/**
* {@inheritdoc}
*/
public function allows($permission, array $context = [])
{
foreach ($this->getRoles() as $role) {
if (!$this->permissions->hasRole($role)) {
continue;
}
$rule = $this->permissions->getRule($role, $permission);
if ($rule === self::ALLOW) {
return true;
}
if ($rule instanceof RuleInterface) {
if ($rule->allows($this->actor, $permission, $context)) {
return true;
}
}
}
return false;
}
/**
* @param PermissionsInterface $permissions
* @param VaultConfig $config
*/
public function boot(PermissionsInterface $permissions, VaultConfig $config)
{
if (!$permissions->hasRole(static::ROLE)) {
$permissions->addRole(static::ROLE);
}
$namespace = $config->securityNamespace();
//Following rule will raise log message to notify that insecure setting were used
$permissions->associate(static::ROLE, "{$namespace}.*", InsecureRule::class);
$permissions->associate(static::ROLE, "{$namespace}.*.*", InsecureRule::class);
$permissions->associate(static::ROLE, "{$namespace}.*.*.*", InsecureRule::class);
$permissions->associate(static::ROLE, "{$namespace}.*.*.*.*", InsecureRule::class);
}
