$decider = new Decider();
$enforcer->setDecider($decider);
// Create some Matches
//Action requested by the user
$match1 = new Match('StringEqual', 'property1', 'TestMatch1', $action);
//Action allowed by what policy states that group can do
$match2 = new Match('StringEqual', 'property1', 'TestMatch2', $actionRule);
// Create a Target container for our Matches
$target = new Target();
$target->addMatches(array($match1, $match2));
// Make a new Rule and add the Target to it
$rule1 = new Rule();
$rule1->setTarget($target)->setId('TestRule')->setEffect('Permit')->setDescription('Test to see if there is an attribute on the subject' . 'that exactly matches the word "test"')->setAlgorithm(new DenyOverrides());
// Make two new policies and add the Rule to it (with our Match)
$policy1 = new Policy();
$policy1->setAlgorithm('AllowOverrides')->setId('Policy1')->addRule($rule1);
$policy2 = new Policy();
$policy2->setAlgorithm('DenyOverrides')->setId('Policy2')->addRule($rule1);
// Create the subject with its own Attribute
$subject = new Subject();
$subject->addAttribute(new Attribute('property1', $actionRule));
// Link the Policies to the Resource
$resource = new Resource();
$resource->addPolicy($policy1)->addPolicy($policy2);
$environment = null;
$action = new Action();
$result = $enforcer->isAuthorized($subject, $resource, $action);
/**
* The Subject does have a property that's equal to "test" on the "property1"
* attribute, but the default Operation is to "fail closed". The other Match,
* for "test1234" failed and DenyOverrides wins so the return is false.
