/** * Return true if both user and object respects all the rules conditions * If the objectId is null, policy rules about its attributes will be ignored * In case of mismatch between attributes and expected values, * an array with the concerned attributes slugs will be returned. * * Available options are : * * dynamic_attributes: array * * cache_result: boolean * * cache_ttl: integer * * cache_driver: string * * Available cache drivers are : * * memory * * @param string $ruleName * @param object $user * @param object $resource * @param array $options * @return boolean|array */ public function enforce($ruleName, $user, $resource = null, $options = []) { // If there is dynamic attributes, we pass them to the comparison manager // When a comparison will be performed, the passed values will be retrieved and used if (isset($options['dynamic_attributes'])) { $this->comparisonManager->setDynamicAttributes($options['dynamic_attributes']); } // Retrieve cache value for the current rule and values if cache item is valid if (($cacheResult = isset($options['cache_result']) && $options['cache_result'] === true) === true) { $cacheItem = $this->cacheManager->getItem("{$ruleName}-{$user->getId()}-" . ($resource !== null ? $resource->getId() : ''), isset($options['cache_driver']) ? $options['cache_driver'] : null, isset($options['cache_ttl']) ? $options['cache_ttl'] : null); // We check if the cache value s valid before returning it if (($cacheValue = $cacheItem->get()) !== null) { return $cacheValue; } } $policyRule = $this->policyRuleManager->getRule($ruleName, $user, $resource); // For each policy rule attribute, we retrieve the attribute value and proceed configured extra data foreach ($policyRule->getPolicyRuleAttributes() as $pra) { $attribute = $pra->getAttribute(); $attribute->setValue($this->attributeManager->retrieveAttribute($attribute, $user, $resource)); if (count($pra->getExtraData()) > 0) { $this->processExtraData($pra, $user, $resource); } $this->comparisonManager->compare($pra); } // The given result could be an array of rejected attributes or true // True means that the rule is correctly enforced for the given user and resource $result = $this->comparisonManager->getResult(); if ($cacheResult) { $cacheItem->set($result); $this->cacheManager->save($cacheItem); } return $result; }
/** * This method is meant to convert attribute data from array to formatted policy rule attribute * * @param array $attributes * @param object $user * @param object $resource */ public function processRuleAttributes($attributes, $user, $resource) { foreach ($attributes as $attributeName => $attribute) { $pra = (new PolicyRuleAttribute())->setAttribute($this->attributeManager->getAttribute($attributeName))->setComparison($attribute['comparison'])->setComparisonType($attribute['comparison_type'])->setValue(isset($attribute['value']) ? $attribute['value'] : null); $this->processRuleAttributeComparisonType($pra, $user, $resource); // In the case the user configured more keys than the basic ones // it will be stored as extra data foreach ($attribute as $key => $value) { if (!in_array($key, ['comparison', 'comparison_type', 'value'])) { $pra->addExtraData($key, $value); } } // This generator avoid useless memory consumption instead of returning a whole array (yield $pra); } }
/** * Function to prepare Getter Params when getter require parameters ( this parameters must be specified in configuration file) * * @param $getter_params * @param $user * @param $resource * * @return array */ private function prepareGetterParams($getter_params, $user, $resource) { if (empty($getter_params)) { return []; } $values = []; foreach ($getter_params as $getter_name => $params) { foreach ($params as $param) { if ('@' !== $param['param_name'][0]) { $values[$getter_name][] = $param['param_value']; } else { $values[$getter_name][] = $this->attributeManager->retrieveAttribute($this->attributeManager->getAttribute($param['param_value']), $user, $resource); } } } return $values; }
public function testRetrieveEnvironmentAttribute() { $this->assertEquals('OPEN', $this->manager->retrieveAttribute($this->manager->getAttribute('environment.service_state'), (new User())->setAge(18))); }