isGranted() public method

Check if the permission is granted to the current identity
public isGranted ( string | Rbac\Permission\PermissionInterface $permission, mixed $context = null ) : boolean
$permission string | Rbac\Permission\PermissionInterface
$context mixed
return boolean
AuthorizationService Class Documentation
Exemplo n.º 1
1
 public function updateAction()
 {
     $request = $this->getRequest();
     $recipe = $this->readService->findById($this->params('id'));
     if (false === $this->authorizationService->isGranted('recipe.manage', $recipe)) {
         throw new UnauthorizedException('Insufficient Permissions');
     }
     $viewModel = new ViewModel();
     $viewModel->setTemplate('recipe/update');
     $viewModel->setVariables(['form' => $this->form]);
     $this->form->bind($recipe);
     if ($request->isPost()) {
         $this->form->setData($request->getPost());
         if ($this->form->isValid()) {
             try {
                 $this->writeService->save($this->form->getData());
                 $this->flashMessenger()->addSuccessMessage('Rezept erfolgreich aktualisiert');
                 $this->redirect()->toRoute('recipe/read/update', ['id' => $this->params('id')]);
             } catch (\Exception $e) {
                 var_dump($e->getMessage());
             }
         }
     }
     $this->layout('layout/backend');
     return $viewModel;
 }
Exemplo n.º 2
0
 public function manageAction()
 {
     if (false === $this->authorizationService->isGranted('user.admin')) {
         throw new UnauthorizedException('Insufficient Permissions');
     }
     $userId = $this->params('id', null);
     if (null === $userId) {
         return $this->listUsers();
     }
     $userObject = $this->userService->findById($userId);
     if (false === $userObject instanceof UserEntity) {
         return $this->listUsers();
     }
     $request = $this->getRequest();
     $viewModel = new ViewModel();
     $viewModel->setTemplate('user/update');
     $viewModel->setVariables(['form' => $this->form]);
     $this->form->bind($userObject);
     if ($request->isPost()) {
         $this->form->setData($request->getPost());
         if ($this->form->isValid()) {
             try {
                 $this->userService->save($this->form->getData());
                 $this->flashMessenger()->addSuccessMessage('User successfully updated');
                 return $this->redirect()->toRoute('zfcuser/manage');
             } catch (\Exception $e) {
                 var_dump($e->getMessage());
             }
         } else {
             var_dump($this->form->getMessages());
         }
     }
     return $viewModel;
 }
Exemplo n.º 3
0
 public function findById($userId)
 {
     if (false === $this->authorizationService->isGranted('user.admin')) {
         throw new UnauthorizedException('Insufficient Permissions');
     }
     return $this->objectRepository->find($userId);
 }
Exemplo n.º 4
0
 public function delete(Recipe $recipe)
 {
     if (false === $this->authorizationService->isGranted('recipe.manage', $recipe)) {
         throw new UnauthorizedException('Insufficient Permissions');
     }
     $this->objectManager->remove($recipe);
     $this->objectManager->flush();
 }
Exemplo n.º 5
0
 /**
  * @return array
  * @throws UnauthorizedException
  */
 public function findAll()
 {
     if ($this->authorizationService->isGranted('recipe.admin')) {
         return $this->objectRepository->findBy([], ['dateUpdated' => 'DESC']);
     }
     if ($this->authorizationService->isGranted('recipe.manage')) {
         return $this->objectRepository->findBy(['author' => $this->authorizationService->getIdentity()], ['dateUpdated' => 'DESC']);
     }
     throw new UnauthorizedException('Insufficient Permission');
 }
Exemplo n.º 6
0
 public function init()
 {
     $this->setHydrator(new DoctrineObject($this->objectManager));
     $this->setObject(new Recipe());
     $this->add(['name' => 'id', 'type' => Hidden::class]);
     $this->add(['name' => 'title', 'type' => Text::class, 'options' => ['label' => 'Name des Rezeptes'], 'attributes' => ['class' => 'form-element']]);
     $this->add(['name' => 'content', 'type' => Textarea::class, 'options' => ['label' => 'Das Rezept bitte'], 'attributes' => ['class' => 'form-element wysiwyg']]);
     if ($this->authorizationService->isGranted('recipe.admin')) {
         $this->add(['name' => 'published', 'type' => Checkbox::class, 'options' => ['label' => 'Publiziert', 'use_hidden_element' => true, 'checked_value' => 1, 'unchecked_value' => 0], 'attributes' => ['class' => 'form-element']]);
     }
 }
Exemplo n.º 7
0
 /**
  * @param string $className
  * @param $id
  * @param string|null $permission
  * @param string $notFoundMessage
  *
  * @return object
  *
  * @throws \Doctrine\ORM\TransactionRequiredException
  * @throws \Doctrine\ORM\OptimisticLockException
  * @throws \DomainException
  * @throws \Doctrine\ORM\ORMException
  * @throws \Doctrine\ORM\ORMInvalidArgumentException
  * @throws \ZfrRest\Http\Exception\Client\NotFoundException
  * @throws \ZfrRest\Http\Exception\Client\UnauthorizedException
  * @throws \ZfrRest\Http\Exception\Client\ForbiddenException
  */
 public function __invoke(string $className, $id, string $permission = null, string $notFoundMessage = 'The resource you were looking for was not found')
 {
     $entity = $this->entityManager->find($className, $id);
     if (!$entity) {
         throw new NotFoundException($notFoundMessage);
     }
     if ($permission && !$this->authorizationService->isGranted($permission, $entity)) {
         if ($this->authorizationService->getIdentity()) {
             throw new ForbiddenException();
         }
         throw new UnauthorizedException();
     }
     return $entity;
 }
Exemplo n.º 8
0
 public function isAllowed(EventInterface $event)
 {
     $target = $event->getTarget();
     if ($target instanceof \Zend\View\Helper\Navigation\AbstractHelper) {
         $page = $event->getParam('page');
         if (!$page instanceof AbstractPage) {
             return;
         }
         $permission = $page->getPermission();
         if (null === $permission) {
             return;
         }
         $event->stopPropagation();
         return $this->authorizationService->isGranted($permission);
     }
 }
Exemplo n.º 9
0
 /**
  * @param  Post $post
  * @return Post
  * @throws UnauthorizedException
  */
 public function update(Post $post)
 {
     if (!$this->authorizationService->isGranted(self::UPDATE)) {
         throw new UnauthorizedException();
     }
     $this->objectManager->persist($post);
     $this->objectManager->flush();
     return $post;
 }
Exemplo n.º 10
0
 /**
  * Check if this assertion is true
  *
  * @param  AuthorizationService $authorization
  * @param  mixed                $context
  *
  * @return bool
  */
 public function assert(AuthorizationService $authorization, $context = null)
 {
     if ($context === null) {
         return true;
     }
     if ($authorization->getIdentity() === $context->getAuthor()) {
         return true;
     }
     return $authorization->isGranted('recipe.admin');
 }
Exemplo n.º 11
0
 public function testThrowExceptionForInvalidAssertion()
 {
     $role = $this->getMock('Rbac\\Role\\RoleInterface');
     $rbac = $this->getMock('Rbac\\Rbac', [], [], '', false);
     $rbac->expects($this->once())->method('isGranted')->will($this->returnValue(true));
     $roleService = $this->getMock('ZfcRbac\\Service\\RoleService', [], [], '', false);
     $roleService->expects($this->once())->method('getIdentityRoles')->will($this->returnValue([$role]));
     $assertionPluginManager = $this->getMock('ZfcRbac\\Assertion\\AssertionPluginManager', [], [], '', false);
     $authorizationService = new AuthorizationService($rbac, $roleService, $assertionPluginManager);
     $this->setExpectedException('ZfcRbac\\Exception\\InvalidArgumentException');
     $authorizationService->setAssertion('foo', new \stdClass());
     $authorizationService->isGranted('foo');
 }
Exemplo n.º 12
0
 /**
  * @param AuthorizationService $authorizationService
  * @param AbstractConversationEntity   $context
  *
  * @return bool
  */
 public function assert(AuthorizationService $authorizationService, $context = null)
 {
     if (!$context instanceof AbstractConversationEntity) {
         throw new InvalidArgumentException();
     }
     /* @var MessageUserInterface $user */
     $user = $authorizationService->getIdentity();
     /* @var ArrayCollection $participants */
     $participants = $context->getParticipants();
     if ($participants->contains($user)) {
         return true;
     }
     return $authorizationService->isGranted('administrator');
 }
Exemplo n.º 13
0
 public function deleteAction()
 {
     $request = $this->getRequest();
     $recipe = $this->readService->findById($this->params('id'));
     if (false === $this->authorizationService->isGranted('recipe.manage', $recipe)) {
         throw new UnauthorizedException('Insufficient Permissions');
     }
     $viewModel = new ViewModel();
     $viewModel->setTemplate('recipe/delete');
     $viewModel->setVariables(['recipe' => $recipe, 'form' => $this->form]);
     if ($request->isPost()) {
         $this->form->setData($request->getPost());
         if ($this->form->isValid()) {
             try {
                 $this->writeService->delete($recipe);
                 $this->flashMessenger()->addSuccessMessage('Rezept wurde erfolgreich gelöscht!');
                 return $this->redirect()->toRoute('recipe');
             } catch (\Exception $e) {
                 var_dump($e->getMessage());
             }
         }
     }
     return $viewModel;
 }
Exemplo n.º 14
0
 public function createAction()
 {
     if (false === $this->authorizationService->isGranted('recipe.add')) {
         throw new UnauthorizedException('Insufficient Permissions');
     }
     $viewModel = new ViewModel();
     $viewModel->setTemplate('recipe/add');
     $viewModel->setVariables(['form' => $this->form]);
     $request = $this->getRequest();
     if ($request->isPost()) {
         $this->form->setData($request->getPost());
         if ($this->form->isValid()) {
             try {
                 $recipe = $this->form->getData();
                 $this->writeService->save($recipe);
                 return $this->redirect()->toRoute('recipe/read', ['id' => $recipe->getId()]);
             } catch (\Exception $e) {
                 var_dump($e->getMessage());
             }
         }
     }
     $this->layout('layout/backend');
     return $viewModel;
 }
Exemplo n.º 15
0
 /**
  * @param RepositoryInterface $repository
  * @param RevisionInterface   $revision
  * @param string              $event
  * @return void
  * @throws UnauthorizedException
  */
 protected function hasPermission(RepositoryInterface $repository, RevisionInterface $revision, $event)
 {
     $permission = $this->moduleOptions->getPermission($repository, $event);
     if (!$this->authorizationService->isGranted($permission, $revision)) {
         switch ($event) {
             case VersioningEvent::REJECT:
                 $event = VersioningEvent::REJECT_UNAUTHORIZED;
                 break;
             case VersioningEvent::COMMIT:
                 $event = VersioningEvent::COMMIT_UNAUTHORIZED;
                 break;
             case VersioningEvent::CHECKOUT:
                 $event = VersioningEvent::CHECKOUT_UNAUTHORIZED;
                 break;
         }
         $this->triggerEvent($event, $repository, $revision);
         throw new UnauthorizedException(sprintf('You are missing permission "%s" for this event %s.', $permission, $event));
     }
 }