/**
* @param Providers\IPermissionsProvider $permissionsProvider
* @param Providers\IRolesProvider $rolesProvider
*/
public function __construct(Providers\IPermissionsProvider $permissionsProvider, Providers\IRolesProvider $rolesProvider)
{
$resources = $permissionsProvider->getResources();
/** @var Entities\IResource[] $resources */
$roles = $rolesProvider->findAll();
/** @var Entities\IRole[] $roles */
// Register resources into Nette\Security\Permission
foreach ($resources as $resource) {
$resourceParent = $resource->getParent();
$this->addResource($resource->getName(), $resourceParent ? $resourceParent->getName() : NULL);
}
// Register roles into Nette\Security\Permission & setup role permissions
foreach ($roles as $role) {
$roleParents = $role->getParents();
if (is_array($roleParents)) {
$roleParents = array_map(function ($parent) {
/** @var Entities\IRole $parent */
return $parent->getName();
}, $roleParents);
}
$this->addRole($role->getName(), $roleParents);
// Allow all privileges for administrator
if ($role->isAdministrator()) {
$this->allow($role->getName());
} else {
$rolePermissions = $role->getPermissions();
foreach ($rolePermissions as $permission) {
/** @var Entities\IPermission $permission */
$resource = $permission->getResource();
$resource = $resource ? $resource->getName() : NS\IAuthorizator::ALL;
$this->allow($role->getName(), $resource, $permission->getPrivilege(), $permission->getAssertion());
}
}
}
}
/**
* Roles are defined like this:
*
* IRole::ROLE_ADMINISTRATOR (administrator)
* IRole::ROLE_ANONYMOUS (guest)
* └ IRole::ROLE_AUTHENTICATED (authenticated)
* employee
* ├ sales
* └ engineer
* └ backend-engineer
* auditor
*
* Here are also role permission assigned, see the code.
*
* @param Security\Providers\IPermissionsProvider $permissionsProvider
*/
public function __construct(Security\Providers\IPermissionsProvider $permissionsProvider)
{
$permissions = $permissionsProvider->getPermissions();
$this->addRole(Entities\IRole::ROLE_ADMINISTRATOR);
$this->addRole(Entities\IRole::ROLE_ANONYMOUS, NULL, $permissions['intranet:access']);
$this->addRole(Entities\IRole::ROLE_AUTHENTICATED, $this->getRole(Entities\IRole::ROLE_ANONYMOUS), [$permissions['climatisation:']]);
$this->addRole('employee', NULL, [$permissions['climatisation:'], $permissions['documents:'], $permissions['intranet:access']]);
$this->addRole('sales', $this->getRole('employee'), [$permissions['salesModule:']]);
$this->addRole('engineer', $this->getRole('employee'), [$permissions['servers:access']]);
$this->addRole('backend-engineer', $this->getRole('engineer'), [$permissions['servers:restart'], $permissions['databaseFarm:restart']]);
$this->addRole('auditor', NULL, [$permissions['intranet:access']]);
}
