe.manage')) {
return $this->objectRepository->findBy(['author' => $this->authorizationService->getIdentity()], ['dateUpdated' => 'DESC']);
}
throw new UnauthorizedException('Insufficient Permission');
}
/**
* Return an array of roles which may be granted the permission based on
* the options.
*
* @param mixed $options Options provided from configuration.
*
* @return array
*/
public function getPermissions($options)
{
// If no user is logged in, or the user doesn't match the passed-in
// whitelist, we can't grant the permission to any roles.
$user = $this->auth->getIdentity();
if (!$user || !in_array($user->username, (array) $options)) {
return [];
}
// If we got this far, we can grant the permission to the loggedin role.
return ['loggedin'];
}
public function save(Recipe $recipe)
{
$now = new \DateTimeImmutable();
if (null === $recipe->getDateCreated()) {
$recipe->setDateCreated($now);
}
$recipe->setAuthor($this->authorizationService->getIdentity());
$recipe->setDateUpdated($now);
$this->objectManager->persist($recipe);
$this->objectManager->flush();
}
/**
* @param string $className
* @param $id
* @param string|null $permission
* @param string $notFoundMessage
*
* @return object
*
* @throws \Doctrine\ORM\TransactionRequiredException
* @throws \Doctrine\ORM\OptimisticLockException
* @throws \DomainException
* @throws \Doctrine\ORM\ORMException
* @throws \Doctrine\ORM\ORMInvalidArgumentException
* @throws \ZfrRest\Http\Exception\Client\NotFoundException
* @throws \ZfrRest\Http\Exception\Client\UnauthorizedException
* @throws \ZfrRest\Http\Exception\Client\ForbiddenException
*/
public function __invoke(string $className, $id, string $permission = null, string $notFoundMessage = 'The resource you were looking for was not found')
{
$entity = $this->entityManager->find($className, $id);
if (!$entity) {
throw new NotFoundException($notFoundMessage);
}
if ($permission && !$this->authorizationService->isGranted($permission, $entity)) {
if ($this->authorizationService->getIdentity()) {
throw new ForbiddenException();
}
throw new UnauthorizedException();
}
return $entity;
}
/**
* @param string $eventName
* @param RepositoryInterface $repository
* @param RevisionInterface $revision
* @param string $message
* @param array $data
* @return void
*/
protected function triggerEvent($eventName, RepositoryInterface $repository, RevisionInterface $revision, $message = '', $data = [])
{
$identity = $this->authorizationService->getIdentity();
$event = new VersioningEvent($repository, $revision, $this, $message, $data, $identity);
$event->setName($eventName);
$this->getEventManager()->trigger($eventName, $this, $event);
}
/**
* Check if this assertion is true
*
* @param AuthorizationService $authorization
* @param mixed $context
*
* @return bool
*/
public function assert(AuthorizationService $authorization, $context = null)
{
if ($context === null) {
return true;
}
if ($authorization->getIdentity() === $context->getAuthor()) {
return true;
}
return $authorization->isGranted('recipe.admin');
}
/**
* @param AuthorizationService $authorizationService
* @param AbstractConversationEntity $context
*
* @return bool
*/
public function assert(AuthorizationService $authorizationService, $context = null)
{
if (!$context instanceof AbstractConversationEntity) {
throw new InvalidArgumentException();
}
/* @var MessageUserInterface $user */
$user = $authorizationService->getIdentity();
/* @var ArrayCollection $participants */
$participants = $context->getParticipants();
if ($participants->contains($user)) {
return true;
}
return $authorizationService->isGranted('administrator');
}
public function unsubscribeAction()
{
if (!$this->authorizationService->getIdentity()) {
throw new UnauthorizedException();
}
$object = $this->params('object');
$user = $this->authorizationService->getIdentity();
try {
$object = $this->uuidManager->getUuid($object);
} catch (NotFoundException $e) {
$this->getResponse()->setStatusCode(404);
return false;
}
$this->subscriptionManager->unSubscribe($user, $object);
$this->subscriptionManager->flush();
$this->flashMessenger()->addSuccessMessage('You are no longer receiving notifications for this content.');
return $this->redirect()->toReferer();
}
/**
* @covers ZfcRbac\Service\AuthorizationService::getIdentity
*/
public function testGetIdentity()
{
$rbac = $this->getMock('Rbac\\Rbac', [], [], '', false);
$identity = $this->getMock('ZfcRbac\\Identity\\IdentityInterface');
$roleService = $this->getMock('ZfcRbac\\Service\\RoleService', [], [], '', false);
$assertionManager = $this->getMock('ZfcRbac\\Assertion\\AssertionPluginManager', [], [], '', false);
$authorization = new AuthorizationService($rbac, $roleService, $assertionManager);
$roleService->expects($this->once())->method('getIdentity')->will($this->returnValue($identity));
$this->assertSame($authorization->getIdentity(), $identity);
}
/**
* @param AuthorizationService $authorization
* @return bool
*/
public function assert(AuthorizationService $authorization)
{
return (bool) $authorization->getIdentity()->getDefaultAffiliate();
}
/**
* Check if this assertion is true
*
* @param AuthorizationService $authorization
* @return bool
*/
public function assert(AuthorizationService $authorization)
{
return !is_object($authorization->getIdentity());
}
