/**
* {@inheritDoc}
*/
public function isGranted(MvcEvent $event)
{
$routeMatch = $event->getRouteMatch();
$controller = strtolower($routeMatch->getParam('controller'));
$action = strtolower($routeMatch->getParam('action'));
// If no rules apply, it is considered as granted or not based on the protection policy
if (!isset($this->rules[$controller])) {
return $this->protectionPolicy === self::POLICY_ALLOW;
}
// Algorithm is as follow: we first check if there is an exact match (controller + action), if not
// we check if there are rules set globally for the whole controllers (see the index "0"), and finally
// if nothing is matched, we fallback to the protection policy logic
if (isset($this->rules[$controller][$action])) {
$allowedPermissions = $this->rules[$controller][$action];
} elseif (isset($this->rules[$controller][0])) {
$allowedPermissions = $this->rules[$controller][0];
} else {
return $this->protectionPolicy === self::POLICY_ALLOW;
}
// If no rules apply, it is considered as granted or not based on the protection policy
if (empty($allowedPermissions)) {
return $this->protectionPolicy === self::POLICY_ALLOW;
}
if (in_array('*', $allowedPermissions)) {
return true;
}
foreach ($allowedPermissions as $permission) {
if (!$this->authorizationService->isGranted($permission)) {
return false;
}
}
return true;
}
/**
* {@inheritDoc}
*/
public function isGranted(MvcEvent $event)
{
$matchedRouteName = $event->getRouteMatch()->getMatchedRouteName();
$allowedPermissions = null;
foreach (array_keys($this->rules) as $routeRule) {
if (fnmatch($routeRule, $matchedRouteName, FNM_CASEFOLD)) {
$allowedPermissions = $this->rules[$routeRule];
break;
}
}
// If no rules apply, it is considered as granted or not based on the protection policy
if (null === $allowedPermissions) {
return $this->protectionPolicy === self::POLICY_ALLOW;
}
if (in_array('*', $allowedPermissions)) {
return true;
}
$permissions = isset($allowedPermissions['permissions']) ? $allowedPermissions['permissions'] : $allowedPermissions;
$condition = isset($allowedPermissions['condition']) ? $allowedPermissions['condition'] : GuardInterface::CONDITION_AND;
if (GuardInterface::CONDITION_AND === $condition) {
foreach ($permissions as $permission) {
if (!$this->authorizationService->isGranted($permission)) {
return false;
}
}
return true;
}
if (GuardInterface::CONDITION_OR === $condition) {
foreach ($permissions as $permission) {
if ($this->authorizationService->isGranted($permission)) {
return true;
}
}
return false;
}
throw new InvalidArgumentException(sprintf('Condition must be either "AND" or "OR", %s given', is_object($condition) ? get_class($condition) : gettype($condition)));
}
/**
* Check against the given permission
*
* @param string $permission
* @param mixed $context
* @return bool
*/
public function __invoke($permission, $context = null)
{
return $this->authorizationService->isGranted($permission, $context);
}
