/** * @param \Nette\Reflection\Method $element */ protected function checkMethod(Method $element) { $class = $element->class; $name = $element->name; $schema = $this->reader->getSchema($class); $exception = null; // users if (isset($schema[$name]['users']) && count($schema[$name]['users']) > 0) { $users = $schema[$name]['users']; if (!in_array($this->user->getId(), $users)) { $exception = sprintf('Access denied for your username: \'%s\'. Require: \'%s\'', $this->user->getId(), implode(', ', $users)); } else { return; } } elseif (isset($schema[$name]['roles']) && count($schema[$name]['roles']) > 0) { $userRoles = $this->user->getRoles(); $roles = $schema[$name]['roles']; if (count(array_intersect($userRoles, $roles)) == 0) { $exception = "Access denied for your roles: '" . implode(', ', $userRoles) . "'. Require one of: '" . implode(', ', $roles) . "'"; } else { return; } } elseif (isset($schema[$name]['resource']) && $schema[$name]['resource']) { if (!$this->user->isAllowed($schema[$name]['resource'], $schema[$name]['privilege'])) { $exception = sprintf('Access denied for resource: \'%s\' and privilege: \'%s\'', $schema[$name]['resource'], $schema[$name]['privilege']); } else { return; } } if ($exception) { throw new ForbiddenRequestException($exception); } }
/** * Array of all resources. * * @return array */ protected function scanResources() { $ret = array(); foreach ($this->presenterFactory->getPresenters() as $class => $name) { $schema = $this->reader->getSchema($class); foreach ($schema as $item) { if (!array_key_exists($item['resource'], $ret)) { $ret[$item['resource']] = array(); } $ret[$item['resource']] = array_unique(array_merge($ret[$item['resource']], $item['privilege'] ? (array) $item['privilege'] : array())); } } return $ret; }