Автор: Michaël Gallego (mic.gallego@gmail.com)
Наследование: implements ZfcRbac\Service\AuthorizationServiceInterface
Пример #1
1
 public function updateAction()
 {
     $request = $this->getRequest();
     $recipe = $this->readService->findById($this->params('id'));
     if (false === $this->authorizationService->isGranted('recipe.manage', $recipe)) {
         throw new UnauthorizedException('Insufficient Permissions');
     }
     $viewModel = new ViewModel();
     $viewModel->setTemplate('recipe/update');
     $viewModel->setVariables(['form' => $this->form]);
     $this->form->bind($recipe);
     if ($request->isPost()) {
         $this->form->setData($request->getPost());
         if ($this->form->isValid()) {
             try {
                 $this->writeService->save($this->form->getData());
                 $this->flashMessenger()->addSuccessMessage('Rezept erfolgreich aktualisiert');
                 $this->redirect()->toRoute('recipe/read/update', ['id' => $this->params('id')]);
             } catch (\Exception $e) {
                 var_dump($e->getMessage());
             }
         }
     }
     $this->layout('layout/backend');
     return $viewModel;
 }
Пример #2
0
 public function findById($userId)
 {
     if (false === $this->authorizationService->isGranted('user.admin')) {
         throw new UnauthorizedException('Insufficient Permissions');
     }
     return $this->objectRepository->find($userId);
 }
Пример #3
0
 /**
  * Return an array of roles which may be granted the permission based on
  * the options.
  *
  * @param mixed $options Options provided from configuration.
  *
  * @return array
  */
 public function getPermissions($options)
 {
     // If no user is logged in, or the user doesn't match the passed-in
     // whitelist, we can't grant the permission to any roles.
     if (!($user = $this->auth->getIdentity())) {
         return [];
     }
     // which user attribute has to match which pattern to get permissions?
     $criteria = [];
     foreach ((array) $options as $option) {
         $parts = explode(' ', $option, 2);
         if (count($parts) < 2) {
             $this->logError("configuration option '{$option}' invalid");
             return [];
         } else {
             list($attribute, $pattern) = $parts;
             // check user attribute values against the pattern
             if (!preg_match('/^\\/.*\\/$/', $pattern)) {
                 $pattern = '/' . $pattern . '/';
             }
             if (preg_match($pattern, $user[$attribute])) {
                 return ['loggedin'];
             }
         }
     }
     //no matches found, so the user don't get any permissions
     return [];
 }
Пример #4
0
 public function manageAction()
 {
     if (false === $this->authorizationService->isGranted('user.admin')) {
         throw new UnauthorizedException('Insufficient Permissions');
     }
     $userId = $this->params('id', null);
     if (null === $userId) {
         return $this->listUsers();
     }
     $userObject = $this->userService->findById($userId);
     if (false === $userObject instanceof UserEntity) {
         return $this->listUsers();
     }
     $request = $this->getRequest();
     $viewModel = new ViewModel();
     $viewModel->setTemplate('user/update');
     $viewModel->setVariables(['form' => $this->form]);
     $this->form->bind($userObject);
     if ($request->isPost()) {
         $this->form->setData($request->getPost());
         if ($this->form->isValid()) {
             try {
                 $this->userService->save($this->form->getData());
                 $this->flashMessenger()->addSuccessMessage('User successfully updated');
                 return $this->redirect()->toRoute('zfcuser/manage');
             } catch (\Exception $e) {
                 var_dump($e->getMessage());
             }
         } else {
             var_dump($this->form->getMessages());
         }
     }
     return $viewModel;
 }
Пример #5
0
 public function delete(Recipe $recipe)
 {
     if (false === $this->authorizationService->isGranted('recipe.manage', $recipe)) {
         throw new UnauthorizedException('Insufficient Permissions');
     }
     $this->objectManager->remove($recipe);
     $this->objectManager->flush();
 }
 public function readAction()
 {
     $user = $this->authorizationService->getIdentity();
     if ($user) {
         $this->notificationManager->markRead($user);
         $this->notificationManager->flush();
     }
     return new JsonModel([]);
 }
Пример #7
0
 /**
  * Check if this assertion is true
  *
  * @param  AuthorizationService $authorization
  * @param  mixed                $context
  *
  * @return bool
  */
 public function assert(AuthorizationService $authorization, $context = null)
 {
     if ($context === null) {
         return true;
     }
     if ($authorization->getIdentity() === $context->getAuthor()) {
         return true;
     }
     return $authorization->isGranted('recipe.admin');
 }
Пример #8
0
 /**
  * @return array
  * @throws UnauthorizedException
  */
 public function findAll()
 {
     if ($this->authorizationService->isGranted('recipe.admin')) {
         return $this->objectRepository->findBy([], ['dateUpdated' => 'DESC']);
     }
     if ($this->authorizationService->isGranted('recipe.manage')) {
         return $this->objectRepository->findBy(['author' => $this->authorizationService->getIdentity()], ['dateUpdated' => 'DESC']);
     }
     throw new UnauthorizedException('Insufficient Permission');
 }
Пример #9
0
 /**
  * Return an array of roles which may be granted the permission based on
  * the options.
  *
  * @param mixed $options Options provided from configuration.
  *
  * @return array
  */
 public function getPermissions($options)
 {
     // If no user is logged in, or the user doesn't match the passed-in
     // whitelist, we can't grant the permission to any roles.
     $user = $this->auth->getIdentity();
     if (!$user || !in_array($user->username, (array) $options)) {
         return [];
     }
     // If we got this far, we can grant the permission to the loggedin role.
     return ['loggedin'];
 }
Пример #10
0
 public function init()
 {
     $this->setHydrator(new DoctrineObject($this->objectManager));
     $this->setObject(new Recipe());
     $this->add(['name' => 'id', 'type' => Hidden::class]);
     $this->add(['name' => 'title', 'type' => Text::class, 'options' => ['label' => 'Name des Rezeptes'], 'attributes' => ['class' => 'form-element']]);
     $this->add(['name' => 'content', 'type' => Textarea::class, 'options' => ['label' => 'Das Rezept bitte'], 'attributes' => ['class' => 'form-element wysiwyg']]);
     if ($this->authorizationService->isGranted('recipe.admin')) {
         $this->add(['name' => 'published', 'type' => Checkbox::class, 'options' => ['label' => 'Publiziert', 'use_hidden_element' => true, 'checked_value' => 1, 'unchecked_value' => 0], 'attributes' => ['class' => 'form-element']]);
     }
 }
 /**
  * @param ContainerInterface $container
  * @param string $requestedName
  * @param array|null $options
  * @return AuthorizationService
  */
 public function __invoke(ContainerInterface $container, $requestedName, array $options = null)
 {
     /* @var \Rbac\Rbac $rbac */
     $rbac = $container->get('Rbac\\Rbac');
     /* @var \ZfcRbac\Service\RoleService $roleService */
     $roleService = $container->get('ZfcRbac\\Service\\RoleService');
     /* @var \ZfcRbac\Assertion\AssertionPluginManager $assertionPluginManager */
     $assertionPluginManager = $container->get('ZfcRbac\\Assertion\\AssertionPluginManager');
     /* @var \ZfcRbac\Options\ModuleOptions $moduleOptions */
     $moduleOptions = $container->get('ZfcRbac\\Options\\ModuleOptions');
     $authorizationService = new AuthorizationService($rbac, $roleService, $assertionPluginManager);
     $authorizationService->setAssertions($moduleOptions->getAssertionMap());
     return $authorizationService;
 }
 /**
  * {@inheritDoc}
  * @return AuthorizationService
  */
 public function createService(ServiceLocatorInterface $serviceLocator)
 {
     /* @var \Rbac\Rbac $rbac */
     $rbac = $serviceLocator->get('Rbac\\Rbac');
     /* @var \ZfcRbac\Service\RoleService $roleService */
     $roleService = $serviceLocator->get('ZfcRbac\\Service\\RoleService');
     /* @var \ZfcRbac\Assertion\AssertionPluginManager $assertionPluginManager */
     $assertionPluginManager = $serviceLocator->get('ZfcRbac\\Assertion\\AssertionPluginManager');
     /* @var \ZfcRbac\Options\ModuleOptions $moduleOptions */
     $moduleOptions = $serviceLocator->get('ZfcRbac\\Options\\ModuleOptions');
     $authorizationService = new AuthorizationService($rbac, $roleService, $assertionPluginManager);
     $authorizationService->setAssertions($moduleOptions->getAssertionMap());
     return $authorizationService;
 }
Пример #13
0
 /**
  * @param string $className
  * @param $id
  * @param string|null $permission
  * @param string $notFoundMessage
  *
  * @return object
  *
  * @throws \Doctrine\ORM\TransactionRequiredException
  * @throws \Doctrine\ORM\OptimisticLockException
  * @throws \DomainException
  * @throws \Doctrine\ORM\ORMException
  * @throws \Doctrine\ORM\ORMInvalidArgumentException
  * @throws \ZfrRest\Http\Exception\Client\NotFoundException
  * @throws \ZfrRest\Http\Exception\Client\UnauthorizedException
  * @throws \ZfrRest\Http\Exception\Client\ForbiddenException
  */
 public function __invoke(string $className, $id, string $permission = null, string $notFoundMessage = 'The resource you were looking for was not found')
 {
     $entity = $this->entityManager->find($className, $id);
     if (!$entity) {
         throw new NotFoundException($notFoundMessage);
     }
     if ($permission && !$this->authorizationService->isGranted($permission, $entity)) {
         if ($this->authorizationService->getIdentity()) {
             throw new ForbiddenException();
         }
         throw new UnauthorizedException();
     }
     return $entity;
 }
 /**
  * @param AuthorizationService $authorizationService
  * @param AbstractConversationEntity   $context
  *
  * @return bool
  */
 public function assert(AuthorizationService $authorizationService, $context = null)
 {
     if (!$context instanceof AbstractConversationEntity) {
         throw new InvalidArgumentException();
     }
     /* @var MessageUserInterface $user */
     $user = $authorizationService->getIdentity();
     /* @var ArrayCollection $participants */
     $participants = $context->getParticipants();
     if ($participants->contains($user)) {
         return true;
     }
     return $authorizationService->isGranted('administrator');
 }
 /**
  * @param string              $eventName
  * @param RepositoryInterface $repository
  * @param RevisionInterface   $revision
  * @param string              $message
  * @param array               $data
  * @return void
  */
 protected function triggerEvent($eventName, RepositoryInterface $repository, RevisionInterface $revision, $message = '', $data = [])
 {
     $identity = $this->authorizationService->getIdentity();
     $event = new VersioningEvent($repository, $revision, $this, $message, $data, $identity);
     $event->setName($eventName);
     $this->getEventManager()->trigger($eventName, $this, $event);
 }
 public function isAllowed(EventInterface $event)
 {
     $target = $event->getTarget();
     if ($target instanceof \Zend\View\Helper\Navigation\AbstractHelper) {
         $page = $event->getParam('page');
         if (!$page instanceof AbstractPage) {
             return;
         }
         $permission = $page->getPermission();
         if (null === $permission) {
             return;
         }
         $event->stopPropagation();
         return $this->authorizationService->isGranted($permission);
     }
 }
Пример #17
0
 /**
  * Check if this assertion is true
  *
  * @param  AuthorizationService $authorization
  * @param  mixed                $context
  * @throws InvalidArgumentException
  * @return bool
  */
 public function assert(AuthorizationService $authorization, $context = null)
 {
     if (!$context instanceof InstanceAwareInterface) {
         throw new InvalidArgumentException();
     }
     if (!$authorization instanceof StatefulAuthorizationService) {
         throw new InvalidArgumentException();
     }
     $result = $authorization->getAuthorizationResult();
     $permission = $result->getPermission();
     $permissionToMatch = $this->getPermissionService()->findParametrizedPermission((string) $permission, 'instance', $context->getInstance()->getId());
     foreach ($result->getRoles() as $role) {
         if ($role->hasPermission($permissionToMatch->getId())) {
             return true;
         }
     }
     return false;
 }
Пример #18
0
 /**
  * @param  Post $post
  * @return Post
  * @throws UnauthorizedException
  */
 public function update(Post $post)
 {
     if (!$this->authorizationService->isGranted(self::UPDATE)) {
         throw new UnauthorizedException();
     }
     $this->objectManager->persist($post);
     $this->objectManager->flush();
     return $post;
 }
Пример #19
0
 public function createAction()
 {
     if (false === $this->authorizationService->isGranted('recipe.add')) {
         throw new UnauthorizedException('Insufficient Permissions');
     }
     $viewModel = new ViewModel();
     $viewModel->setTemplate('recipe/add');
     $viewModel->setVariables(['form' => $this->form]);
     $request = $this->getRequest();
     if ($request->isPost()) {
         $this->form->setData($request->getPost());
         if ($this->form->isValid()) {
             try {
                 $recipe = $this->form->getData();
                 $this->writeService->save($recipe);
                 return $this->redirect()->toRoute('recipe/read', ['id' => $recipe->getId()]);
             } catch (\Exception $e) {
                 var_dump($e->getMessage());
             }
         }
     }
     $this->layout('layout/backend');
     return $viewModel;
 }
Пример #20
0
 public function deleteAction()
 {
     $request = $this->getRequest();
     $recipe = $this->readService->findById($this->params('id'));
     if (false === $this->authorizationService->isGranted('recipe.manage', $recipe)) {
         throw new UnauthorizedException('Insufficient Permissions');
     }
     $viewModel = new ViewModel();
     $viewModel->setTemplate('recipe/delete');
     $viewModel->setVariables(['recipe' => $recipe, 'form' => $this->form]);
     if ($request->isPost()) {
         $this->form->setData($request->getPost());
         if ($this->form->isValid()) {
             try {
                 $this->writeService->delete($recipe);
                 $this->flashMessenger()->addSuccessMessage('Rezept wurde erfolgreich gelöscht!');
                 return $this->redirect()->toRoute('recipe');
             } catch (\Exception $e) {
                 var_dump($e->getMessage());
             }
         }
     }
     return $viewModel;
 }
 public function unsubscribeAction()
 {
     if (!$this->authorizationService->getIdentity()) {
         throw new UnauthorizedException();
     }
     $object = $this->params('object');
     $user = $this->authorizationService->getIdentity();
     try {
         $object = $this->uuidManager->getUuid($object);
     } catch (NotFoundException $e) {
         $this->getResponse()->setStatusCode(404);
         return false;
     }
     $this->subscriptionManager->unSubscribe($user, $object);
     $this->subscriptionManager->flush();
     $this->flashMessenger()->addSuccessMessage('You are no longer receiving notifications for this content.');
     return $this->redirect()->toReferer();
 }
 public function testEventHydration()
 {
     $this->eventManager = new EventManager();
     $this->authorizationService->expects($this->any())->method('getIdentity')->will($this->returnValue($this->identity));
     $this->authorizationService->expects($this->any())->method('isGranted')->will($this->returnValue(true));
     $this->eventManager->attach(VersioningEvent::COMMIT, [$this, 'eventHydrationCallbackTest']);
     $this->eventManager->attach(VersioningEvent::REJECT, [$this, 'eventHydrationCallbackTest']);
     $this->eventManager->attach(VersioningEvent::CHECKOUT, [$this, 'eventHydrationCallbackTest']);
     $this->repositoryManager->setEventManager($this->eventManager);
     $this->repositoryManager->commitRevision($this->repository, [], 'foo');
     $this->assertTrue($this->eventCalled);
     $this->eventCalled = false;
     $this->repositoryManager->checkoutRevision($this->repository, $this->revision, 'foo');
     $this->assertTrue($this->eventCalled);
     $this->eventCalled = false;
     $this->repositoryManager->rejectRevision($this->repository, $this->revision, 'foo');
     $this->assertTrue($this->eventCalled);
     $this->eventCalled = false;
 }
 /**
  * @covers ZfcRbac\Service\AuthorizationService::getIdentity
  */
 public function testGetIdentity()
 {
     $rbac = $this->getMock('Rbac\\Rbac', [], [], '', false);
     $identity = $this->getMock('ZfcRbac\\Identity\\IdentityInterface');
     $roleService = $this->getMock('ZfcRbac\\Service\\RoleService', [], [], '', false);
     $assertionManager = $this->getMock('ZfcRbac\\Assertion\\AssertionPluginManager', [], [], '', false);
     $authorization = new AuthorizationService($rbac, $roleService, $assertionManager);
     $roleService->expects($this->once())->method('getIdentity')->will($this->returnValue($identity));
     $this->assertSame($authorization->getIdentity(), $identity);
 }
 /**
  * Check if this assertion is true
  *
  * @param  AuthorizationService $authorization
  * @return bool
  */
 public function assert(AuthorizationService $authorization)
 {
     return !is_object($authorization->getIdentity());
 }
Пример #25
0
 /**
  * @param AuthorizationService $authorization
  * @return bool
  */
 public function assert(AuthorizationService $authorization)
 {
     return (bool) $authorization->getIdentity()->getDefaultAffiliate();
 }