/** * Attempt to authorize the discovered identity based on the ACLs present * * @param MvcAuthEvent $mvcAuthEvent * @return bool */ public function __invoke(MvcAuthEvent $mvcAuthEvent) { if ($mvcAuthEvent->isAuthorized()) { return; } $mvcEvent = $mvcAuthEvent->getMvcEvent(); $request = $mvcEvent->getRequest(); if (!$request instanceof Request) { return; } $response = $mvcEvent->getResponse(); if (!$response instanceof Response) { return; } $routeMatch = $mvcEvent->getRouteMatch(); if (!$routeMatch instanceof RouteMatch) { return; } $identity = $mvcAuthEvent->getIdentity(); if (!$identity instanceof IdentityInterface) { return; } $resource = $mvcAuthEvent->getResource(); $identity = $mvcAuthEvent->getIdentity(); return $this->authorization->isAuthorized($identity, $resource, $request->getMethod()); }
public function authorization(MvcAuthEvent $event) { /** @var \ZF\MvcAuth\Identity\AuthenticatedIdentity $identity */ $identity = $event->getIdentity(); if (!$identity instanceof IdentityInterface || $identity instanceof GuestIdentity) { return; } $method = $event->getMvcEvent()->getRequest()->getMethod(); /** @var \ZF\MvcAuth\Authorization\AclAuthorization $authorization */ $authorization = $event->getAuthorizationService(); $sl = $event->getMvcEvent()->getApplication()->getServiceManager(); /** @var \Zend\Permissions\Acl\Assertion\AssertionInterface $resourceAssertion */ $resourceAssertion = $sl->get('Zfegg\\Admin\\MvcAuth\\Authorization\\ResourceAssertion'); if (!$authorization->hasRole($identity)) { $authorization->addRole($identity); } if (!$authorization->hasResource($event->getResource())) { $authorization->addResource($event->getResource()); } $authorization->deny($identity, $event->getResource(), $method, $resourceAssertion); }
/** * Attempt to authorize the discovered identity based on the ACLs present * * @param MvcAuthEvent $mvcAuthEvent * @void */ public function __invoke(MvcAuthEvent $mvcAuthEvent) { $imageService = $this->getServiceLocator()->get('AqilixAPI\\Image\\Service\\Image'); $authService = $mvcAuthEvent->getAuthorizationService(); $config = $this->getServiceLocator()->get('Config')['authorization']; $imageService->setUser($this->getServiceLocator()->get('image.authenticated.user')); $identity = $mvcAuthEvent->getIdentity(); if ($identity instanceof \ZF\MvcAuth\Identity\GuestIdentity) { return; } // resource:method $requestedResource = $mvcAuthEvent->getResource() . ':' . $mvcAuthEvent->getMvcEvent()->getRequest()->getMethod(); foreach ($config['scopes'] as $scope => $scopeConfig) { $resource = $scopeConfig['resource'] . ':' . $scopeConfig['method']; // if authorization resource equals to requested resource if ($resource == $requestedResource) { // check scope in identity if (!in_array($scope, explode(' ', $identity->getAuthenticationIdentity()['scope']))) { return $mvcAuthEvent->getMvcEvent()->getResponse()->setStatusCode(401); } } } }
/** * @depends testResourceStringIsNullByDefault */ public function testResourceStringIsMutable() { $this->mvcAuthEvent->setResource('foo'); $this->assertEquals('foo', $this->mvcAuthEvent->getResource()); }