This method checks Role inheritance using a depth-first traversal of the Role list.
The highest priority parent (i.e., the parent most recently added) is checked first,
and its respective parents are checked similarly before the lower-priority parents of
the Role are checked.
/** * @param string $role * @param IResource|string $resource * @param $privilege * @return bool */ public function isAllowed($role, $resource, $privilege) { $roles = []; if ($role instanceof User) { $roles = $role->getRoles(); } elseif ($role instanceof \Nette\Security\User) { $userIdentity = $role->getIdentity(); if ($userIdentity !== null) { $roles = $role->getIdentity()->getRoles(); } } elseif ($role instanceof Role) { $roles[] = $role->getName(); } elseif (Validators::is($role, 'unicode:1..')) { $roles[] = $role; } else { return false; } try { foreach ($roles as $role) { if ($this->acl->isAllowed($role, $resource, $privilege) === true) { return true; } } return false; } catch (InvalidStateException $e) { return false; // role does not exists } }
/** * Ověření zda má uživatelská role potřebné privilegium k práci se zdrojem. * @param string $role * @param string $resource * @param string $privilege * @return boolean */ public function isAllowed($role, $resource, $privilege) { if ($this->acl->isAllowed($role, $resource, $privilege)) { return true; } else { return false; } }
public function isAllowed($role = IAuthorizator::ALL, $resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL) { if (!$this->acl->hasRole($role)) { $this->onUndefinedRole($role); } if (!$this->acl->hasResource($resource)) { $this->onUndefinedResource($resource); } return $this->acl->isAllowed($role, $resource, $privilege); }
public function check($resource, $privilege) { if ($this->user->isInRole(static::ROOT_ROLE)) { return true; } if (!array_reduce($this->user->getRoles(), function ($prev, $role) use($resource, $privilege) { return $this->acl->hasRole($role) && $this->acl->hasResource($resource) && $this->acl->isAllowed($role, $resource, $privilege) || $prev; }, false)) { throw new \AclException("Unauthorized access to resource '{$resource}' privilege '{$privilege}' :(", 403); } }
public function startup() { parent::startup(); // redirect if not logged in (new \App\Tools\UserAuxFactory($this))->testLoginStatus(); $role = $this->user->getIdentity()->getData()['role']; if (!$this->_permission->isAllowed($role, 'Admin:Article:Insert')) { $this->flashMessage('Přístup odmítnut!'); $this->redirect('Homepage:Default'); } }
public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL) { if ($resource !== self::ALL && !$this->hasResource($resource)) { $this->addResource($resource); } return parent::isAllowed($role, $resource, $privilege); }
public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL) { if (in_array($resource, $this->getResources())) { return parent::isAllowed($role, $resource, $privilege); } else { return false; } }
/** * @param null $role * @param null $resource * @param null $privilege * @return bool|null */ public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL) { if ($role == "root") { return TRUE; } try { $this->Init($role); return $this->acl->isAllowed($role, $resource, $privilege); } catch (InvalidStateException $e) { return FALSE; } }
/** * Funkce pro kontrolu oprávnění přístupu ke zvolenému zdroji * @param string|Permission::ALL|IRole role * @param string|Permission::ALL|IResource resource * @param string|Permission::ALL privilege * @throws \Nette\InvalidStateException * @return bool */ public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL) { /*if ($resource instanceof IOwnerResource){ if ($role instanceof OwnerRole){ //TODO kontrola oprávnění... return ($role->getUserId()==$resource->getUserId()); }else{ return false; } }*/ //vrácení standartních oprávnění... return parent::isAllowed($role, $resource, $privilege); }
public function isAllowed($role = \Nette\Security\Permission::ALL, $resource = \Nette\Security\Permission::ALL, $privilege = \Nette\Security\Permission::ALL) { if (is_array($resource)) { @(list($resource, $type) = $resource); // @ intentionally } else { $type = NULL; } if ($resource instanceof IResourceEntity) { $resource = $resource->getClassName(); $type = $type ?: 'entities'; } try { if ($type && !$this->hasResource($type)) { throw new Nette\InvalidStateException(); } return parent::isAllowed($role, $resource, $privilege); } catch (Nette\InvalidStateException $e) { $this->addMissingRole($role); $this->addMissingResource($resource, $type); } return parent::isAllowed($role, $resource, $privilege); }
function isAllowed($role, $resource, $privilege) { return $this->acl->isAllowed($role, $resource, $privilege); }
public function isAllowed($role = Permission::ALL, $resource = Permission::ALL, $privilege = Permission::ALL) { return $this->authorizator->isAllowed($role, $resource, $privilege); }
/** * Is user allowed to acces this presenter and action. * * @throws Nette\InvalidStateException * @return bool */ protected function isAllowed() { $role = $this->user->isLoggedIn() ? $this->user->getIdentity()->role : $this->user->guestRole; $resource = $this->getResource(); return $this->acl->isAllowed($role, $resource); }