/** * {@inheritdoc} */ public function allows($permission, array $context = []) { foreach ($this->getRoles() as $role) { if (!$this->permissions->hasRole($role)) { continue; } $rule = $this->permissions->getRule($role, $permission); if ($rule === self::ALLOW) { return true; } if ($rule instanceof RuleInterface) { if ($rule->allows($this->actor, $permission, $context)) { return true; } } } return false; }
/** * @param PermissionsInterface $permissions * @param VaultConfig $config */ public function boot(PermissionsInterface $permissions, VaultConfig $config) { if (!$permissions->hasRole(static::ROLE)) { $permissions->addRole(static::ROLE); } $namespace = $config->securityNamespace(); //Following rule will raise log message to notify that insecure setting were used $permissions->associate(static::ROLE, "{$namespace}.*", InsecureRule::class); $permissions->associate(static::ROLE, "{$namespace}.*.*", InsecureRule::class); $permissions->associate(static::ROLE, "{$namespace}.*.*.*", InsecureRule::class); $permissions->associate(static::ROLE, "{$namespace}.*.*.*.*", InsecureRule::class); }