public function isAllowed($role = IAuthorizator::ALL, $resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL)
{
if (!$this->acl->hasRole($role)) {
$this->onUndefinedRole($role);
}
if (!$this->acl->hasResource($resource)) {
$this->onUndefinedResource($resource);
}
return $this->acl->isAllowed($role, $resource, $privilege);
}
public function check($resource, $privilege)
{
if ($this->user->isInRole(static::ROOT_ROLE)) {
return true;
}
if (!array_reduce($this->user->getRoles(), function ($prev, $role) use($resource, $privilege) {
return $this->acl->hasRole($role) && $this->acl->hasResource($resource) && $this->acl->isAllowed($role, $resource, $privilege) || $prev;
}, false)) {
throw new \AclException("Unauthorized access to resource '{$resource}' privilege '{$privilege}' :(", 403);
}
}
/**
* Get raw permissions without privileges.
*
* @return Permission
*/
public function getRawPermissions()
{
$permission = new Permission();
foreach ($this->scanResources() as $resource => $privileges) {
$permission->addResource($resource);
}
foreach ($this->defaultRoles as $role) {
if (!$permission->hasRole($role)) {
$permission->addRole($role);
}
}
return $permission;
}