/** * Returns TRUE, if this privilege covers the given subject (join point) * * @param PrivilegeSubjectInterface $subject * @return boolean * @throws InvalidPrivilegeTypeException */ public function matchesSubject(PrivilegeSubjectInterface $subject) { if ($subject instanceof MethodPrivilegeSubject === false) { throw new InvalidPrivilegeTypeException(sprintf('Privileges of type "%s" only support subjects of type "%s", but we got a subject of type: "%s".', MethodPrivilegeInterface::class, MethodPrivilegeSubject::class, get_class($subject)), 1416241148); } $this->initialize(); $joinPoint = $subject->getJoinPoint(); $methodIdentifier = strtolower($joinPoint->getClassName() . '->' . $joinPoint->getMethodName()); if (isset(static::$methodPermissions[$methodIdentifier][$this->getCacheEntryIdentifier()])) { if (static::$methodPermissions[$methodIdentifier][$this->getCacheEntryIdentifier()]['hasRuntimeEvaluations']) { if ($this->runtimeExpressionEvaluator->evaluate($this->getCacheEntryIdentifier(), $joinPoint) === false) { return false; } } return true; } return false; }
/** * Checks if the specified class and method matches against the filter, i.e. if there is a policy entry to intercept this method. * This method also creates a cache entry for every method, to cache the associated roles and privileges. * * @param string $className Name of the class to check the name of * @param string $methodName Name of the method to check the name of * @param string $methodDeclaringClassName Name of the class the method was originally declared in * @param mixed $pointcutQueryIdentifier Some identifier for this query - must at least differ from a previous identifier. Used for circular reference detection. * @return boolean TRUE if the names match, otherwise FALSE */ public function matches($className, $methodName, $methodDeclaringClassName, $pointcutQueryIdentifier) { if ($this->filters === null) { $this->buildPointcutFilters(); } $matches = false; /** @var PointcutFilterComposite $filter */ foreach ($this->filters as $privilegeIdentifier => $filter) { if ($filter->matches($className, $methodName, $methodDeclaringClassName, $pointcutQueryIdentifier)) { $matches = true; $methodIdentifier = strtolower($className . '->' . $methodName); $hasRuntimeEvaluations = false; if ($filter->hasRuntimeEvaluationsDefinition() === true) { $hasRuntimeEvaluations = true; $this->runtimeExpressionEvaluator->addExpression($privilegeIdentifier, $filter->getRuntimeEvaluationsClosureCode()); } $this->methodPermissions[$methodIdentifier][$privilegeIdentifier]['privilegeMatchesMethod'] = true; $this->methodPermissions[$methodIdentifier][$privilegeIdentifier]['hasRuntimeEvaluations'] = $hasRuntimeEvaluations; } } return $matches; }