public function onKernelRequest(GetResponseEvent $event) { $pdpDecision = $this->pdp->evaluate($this->xacmlRequest); if ($pdpDecision == Decision::DENY) { $response = new Response('Access denied', 403); $event->setResponse($response); } }
/** * Checks if action are granted against XacmlRequest and optionally supplied entity. * * @param mixed $action * @param object|string $entity * @param mixed $id * @return bool */ public function isGranted($action, $entity = null, $id = null) { $xacml = clone $this->xacmlRequest; $xacml->set('Resource', null); if (!is_string($entity) && !is_null($id)) { $resource = $this->getResource($entity, $id); $xacml->set('Resource', $resource); } elseif (is_object($entity)) { $xacml->set('Resource', [$this->getBaseClassName(get_class($entity)) => $entity]); } $xacml->set('Action', $action); $result = $this->pdp->evaluate($xacml); return $result === Decision::PERMIT; }