/** * Authorize the page. * * @param PageInterface $page */ public function authorize(PageInterface $page) { /* @var UserInterface $user */ $user = $this->guard->user(); /** * If the page is not enabled and we * are not logged in then 404. */ if (!$page->isEnabled() && !$user) { abort(404); } /** * If the page is not enabled and we are * logged in then make sure we have permission. */ if (!$page->isEnabled()) { $this->authorizer->authorize('anomaly.module.pages::view_drafts'); } /** * If the page is restricted to specific * roles then make sure our user is one of them. */ $allowed = $page->getAllowedRoles(); if (!$allowed->isEmpty() && (!$user || !$user->hasAnyRole($allowed))) { $page->setResponse($this->response->redirectTo('login')); } }
/** * Authorize the page. * * @param PageInterface $page */ public function authorize(PageInterface $page) { /* @var UserInterface $user */ $user = $this->guard->user(); /** * If the page is not enabled and we * are not logged in then 404. */ if (!$page->isEnabled() && !$user) { abort(404); } /** * If the page is not enabled and we are * logged in then make sure we have permission. */ if (!$page->isEnabled() && !$this->authorizer->authorize('anomaly.module.pages::view_drafts')) { abort(403); } /** * If the page is restricted to specific * roles then make sure our user is one of them. */ $allowed = $page->getAllowedRoles(); /** * If there is a guest role and * there IS a user then this * page can NOT display. */ if ($allowed->has('guest') && $user && !$user->isAdmin()) { abort(403); } // No longer needed. $allowed->forget('guest'); /** * Check the roles against the * user if there are any. */ if (!$allowed->isEmpty() && (!$user || !$user->hasAnyRole($allowed) && !$user->isAdmin())) { $page->setResponse($this->response->redirectGuest('login')); } }