/**
* @param AccessControlEvent $accessControlEvent
*/
public function __invoke(AccessControlEvent $accessControlEvent)
{
$routeMatch = $accessControlEvent->getMvcEvent()->getRouteMatch();
$resourceIdentifier = $routeMatch->getParam('resource');
$resource = call_user_func($this->getResourceLocatorService(), $resourceIdentifier);
if ($resource instanceof Resource) {
$accessControlEvent->setResource($resource);
}
}
/**
* Determine if we have an authentication failure, and, if so, return a 401 response
*
* @param AccessControlEvent $accessControlEvent
* @return \Parrot\API\Problem\Response\ProblemResponse|\Zend\Stdlib\ResponseInterface
*/
public function __invoke(AccessControlEvent $accessControlEvent)
{
$result = $accessControlEvent->getAuthenticationResult();
if ($result->isValid()) {
return;
}
$mvcEvent = $accessControlEvent->getMvcEvent();
$response = $mvcEvent->getResponse();
if (!$response instanceof HttpResponse) {
return $response;
}
return new ProblemResponse(new Problem(401, 'Unauthorized'));
}
/**
* Authorization authenticated Identity to access Resource
*
* @param AccessControlEvent $accessControlEvent
* @return bool
*/
public function __invoke(AccessControlEvent $accessControlEvent)
{
// Have we Authenticated against OAuth?
$identity = $accessControlEvent->getIdentity();
if ($identity instanceof OAuth2Authenticated) {
// Did we locate a valid API Resource
$resource = $accessControlEvent->getResource();
if ($resource instanceof Resource) {
$accessToken = $identity->getAccessToken();
// Check if Resource identifier is in available scope
if (isset($accessToken['scope']) && in_array($resource->getIdentifier(), explode(", ", $accessToken['scope']))) {
$method = $accessControlEvent->getMvcEvent()->getRequest()->getMethod();
return $this->isAuthorized($identity, $resource, $method);
}
}
}
}
