/** * @param Aop\JoinPoint\BeforeMethod $before * @throws \Nette\Security\AuthenticationException * * @Aop\Before("methodAnnotatedWith(Secure\Delete)") */ public function secureDelete(Aop\JoinPoint\BeforeMethod $before) { $delete = $this->reader->getMethodAnnotation($before->getTargetReflection(), 'Secure\\Delete'); if (!$this->authorizator->isAtLeastInRole($delete->allow, $this->user)) { $this->throwExcetion($before, $delete->allow); } }
/** * {@inheritdoc} */ public function isAllowed($role, $resource, $privilege) { if (NULL === ($allowed = $this->cache->load([$role, $resource, $privilege]))) { $allowed = $this->cache->save([$role, $resource, $privilege], function () use($role, $resource, $privilege) { return $this->authorizator->isAllowed($role, $resource, $privilege); }, [Cache::TAGS => ['role/' . serialize($role), 'resource/' . serialize($resource), 'privilege/' . serialize($privilege)]]); } return $allowed; }
public function isAllowed($role = IAuthorizator::ALL, $resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL) { if (!$this->acl->hasRole($role)) { $this->onUndefinedRole($role); } if (!$this->acl->hasResource($resource)) { $this->onUndefinedResource($resource); } return $this->acl->isAllowed($role, $resource, $privilege); }
/** * {@inheritdoc} */ public function isAllowed($role, $resource, $privilege) { if (!isset($this->authorizator)) { throw new \Ark8\Security\Exceptions\SkipException('Authorizator is not set.'); } if ($resource instanceof IResource) { if (!$resource instanceof GenericResource) { throw new \Ark8\Security\Exceptions\SkipException(sprintf('Resource must be instance of %s, %s given.', GenericResource::class, gettype($resource))); } $privilege = $resource->getPrivilege(); $resource = $resource->getResourceId(); } return $this->authorizator->isAllowed($role, $resource, $privilege); }