If $assertion is provided, then it must return TRUE in order for rule to apply.
public allow ( $roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL ) : self | ||
return | self |
private function defineRelationships(Permission $authorizator) { $authorizator->allow('employee', 'listing', Permission::ALL, [$this, 'isOwner']); $authorizator->allow('employee', 'message', ['send', 'remove', 'view', 'mark_as_read'], [$this, 'isOwner']); $authorizator->allow('admin', null, Permission::ALL); $authorizator->deny('admin', 'message', 'mark_as_read', [$this, 'isNotOwner']); }
public function __construct() { $this->acl = new NS\Permission(); $this->acl->addRole('guest'); $this->acl->addRole('user', 'registered'); $this->acl->addRole('admin', 'user'); $this->acl->addResource('backend'); $this->acl->addResource('users'); $this->acl->allow('user', array('backend'), array('view')); $this->acl->allow('admin'); }
public static function createAuthorizator() { $perm = new Permission(); $perm->addRole("guest"); $perm->addRole("user", "guest"); $perm->addRole("admin", "user"); $perm->addResource('clip'); $perm->addResource('comment'); $perm->deny(); $perm->allow("admin"); $perm->allow("user", "comment", "add"); return $perm; }
/** * Namapuje role a oprávnění. */ private function createAcl() { $this->defineRoles(); $this->defineResources(); foreach ($this->permissionRepository->selectMappedPermissions() as $gra) { if ($gra->getActionCode() == -1) { $actionName = self::ALL; } else { $actionName = $gra->getAction()->getName(); } $this->acl->allow($gra->getGroup()->getName(), $gra->getResource()->getName(), $actionName); } }
public function startup() { parent::startup(); if ($this->getName() != 'Admin:Sign' && !$this->user->isLoggedIn()) { $this->redirect('Sign:default'); } //nastavim prava foreach ($this->roles->getAll() as $role) { $this->acl->addRole($role['system_name']); } foreach ($this->resources->getAll() as $resource) { $this->acl->addResource($resource['system_name']); } foreach ($this->permissions->getAll() as $permission) { $this->acl->allow($permission->role->system_name, $permission->resource->system_name, $permission->privilege->system_name); } $this->acl->addRole('super_admin'); $this->acl->allow('super_admin'); //homepage a sign maji pristup vsichni $this->acl->addResource('homepage'); $this->acl->allow(\App\AdminModule\Components\Authorizator::ALL, 'homepage'); $this->acl->addResource('sign'); $this->acl->allow(\App\AdminModule\Components\Authorizator::ALL, 'sign'); //vychozi role $this->acl->addRole('guest'); //kontrola prav if ($this->getName() != 'Admin:Image' && $this->getAction() != 'ordering' && $this->getAction() != 'orderingCategory' && $this->getAction() != 'deleteImage' && $this->getAction() != 'changePassword' && $this->getAction() != 'getCity' && $this->getAction() != 'download') { if (!$this->getUser()->isAllowed($this->getNameSimple(), $this->getAction())) { $this->flashMessage($this->translator->translate('admin.login.noAccess'), 'error'); $this->redirect('Homepage:default'); } } //projedu vsek moduly a pokusim se najit presentery $presenters = array(); $vsekDir = dirname(__FILE__) . '/../../../'; $ch = opendir($vsekDir); while (($file = readdir($ch)) !== false) { if (!in_array($file, array('.', '..'))) { if (file_exists($vsekDir . $file . '/src/setting.xml')) { $xml = simplexml_load_file($vsekDir . $file . '/src/setting.xml'); if (isset($xml->presenter)) { $this->menuModules[] = array('name' => (string) $xml->presenter->name, 'resource' => (string) $xml->presenter->resource); } } } } closedir($ch); }
/** @return Nette\Security\Permission */ public function create() { if (!$this->cmsInstalled) { return new Nette\Security\Permission(); } $acl = $this->cache->load('acl'); if ($acl === NULL) { $acl = new Nette\Security\Permission(); try { foreach ($this->roleService->findAll() as $role) { $acl->addRole($role->name, $role->parent === NULL ? NULL : $role->parent->name); } } catch (Kdyby\Doctrine\DBALException $ex) { return new Nette\Security\Permission(); } foreach ($this->resourceService->findAll() as $resource) { $acl->addResource($resource->name); } foreach ($this->aclService->findAll() as $aclEntry) { if ($aclEntry->allow) { $acl->allow($aclEntry->role->name, $aclEntry->permission->resource->name, $aclEntry->permission->privilege->name); } else { $acl->deny($aclEntry->role->name, $aclEntry->permission->resource->name, $aclEntry->permission->privilege->name); } } $this->cache->save('acl', $acl, [Nette\Caching\Cache::TAGS => self::CACHE_TAG]); } return $acl; }
/** * Allows one or more Roles access to [certain $privileges upon] the specified Resource(s). * If $assertion is provided, then it must return TRUE in order for rule to apply. * * @param string|array|Permission::ALL $roles * @param string|array|Permission::ALL $resources * @param string|array|Permission::ALL $privileges * @param callable $assertion * @return self */ public function allow($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = null) { if ($assertion !== null) { $assertion = function () use($assertion) { return Callback::invoke($assertion, $this->identity, $this->getQueriedResource(), $this->getQueriedRole()); }; } return parent::allow($roles, $resources, $privileges, $assertion); }
public static function createAuthorizator() { $perm = new Permission; $perm->addRole("guest"); $perm->addRole("user", "guest"); $perm->addRole("admin", "user"); $perm->deny(); $perm->allow("admin"); return $perm; }
public function __construct() { $acl = new Nette\Security\Permission(); // definice rolí $acl->addRole('guest'); $acl->addRole('demo', 'guest'); // demo dědí od guest $acl->addRole('admin', 'demo'); // a od něj dědí admin // seznam zdrojů, ke kterým mohou uživatelé přistupovat $acl->addResource('Admin:Admin'); $acl->addResource('Front'); // pravidla, určující, kdo co může s čím dělat $acl->allow('guest', 'Front', self::READ); $acl->allow('demo', 'Admin:Admin', self::READ); $acl->allow('admin', Permission::ALL, Permission::ALL); // Nastaveno! $this->acl = $acl; }
/** * Init */ protected function Init($role) { if ($this->isInitialized === FALSE) { if ($this->aclRoleID) { $this->InitRole(); $this->InitResource(); $this->InitPermission($role); $this->acl->allow('root'); $this->isInitialized = TRUE; } else { throw new InvalidStateException("Please set first aclRoleID variable."); } } }
public function allow($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL) { if ($roles == "owner") { parent::allow("owner", $resources, $privileges, function ($permission, $role, $resource, $privilege) { $queRole = $permission->getQueriedRole(); $queResource = $permission->getQueriedResource(); if ($queRole instanceof OwnerRole && $queResource instanceof IOwnerResource) { return $queRole->getUserId() === $queResource->getUserId(); } else { return false; } }); } else { parent::allow($roles, $resources, $privileges, $assertion); } }
public function allow($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL) { $this->addResources($resources); $this->addRoles($roles); $this->acl->allow($roles, $resources, $privileges, $assertion); }
/** * If $resource is not defined, creates new one (for each if is array) * For more info see \Nette\Security\Permission::allow doc */ public function allow($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL) { if ($resources != self::ALL) { if (!is_array($resources)) { $resources = array($resources); } foreach ($resources as $resource) { if ($resource != self::ALL && !$this->hasResource($resource)) { $this->addResourceToDb($resource); $this->addResource($resource); } } } return parent::allow($roles, $resources, $privileges, $assertion); }
/** * Setup permission by role * * @param Permission $permission * @param string $role * @return Permission */ protected function setPermissionsByRole(Permission $permission, $role) { if ($role == 'admin') { $permission->allow('admin', Permission::ALL); return $permission; } if ($this->checkConnection->invoke()) { $roleEntity = $this->roleRepository->findOneByName($role); if ($roleEntity) { if ($roleEntity->parent) { $this->setPermissionsByRole($permission, $roleEntity->parent->name); } if ($roleEntity && !$permission->hasRole($role)) { $permission->addRole($role, $roleEntity->parent ? $roleEntity->parent->name : NULL); } // allow/deny foreach ($roleEntity->permissions as $perm) { if ($permission->hasResource($perm->resource)) { if ($perm->allow) { $permission->allow($role, $perm->resource, $perm->privilege ? $perm->privilege : NULL); } else { $permission->deny($role, $perm->resource, $perm->privilege ? $perm->privilege : NULL); } } } } } return $permission; }
private function loadPermissions(Permission $acl) { $permissions = $this->em->createQuery('SELECT p, pr FROM ' . \Users\Authorization\Permission::class . ' p LEFT JOIN p.privilege pr')->execute(); /** @var \Users\Authorization\Permission $permission */ foreach ($permissions as $permission) { if ($permission->isAllowed() === true) { $acl->allow($permission->getRoleName(), $permission->getResourceName(), $permission->getPrivilegeName()); } else { $acl->deny($permission->getRoleName(), $permission->getResourceName(), $permission->getPrivilegeName()); } } $acl->allow(Role::GOD, IAuthorizator::ALL, IAuthorizator::ALL); }
private function setRules(Permission $p) { try { $rules = $this->rulesService->getRules(); } catch (Exceptions\DataErrorException $e) { $this->logError($e->getMessage()); } foreach ($rules as $r) { if ($r->isPermit()) { $p->allow($r->getRole()->getName(), $r->hasResource() ? $r->getResource() : Permission::ALL, $r->hasPrivilege() ? $r->getPrivileges() : Permission::ALL); } else { $p->deny($r->getRole()->getName(), $r->hasResource() ? $r->getResource() : Permission::ALL, $r->hasPrivilege() ? $r->getPrivileges() : Permission::ALL); } } }