public function updateAction() { $request = $this->getRequest(); $recipe = $this->readService->findById($this->params('id')); if (false === $this->authorizationService->isGranted('recipe.manage', $recipe)) { throw new UnauthorizedException('Insufficient Permissions'); } $viewModel = new ViewModel(); $viewModel->setTemplate('recipe/update'); $viewModel->setVariables(['form' => $this->form]); $this->form->bind($recipe); if ($request->isPost()) { $this->form->setData($request->getPost()); if ($this->form->isValid()) { try { $this->writeService->save($this->form->getData()); $this->flashMessenger()->addSuccessMessage('Rezept erfolgreich aktualisiert'); $this->redirect()->toRoute('recipe/read/update', ['id' => $this->params('id')]); } catch (\Exception $e) { var_dump($e->getMessage()); } } } $this->layout('layout/backend'); return $viewModel; }
public function findById($userId) { if (false === $this->authorizationService->isGranted('user.admin')) { throw new UnauthorizedException('Insufficient Permissions'); } return $this->objectRepository->find($userId); }
/** * Return an array of roles which may be granted the permission based on * the options. * * @param mixed $options Options provided from configuration. * * @return array */ public function getPermissions($options) { // If no user is logged in, or the user doesn't match the passed-in // whitelist, we can't grant the permission to any roles. if (!($user = $this->auth->getIdentity())) { return []; } // which user attribute has to match which pattern to get permissions? $criteria = []; foreach ((array) $options as $option) { $parts = explode(' ', $option, 2); if (count($parts) < 2) { $this->logError("configuration option '{$option}' invalid"); return []; } else { list($attribute, $pattern) = $parts; // check user attribute values against the pattern if (!preg_match('/^\\/.*\\/$/', $pattern)) { $pattern = '/' . $pattern . '/'; } if (preg_match($pattern, $user[$attribute])) { return ['loggedin']; } } } //no matches found, so the user don't get any permissions return []; }
public function manageAction() { if (false === $this->authorizationService->isGranted('user.admin')) { throw new UnauthorizedException('Insufficient Permissions'); } $userId = $this->params('id', null); if (null === $userId) { return $this->listUsers(); } $userObject = $this->userService->findById($userId); if (false === $userObject instanceof UserEntity) { return $this->listUsers(); } $request = $this->getRequest(); $viewModel = new ViewModel(); $viewModel->setTemplate('user/update'); $viewModel->setVariables(['form' => $this->form]); $this->form->bind($userObject); if ($request->isPost()) { $this->form->setData($request->getPost()); if ($this->form->isValid()) { try { $this->userService->save($this->form->getData()); $this->flashMessenger()->addSuccessMessage('User successfully updated'); return $this->redirect()->toRoute('zfcuser/manage'); } catch (\Exception $e) { var_dump($e->getMessage()); } } else { var_dump($this->form->getMessages()); } } return $viewModel; }
public function delete(Recipe $recipe) { if (false === $this->authorizationService->isGranted('recipe.manage', $recipe)) { throw new UnauthorizedException('Insufficient Permissions'); } $this->objectManager->remove($recipe); $this->objectManager->flush(); }
public function readAction() { $user = $this->authorizationService->getIdentity(); if ($user) { $this->notificationManager->markRead($user); $this->notificationManager->flush(); } return new JsonModel([]); }
/** * Check if this assertion is true * * @param AuthorizationService $authorization * @param mixed $context * * @return bool */ public function assert(AuthorizationService $authorization, $context = null) { if ($context === null) { return true; } if ($authorization->getIdentity() === $context->getAuthor()) { return true; } return $authorization->isGranted('recipe.admin'); }
/** * @return array * @throws UnauthorizedException */ public function findAll() { if ($this->authorizationService->isGranted('recipe.admin')) { return $this->objectRepository->findBy([], ['dateUpdated' => 'DESC']); } if ($this->authorizationService->isGranted('recipe.manage')) { return $this->objectRepository->findBy(['author' => $this->authorizationService->getIdentity()], ['dateUpdated' => 'DESC']); } throw new UnauthorizedException('Insufficient Permission'); }
/** * Return an array of roles which may be granted the permission based on * the options. * * @param mixed $options Options provided from configuration. * * @return array */ public function getPermissions($options) { // If no user is logged in, or the user doesn't match the passed-in // whitelist, we can't grant the permission to any roles. $user = $this->auth->getIdentity(); if (!$user || !in_array($user->username, (array) $options)) { return []; } // If we got this far, we can grant the permission to the loggedin role. return ['loggedin']; }
public function init() { $this->setHydrator(new DoctrineObject($this->objectManager)); $this->setObject(new Recipe()); $this->add(['name' => 'id', 'type' => Hidden::class]); $this->add(['name' => 'title', 'type' => Text::class, 'options' => ['label' => 'Name des Rezeptes'], 'attributes' => ['class' => 'form-element']]); $this->add(['name' => 'content', 'type' => Textarea::class, 'options' => ['label' => 'Das Rezept bitte'], 'attributes' => ['class' => 'form-element wysiwyg']]); if ($this->authorizationService->isGranted('recipe.admin')) { $this->add(['name' => 'published', 'type' => Checkbox::class, 'options' => ['label' => 'Publiziert', 'use_hidden_element' => true, 'checked_value' => 1, 'unchecked_value' => 0], 'attributes' => ['class' => 'form-element']]); } }
/** * @param ContainerInterface $container * @param string $requestedName * @param array|null $options * @return AuthorizationService */ public function __invoke(ContainerInterface $container, $requestedName, array $options = null) { /* @var \Rbac\Rbac $rbac */ $rbac = $container->get('Rbac\\Rbac'); /* @var \ZfcRbac\Service\RoleService $roleService */ $roleService = $container->get('ZfcRbac\\Service\\RoleService'); /* @var \ZfcRbac\Assertion\AssertionPluginManager $assertionPluginManager */ $assertionPluginManager = $container->get('ZfcRbac\\Assertion\\AssertionPluginManager'); /* @var \ZfcRbac\Options\ModuleOptions $moduleOptions */ $moduleOptions = $container->get('ZfcRbac\\Options\\ModuleOptions'); $authorizationService = new AuthorizationService($rbac, $roleService, $assertionPluginManager); $authorizationService->setAssertions($moduleOptions->getAssertionMap()); return $authorizationService; }
/** * {@inheritDoc} * @return AuthorizationService */ public function createService(ServiceLocatorInterface $serviceLocator) { /* @var \Rbac\Rbac $rbac */ $rbac = $serviceLocator->get('Rbac\\Rbac'); /* @var \ZfcRbac\Service\RoleService $roleService */ $roleService = $serviceLocator->get('ZfcRbac\\Service\\RoleService'); /* @var \ZfcRbac\Assertion\AssertionPluginManager $assertionPluginManager */ $assertionPluginManager = $serviceLocator->get('ZfcRbac\\Assertion\\AssertionPluginManager'); /* @var \ZfcRbac\Options\ModuleOptions $moduleOptions */ $moduleOptions = $serviceLocator->get('ZfcRbac\\Options\\ModuleOptions'); $authorizationService = new AuthorizationService($rbac, $roleService, $assertionPluginManager); $authorizationService->setAssertions($moduleOptions->getAssertionMap()); return $authorizationService; }
/** * @param string $className * @param $id * @param string|null $permission * @param string $notFoundMessage * * @return object * * @throws \Doctrine\ORM\TransactionRequiredException * @throws \Doctrine\ORM\OptimisticLockException * @throws \DomainException * @throws \Doctrine\ORM\ORMException * @throws \Doctrine\ORM\ORMInvalidArgumentException * @throws \ZfrRest\Http\Exception\Client\NotFoundException * @throws \ZfrRest\Http\Exception\Client\UnauthorizedException * @throws \ZfrRest\Http\Exception\Client\ForbiddenException */ public function __invoke(string $className, $id, string $permission = null, string $notFoundMessage = 'The resource you were looking for was not found') { $entity = $this->entityManager->find($className, $id); if (!$entity) { throw new NotFoundException($notFoundMessage); } if ($permission && !$this->authorizationService->isGranted($permission, $entity)) { if ($this->authorizationService->getIdentity()) { throw new ForbiddenException(); } throw new UnauthorizedException(); } return $entity; }
/** * @param AuthorizationService $authorizationService * @param AbstractConversationEntity $context * * @return bool */ public function assert(AuthorizationService $authorizationService, $context = null) { if (!$context instanceof AbstractConversationEntity) { throw new InvalidArgumentException(); } /* @var MessageUserInterface $user */ $user = $authorizationService->getIdentity(); /* @var ArrayCollection $participants */ $participants = $context->getParticipants(); if ($participants->contains($user)) { return true; } return $authorizationService->isGranted('administrator'); }
/** * @param string $eventName * @param RepositoryInterface $repository * @param RevisionInterface $revision * @param string $message * @param array $data * @return void */ protected function triggerEvent($eventName, RepositoryInterface $repository, RevisionInterface $revision, $message = '', $data = []) { $identity = $this->authorizationService->getIdentity(); $event = new VersioningEvent($repository, $revision, $this, $message, $data, $identity); $event->setName($eventName); $this->getEventManager()->trigger($eventName, $this, $event); }
public function isAllowed(EventInterface $event) { $target = $event->getTarget(); if ($target instanceof \Zend\View\Helper\Navigation\AbstractHelper) { $page = $event->getParam('page'); if (!$page instanceof AbstractPage) { return; } $permission = $page->getPermission(); if (null === $permission) { return; } $event->stopPropagation(); return $this->authorizationService->isGranted($permission); } }
/** * Check if this assertion is true * * @param AuthorizationService $authorization * @param mixed $context * @throws InvalidArgumentException * @return bool */ public function assert(AuthorizationService $authorization, $context = null) { if (!$context instanceof InstanceAwareInterface) { throw new InvalidArgumentException(); } if (!$authorization instanceof StatefulAuthorizationService) { throw new InvalidArgumentException(); } $result = $authorization->getAuthorizationResult(); $permission = $result->getPermission(); $permissionToMatch = $this->getPermissionService()->findParametrizedPermission((string) $permission, 'instance', $context->getInstance()->getId()); foreach ($result->getRoles() as $role) { if ($role->hasPermission($permissionToMatch->getId())) { return true; } } return false; }
/** * @param Post $post * @return Post * @throws UnauthorizedException */ public function update(Post $post) { if (!$this->authorizationService->isGranted(self::UPDATE)) { throw new UnauthorizedException(); } $this->objectManager->persist($post); $this->objectManager->flush(); return $post; }
public function createAction() { if (false === $this->authorizationService->isGranted('recipe.add')) { throw new UnauthorizedException('Insufficient Permissions'); } $viewModel = new ViewModel(); $viewModel->setTemplate('recipe/add'); $viewModel->setVariables(['form' => $this->form]); $request = $this->getRequest(); if ($request->isPost()) { $this->form->setData($request->getPost()); if ($this->form->isValid()) { try { $recipe = $this->form->getData(); $this->writeService->save($recipe); return $this->redirect()->toRoute('recipe/read', ['id' => $recipe->getId()]); } catch (\Exception $e) { var_dump($e->getMessage()); } } } $this->layout('layout/backend'); return $viewModel; }
public function deleteAction() { $request = $this->getRequest(); $recipe = $this->readService->findById($this->params('id')); if (false === $this->authorizationService->isGranted('recipe.manage', $recipe)) { throw new UnauthorizedException('Insufficient Permissions'); } $viewModel = new ViewModel(); $viewModel->setTemplate('recipe/delete'); $viewModel->setVariables(['recipe' => $recipe, 'form' => $this->form]); if ($request->isPost()) { $this->form->setData($request->getPost()); if ($this->form->isValid()) { try { $this->writeService->delete($recipe); $this->flashMessenger()->addSuccessMessage('Rezept wurde erfolgreich gelöscht!'); return $this->redirect()->toRoute('recipe'); } catch (\Exception $e) { var_dump($e->getMessage()); } } } return $viewModel; }
public function unsubscribeAction() { if (!$this->authorizationService->getIdentity()) { throw new UnauthorizedException(); } $object = $this->params('object'); $user = $this->authorizationService->getIdentity(); try { $object = $this->uuidManager->getUuid($object); } catch (NotFoundException $e) { $this->getResponse()->setStatusCode(404); return false; } $this->subscriptionManager->unSubscribe($user, $object); $this->subscriptionManager->flush(); $this->flashMessenger()->addSuccessMessage('You are no longer receiving notifications for this content.'); return $this->redirect()->toReferer(); }
public function testEventHydration() { $this->eventManager = new EventManager(); $this->authorizationService->expects($this->any())->method('getIdentity')->will($this->returnValue($this->identity)); $this->authorizationService->expects($this->any())->method('isGranted')->will($this->returnValue(true)); $this->eventManager->attach(VersioningEvent::COMMIT, [$this, 'eventHydrationCallbackTest']); $this->eventManager->attach(VersioningEvent::REJECT, [$this, 'eventHydrationCallbackTest']); $this->eventManager->attach(VersioningEvent::CHECKOUT, [$this, 'eventHydrationCallbackTest']); $this->repositoryManager->setEventManager($this->eventManager); $this->repositoryManager->commitRevision($this->repository, [], 'foo'); $this->assertTrue($this->eventCalled); $this->eventCalled = false; $this->repositoryManager->checkoutRevision($this->repository, $this->revision, 'foo'); $this->assertTrue($this->eventCalled); $this->eventCalled = false; $this->repositoryManager->rejectRevision($this->repository, $this->revision, 'foo'); $this->assertTrue($this->eventCalled); $this->eventCalled = false; }
/** * @covers ZfcRbac\Service\AuthorizationService::getIdentity */ public function testGetIdentity() { $rbac = $this->getMock('Rbac\\Rbac', [], [], '', false); $identity = $this->getMock('ZfcRbac\\Identity\\IdentityInterface'); $roleService = $this->getMock('ZfcRbac\\Service\\RoleService', [], [], '', false); $assertionManager = $this->getMock('ZfcRbac\\Assertion\\AssertionPluginManager', [], [], '', false); $authorization = new AuthorizationService($rbac, $roleService, $assertionManager); $roleService->expects($this->once())->method('getIdentity')->will($this->returnValue($identity)); $this->assertSame($authorization->getIdentity(), $identity); }
/** * Check if this assertion is true * * @param AuthorizationService $authorization * @return bool */ public function assert(AuthorizationService $authorization) { return !is_object($authorization->getIdentity()); }
/** * @param AuthorizationService $authorization * @return bool */ public function assert(AuthorizationService $authorization) { return (bool) $authorization->getIdentity()->getDefaultAffiliate(); }