/** * Is allowed controller/widget/etc * @param string $module * @param string $controller * @throws ApplicationException * @return bool */ public function isAllowed($module, $controller) { $file = $this->getControllerFile($module, $controller); $reflection = $this->reflection($file); if ($privilege = $reflection->getPrivilege()) { return Acl::isAllowed($module, $privilege); } return true; }
<?php /** * Bluz Framework Component * * @copyright Bluz PHP Team * @link https://github.com/bluzphp/framework */ /** * @namespace */ namespace Bluz\Controller\Helper; use Bluz\Controller\Controller; use Bluz\Proxy\Acl; /** * Check privilege * * @param $privilege * @return bool */ return function ($privilege) { /** * @var Controller $this */ return Acl::isAllowed($this->module, $privilege); };
/** * Run REST controller * @return mixed * @throws ForbiddenException * @throws NotImplementedException */ public function run() { // check implementation if (!isset($this->map[$this->method])) { throw new NotImplementedException(); } $map = $this->map[$this->method]; // check permissions if (isset($map['acl'])) { if (!Acl::isAllowed($this->module, $map['acl'])) { throw new ForbiddenException(); } } // dispatch controller return Application::getInstance()->dispatch($map['module'], $map['controller'], ['crud' => $this->getCrud(), 'primary' => $this->getPrimaryKey(), 'data' => $this->data]); }
/** * Check `Privilege` * * @throws ForbiddenException */ public function checkPrivilege() { if ($privilege = $this->getReflection()->getPrivilege()) { if (!Acl::isAllowed($this->module, $privilege)) { throw new ForbiddenException(); } } }
/** * Test deny access */ public function testDeny() { Proxy\Auth::setIdentity(new UserGuest()); $this->assertFalse(Proxy\Acl::isAllowed('any', 'any')); }