/**
* @param \Nette\Reflection\Method $element
*/
protected function checkMethod(Method $element)
{
$class = $element->class;
$name = $element->name;
$schema = $this->reader->getSchema($class);
$exception = null;
// users
if (isset($schema[$name]['users']) && count($schema[$name]['users']) > 0) {
$users = $schema[$name]['users'];
if (!in_array($this->user->getId(), $users)) {
$exception = sprintf('Access denied for your username: \'%s\'. Require: \'%s\'', $this->user->getId(), implode(', ', $users));
} else {
return;
}
} elseif (isset($schema[$name]['roles']) && count($schema[$name]['roles']) > 0) {
$userRoles = $this->user->getRoles();
$roles = $schema[$name]['roles'];
if (count(array_intersect($userRoles, $roles)) == 0) {
$exception = "Access denied for your roles: '" . implode(', ', $userRoles) . "'. Require one of: '" . implode(', ', $roles) . "'";
} else {
return;
}
} elseif (isset($schema[$name]['resource']) && $schema[$name]['resource']) {
if (!$this->user->isAllowed($schema[$name]['resource'], $schema[$name]['privilege'])) {
$exception = sprintf('Access denied for resource: \'%s\' and privilege: \'%s\'', $schema[$name]['resource'], $schema[$name]['privilege']);
} else {
return;
}
}
if ($exception) {
throw new ForbiddenRequestException($exception);
}
}
/**
* Array of all resources.
*
* @return array
*/
protected function scanResources()
{
$ret = array();
foreach ($this->presenterFactory->getPresenters() as $class => $name) {
$schema = $this->reader->getSchema($class);
foreach ($schema as $item) {
if (!array_key_exists($item['resource'], $ret)) {
$ret[$item['resource']] = array();
}
$ret[$item['resource']] = array_unique(array_merge($ret[$item['resource']], $item['privilege'] ? (array) $item['privilege'] : array()));
}
}
return $ret;
}
