/** * {@inheritdoc} */ public function isAllowed(NodeInterface $from, NodeInterface $to) { if ($this->isSibling($from, $to)) { return EvaluationResult::allowed($this); } return EvaluationResult::undefined(); }
/** * {@inheritdoc} */ public function isAllowed(NodeInterface $from, NodeInterface $to) { foreach ($this->getTargets() as $namespace) { if ($this->namespaceContains($namespace, $to->getFQName())) { return EvaluationResult::allowed($this); } } return EvaluationResult::undefined(); }
/** * {@inheritdoc} */ public function isAllowed(NodeInterface $from, NodeInterface $to) { foreach ($this->getTargets() as $namespace) { if ($this->namespaceContains($namespace, $to->getFQName())) { return EvaluationResult::denied($this, sprintf("%s has an attached DenyPolicy of namespace %s, preventing use of %s", $from->getFQName(), $namespace, $to->getFQName())); } } return EvaluationResult::undefined(); }
/** * {@inheritdoc} */ public function isAllowed(NodeInterface $from, NodeInterface $to) { foreach ($this->allow as $regex => $allowed) { // check that $from matches if (!$this->regexMatchesNode($regex, $from)) { continue; } // check all allowed namespaces foreach ($allowed as $namespace) { if ($this->namespaceContains($namespace, $to->getFQName())) { return EvaluationResult::allowed($this); } } } return EvaluationResult::undefined(); }
/** * Resolves all hierarchical policies to determine whether the connection between $from and $to is valid. * * @param string $from * @param string $to * @return \ArchInspec\Policy\Evaluation\IEvaluationResult */ public function isAllowed($from, $to) { $to = $this->getOrCreateNode($to); $from = $this->getOrCreateNode($from); $node = $from; while (!is_null($node)) { foreach ($node->getPolicies() as $policy) { // check that policy affects $to if (!$policy->affects($from, $to)) { continue; } // only return if the result is not undefined $result = $policy->isAllowed($from, $to); if (!$result->isUndefined()) { return $result; } } $node = $node->getParent(); } return EvaluationResult::undefined("No matching policy was found!"); }