/** * {@inheritDoc} */ public function isGranted(MvcEvent $event) { $routeMatch = $event->getRouteMatch(); $controller = strtolower($routeMatch->getParam('controller')); $action = strtolower($routeMatch->getParam('action')); // If no rules apply, it is considered as granted or not based on the protection policy if (!isset($this->rules[$controller])) { return $this->protectionPolicy === self::POLICY_ALLOW; } // Algorithm is as follow: we first check if there is an exact match (controller + action), if not // we check if there are rules set globally for the whole controllers (see the index "0"), and finally // if nothing is matched, we fallback to the protection policy logic if (isset($this->rules[$controller][$action])) { $allowedPermissions = $this->rules[$controller][$action]; } elseif (isset($this->rules[$controller][0])) { $allowedPermissions = $this->rules[$controller][0]; } else { return $this->protectionPolicy === self::POLICY_ALLOW; } // If no rules apply, it is considered as granted or not based on the protection policy if (empty($allowedPermissions)) { return $this->protectionPolicy === self::POLICY_ALLOW; } if (in_array('*', $allowedPermissions)) { return true; } foreach ($allowedPermissions as $permission) { if (!$this->authorizationService->isGranted($permission)) { return false; } } return true; }
/** * {@inheritDoc} */ public function isGranted(MvcEvent $event) { $matchedRouteName = $event->getRouteMatch()->getMatchedRouteName(); $allowedPermissions = null; foreach (array_keys($this->rules) as $routeRule) { if (fnmatch($routeRule, $matchedRouteName, FNM_CASEFOLD)) { $allowedPermissions = $this->rules[$routeRule]; break; } } // If no rules apply, it is considered as granted or not based on the protection policy if (null === $allowedPermissions) { return $this->protectionPolicy === self::POLICY_ALLOW; } if (in_array('*', $allowedPermissions)) { return true; } $permissions = isset($allowedPermissions['permissions']) ? $allowedPermissions['permissions'] : $allowedPermissions; $condition = isset($allowedPermissions['condition']) ? $allowedPermissions['condition'] : GuardInterface::CONDITION_AND; if (GuardInterface::CONDITION_AND === $condition) { foreach ($permissions as $permission) { if (!$this->authorizationService->isGranted($permission)) { return false; } } return true; } if (GuardInterface::CONDITION_OR === $condition) { foreach ($permissions as $permission) { if ($this->authorizationService->isGranted($permission)) { return true; } } return false; } throw new InvalidArgumentException(sprintf('Condition must be either "AND" or "OR", %s given', is_object($condition) ? get_class($condition) : gettype($condition))); }
/** * Check against the given permission * * @param string $permission * @param mixed $context * @return bool */ public function __invoke($permission, $context = null) { return $this->authorizationService->isGranted($permission, $context); }