/**
* Retrieve value by attributeId from request context
*
* @param XacmlRequest $request
* @param string $attributeId
* @return mixed
* @throws \Exception
*/
public function getValue(XacmlRequest $request, $attributeId)
{
$attributeParts = explode('.', trim($attributeId));
$array = [];
foreach ($attributeParts as $key => $attributePart) {
//First check Category - top level in XacmlRequest
if ($key === 0) {
$array = $request->get($attributePart);
if (empty($array)) {
//Check if attribute part is Resource
$array = $request->get('Resource');
if (!empty($array) && isset($array[$attributePart])) {
if ($array[$attributePart] instanceof XacmlResource) {
/** @var XacmlResource $resource */
$resource = $array[$attributeParts[0]];
$array = $this->getEntity($resource);
} elseif (is_object($array[$attributePart])) {
$array = $array[$attributePart];
}
}
}
if (empty($array)) {
throw new \Exception("Attribute {$attributeId} not found");
}
continue;
}
if (is_array($array) && isset($array[$attributePart])) {
$array = $array[$attributePart];
} elseif (is_object($array)) {
$getter = $this->getGetter($attributePart);
$array = $array->{$getter}();
} else {
throw new \Exception("Attribute {$attributeId} not found");
}
}
return $array;
}
public function evaluate(XacmlRequest $request)
{
$action = $request->get('Action');
//Error pages not have Action name
/**
* Permit access to:
* - Error pages with empty Action name
* - Actions for debug, started with "_"
*/
if (empty($action) || substr($action, 0, 1) === '_') {
return Decision::PERMIT;
}
$policies = $this->em->getRepository(PolicySet::class)->findNotLinkedPolicySets();
if (empty($policies)) {
$policies = $this->em->getRepository(Policy::class)->findNotLinkedPolicies();
}
if (!empty($policies)) {
$result = $this->combiningAlgorithmRegistry->get($this->combiningAlgId)->evaluate($request, $policies);
if (in_array($result, [Decision::PERMIT, Decision::DENY])) {
return $result;
}
}
return $this->defaultDecision;
}
