public function updateAction()
{
$request = $this->getRequest();
$recipe = $this->readService->findById($this->params('id'));
if (false === $this->authorizationService->isGranted('recipe.manage', $recipe)) {
throw new UnauthorizedException('Insufficient Permissions');
}
$viewModel = new ViewModel();
$viewModel->setTemplate('recipe/update');
$viewModel->setVariables(['form' => $this->form]);
$this->form->bind($recipe);
if ($request->isPost()) {
$this->form->setData($request->getPost());
if ($this->form->isValid()) {
try {
$this->writeService->save($this->form->getData());
$this->flashMessenger()->addSuccessMessage('Rezept erfolgreich aktualisiert');
$this->redirect()->toRoute('recipe/read/update', ['id' => $this->params('id')]);
} catch (\Exception $e) {
var_dump($e->getMessage());
}
}
}
$this->layout('layout/backend');
return $viewModel;
}
public function findById($userId)
{
if (false === $this->authorizationService->isGranted('user.admin')) {
throw new UnauthorizedException('Insufficient Permissions');
}
return $this->objectRepository->find($userId);
}
/**
* Return an array of roles which may be granted the permission based on
* the options.
*
* @param mixed $options Options provided from configuration.
*
* @return array
*/
public function getPermissions($options)
{
// If no user is logged in, or the user doesn't match the passed-in
// whitelist, we can't grant the permission to any roles.
if (!($user = $this->auth->getIdentity())) {
return [];
}
// which user attribute has to match which pattern to get permissions?
$criteria = [];
foreach ((array) $options as $option) {
$parts = explode(' ', $option, 2);
if (count($parts) < 2) {
$this->logError("configuration option '{$option}' invalid");
return [];
} else {
list($attribute, $pattern) = $parts;
// check user attribute values against the pattern
if (!preg_match('/^\\/.*\\/$/', $pattern)) {
$pattern = '/' . $pattern . '/';
}
if (preg_match($pattern, $user[$attribute])) {
return ['loggedin'];
}
}
}
//no matches found, so the user don't get any permissions
return [];
}
public function manageAction()
{
if (false === $this->authorizationService->isGranted('user.admin')) {
throw new UnauthorizedException('Insufficient Permissions');
}
$userId = $this->params('id', null);
if (null === $userId) {
return $this->listUsers();
}
$userObject = $this->userService->findById($userId);
if (false === $userObject instanceof UserEntity) {
return $this->listUsers();
}
$request = $this->getRequest();
$viewModel = new ViewModel();
$viewModel->setTemplate('user/update');
$viewModel->setVariables(['form' => $this->form]);
$this->form->bind($userObject);
if ($request->isPost()) {
$this->form->setData($request->getPost());
if ($this->form->isValid()) {
try {
$this->userService->save($this->form->getData());
$this->flashMessenger()->addSuccessMessage('User successfully updated');
return $this->redirect()->toRoute('zfcuser/manage');
} catch (\Exception $e) {
var_dump($e->getMessage());
}
} else {
var_dump($this->form->getMessages());
}
}
return $viewModel;
}
public function delete(Recipe $recipe)
{
if (false === $this->authorizationService->isGranted('recipe.manage', $recipe)) {
throw new UnauthorizedException('Insufficient Permissions');
}
$this->objectManager->remove($recipe);
$this->objectManager->flush();
}
public function readAction()
{
$user = $this->authorizationService->getIdentity();
if ($user) {
$this->notificationManager->markRead($user);
$this->notificationManager->flush();
}
return new JsonModel([]);
}
/**
* Check if this assertion is true
*
* @param AuthorizationService $authorization
* @param mixed $context
*
* @return bool
*/
public function assert(AuthorizationService $authorization, $context = null)
{
if ($context === null) {
return true;
}
if ($authorization->getIdentity() === $context->getAuthor()) {
return true;
}
return $authorization->isGranted('recipe.admin');
}
/**
* @return array
* @throws UnauthorizedException
*/
public function findAll()
{
if ($this->authorizationService->isGranted('recipe.admin')) {
return $this->objectRepository->findBy([], ['dateUpdated' => 'DESC']);
}
if ($this->authorizationService->isGranted('recipe.manage')) {
return $this->objectRepository->findBy(['author' => $this->authorizationService->getIdentity()], ['dateUpdated' => 'DESC']);
}
throw new UnauthorizedException('Insufficient Permission');
}
/**
* Return an array of roles which may be granted the permission based on
* the options.
*
* @param mixed $options Options provided from configuration.
*
* @return array
*/
public function getPermissions($options)
{
// If no user is logged in, or the user doesn't match the passed-in
// whitelist, we can't grant the permission to any roles.
$user = $this->auth->getIdentity();
if (!$user || !in_array($user->username, (array) $options)) {
return [];
}
// If we got this far, we can grant the permission to the loggedin role.
return ['loggedin'];
}
public function init()
{
$this->setHydrator(new DoctrineObject($this->objectManager));
$this->setObject(new Recipe());
$this->add(['name' => 'id', 'type' => Hidden::class]);
$this->add(['name' => 'title', 'type' => Text::class, 'options' => ['label' => 'Name des Rezeptes'], 'attributes' => ['class' => 'form-element']]);
$this->add(['name' => 'content', 'type' => Textarea::class, 'options' => ['label' => 'Das Rezept bitte'], 'attributes' => ['class' => 'form-element wysiwyg']]);
if ($this->authorizationService->isGranted('recipe.admin')) {
$this->add(['name' => 'published', 'type' => Checkbox::class, 'options' => ['label' => 'Publiziert', 'use_hidden_element' => true, 'checked_value' => 1, 'unchecked_value' => 0], 'attributes' => ['class' => 'form-element']]);
}
}
/**
* @param ContainerInterface $container
* @param string $requestedName
* @param array|null $options
* @return AuthorizationService
*/
public function __invoke(ContainerInterface $container, $requestedName, array $options = null)
{
/* @var \Rbac\Rbac $rbac */
$rbac = $container->get('Rbac\\Rbac');
/* @var \ZfcRbac\Service\RoleService $roleService */
$roleService = $container->get('ZfcRbac\\Service\\RoleService');
/* @var \ZfcRbac\Assertion\AssertionPluginManager $assertionPluginManager */
$assertionPluginManager = $container->get('ZfcRbac\\Assertion\\AssertionPluginManager');
/* @var \ZfcRbac\Options\ModuleOptions $moduleOptions */
$moduleOptions = $container->get('ZfcRbac\\Options\\ModuleOptions');
$authorizationService = new AuthorizationService($rbac, $roleService, $assertionPluginManager);
$authorizationService->setAssertions($moduleOptions->getAssertionMap());
return $authorizationService;
}
/**
* {@inheritDoc}
* @return AuthorizationService
*/
public function createService(ServiceLocatorInterface $serviceLocator)
{
/* @var \Rbac\Rbac $rbac */
$rbac = $serviceLocator->get('Rbac\\Rbac');
/* @var \ZfcRbac\Service\RoleService $roleService */
$roleService = $serviceLocator->get('ZfcRbac\\Service\\RoleService');
/* @var \ZfcRbac\Assertion\AssertionPluginManager $assertionPluginManager */
$assertionPluginManager = $serviceLocator->get('ZfcRbac\\Assertion\\AssertionPluginManager');
/* @var \ZfcRbac\Options\ModuleOptions $moduleOptions */
$moduleOptions = $serviceLocator->get('ZfcRbac\\Options\\ModuleOptions');
$authorizationService = new AuthorizationService($rbac, $roleService, $assertionPluginManager);
$authorizationService->setAssertions($moduleOptions->getAssertionMap());
return $authorizationService;
}
/**
* @param string $className
* @param $id
* @param string|null $permission
* @param string $notFoundMessage
*
* @return object
*
* @throws \Doctrine\ORM\TransactionRequiredException
* @throws \Doctrine\ORM\OptimisticLockException
* @throws \DomainException
* @throws \Doctrine\ORM\ORMException
* @throws \Doctrine\ORM\ORMInvalidArgumentException
* @throws \ZfrRest\Http\Exception\Client\NotFoundException
* @throws \ZfrRest\Http\Exception\Client\UnauthorizedException
* @throws \ZfrRest\Http\Exception\Client\ForbiddenException
*/
public function __invoke(string $className, $id, string $permission = null, string $notFoundMessage = 'The resource you were looking for was not found')
{
$entity = $this->entityManager->find($className, $id);
if (!$entity) {
throw new NotFoundException($notFoundMessage);
}
if ($permission && !$this->authorizationService->isGranted($permission, $entity)) {
if ($this->authorizationService->getIdentity()) {
throw new ForbiddenException();
}
throw new UnauthorizedException();
}
return $entity;
}
/**
* @param AuthorizationService $authorizationService
* @param AbstractConversationEntity $context
*
* @return bool
*/
public function assert(AuthorizationService $authorizationService, $context = null)
{
if (!$context instanceof AbstractConversationEntity) {
throw new InvalidArgumentException();
}
/* @var MessageUserInterface $user */
$user = $authorizationService->getIdentity();
/* @var ArrayCollection $participants */
$participants = $context->getParticipants();
if ($participants->contains($user)) {
return true;
}
return $authorizationService->isGranted('administrator');
}
/**
* @param string $eventName
* @param RepositoryInterface $repository
* @param RevisionInterface $revision
* @param string $message
* @param array $data
* @return void
*/
protected function triggerEvent($eventName, RepositoryInterface $repository, RevisionInterface $revision, $message = '', $data = [])
{
$identity = $this->authorizationService->getIdentity();
$event = new VersioningEvent($repository, $revision, $this, $message, $data, $identity);
$event->setName($eventName);
$this->getEventManager()->trigger($eventName, $this, $event);
}
public function isAllowed(EventInterface $event)
{
$target = $event->getTarget();
if ($target instanceof \Zend\View\Helper\Navigation\AbstractHelper) {
$page = $event->getParam('page');
if (!$page instanceof AbstractPage) {
return;
}
$permission = $page->getPermission();
if (null === $permission) {
return;
}
$event->stopPropagation();
return $this->authorizationService->isGranted($permission);
}
}
/**
* Check if this assertion is true
*
* @param AuthorizationService $authorization
* @param mixed $context
* @throws InvalidArgumentException
* @return bool
*/
public function assert(AuthorizationService $authorization, $context = null)
{
if (!$context instanceof InstanceAwareInterface) {
throw new InvalidArgumentException();
}
if (!$authorization instanceof StatefulAuthorizationService) {
throw new InvalidArgumentException();
}
$result = $authorization->getAuthorizationResult();
$permission = $result->getPermission();
$permissionToMatch = $this->getPermissionService()->findParametrizedPermission((string) $permission, 'instance', $context->getInstance()->getId());
foreach ($result->getRoles() as $role) {
if ($role->hasPermission($permissionToMatch->getId())) {
return true;
}
}
return false;
}
/**
* @param Post $post
* @return Post
* @throws UnauthorizedException
*/
public function update(Post $post)
{
if (!$this->authorizationService->isGranted(self::UPDATE)) {
throw new UnauthorizedException();
}
$this->objectManager->persist($post);
$this->objectManager->flush();
return $post;
}
public function createAction()
{
if (false === $this->authorizationService->isGranted('recipe.add')) {
throw new UnauthorizedException('Insufficient Permissions');
}
$viewModel = new ViewModel();
$viewModel->setTemplate('recipe/add');
$viewModel->setVariables(['form' => $this->form]);
$request = $this->getRequest();
if ($request->isPost()) {
$this->form->setData($request->getPost());
if ($this->form->isValid()) {
try {
$recipe = $this->form->getData();
$this->writeService->save($recipe);
return $this->redirect()->toRoute('recipe/read', ['id' => $recipe->getId()]);
} catch (\Exception $e) {
var_dump($e->getMessage());
}
}
}
$this->layout('layout/backend');
return $viewModel;
}
public function deleteAction()
{
$request = $this->getRequest();
$recipe = $this->readService->findById($this->params('id'));
if (false === $this->authorizationService->isGranted('recipe.manage', $recipe)) {
throw new UnauthorizedException('Insufficient Permissions');
}
$viewModel = new ViewModel();
$viewModel->setTemplate('recipe/delete');
$viewModel->setVariables(['recipe' => $recipe, 'form' => $this->form]);
if ($request->isPost()) {
$this->form->setData($request->getPost());
if ($this->form->isValid()) {
try {
$this->writeService->delete($recipe);
$this->flashMessenger()->addSuccessMessage('Rezept wurde erfolgreich gelöscht!');
return $this->redirect()->toRoute('recipe');
} catch (\Exception $e) {
var_dump($e->getMessage());
}
}
}
return $viewModel;
}
public function unsubscribeAction()
{
if (!$this->authorizationService->getIdentity()) {
throw new UnauthorizedException();
}
$object = $this->params('object');
$user = $this->authorizationService->getIdentity();
try {
$object = $this->uuidManager->getUuid($object);
} catch (NotFoundException $e) {
$this->getResponse()->setStatusCode(404);
return false;
}
$this->subscriptionManager->unSubscribe($user, $object);
$this->subscriptionManager->flush();
$this->flashMessenger()->addSuccessMessage('You are no longer receiving notifications for this content.');
return $this->redirect()->toReferer();
}
public function testEventHydration()
{
$this->eventManager = new EventManager();
$this->authorizationService->expects($this->any())->method('getIdentity')->will($this->returnValue($this->identity));
$this->authorizationService->expects($this->any())->method('isGranted')->will($this->returnValue(true));
$this->eventManager->attach(VersioningEvent::COMMIT, [$this, 'eventHydrationCallbackTest']);
$this->eventManager->attach(VersioningEvent::REJECT, [$this, 'eventHydrationCallbackTest']);
$this->eventManager->attach(VersioningEvent::CHECKOUT, [$this, 'eventHydrationCallbackTest']);
$this->repositoryManager->setEventManager($this->eventManager);
$this->repositoryManager->commitRevision($this->repository, [], 'foo');
$this->assertTrue($this->eventCalled);
$this->eventCalled = false;
$this->repositoryManager->checkoutRevision($this->repository, $this->revision, 'foo');
$this->assertTrue($this->eventCalled);
$this->eventCalled = false;
$this->repositoryManager->rejectRevision($this->repository, $this->revision, 'foo');
$this->assertTrue($this->eventCalled);
$this->eventCalled = false;
}
/**
* @covers ZfcRbac\Service\AuthorizationService::getIdentity
*/
public function testGetIdentity()
{
$rbac = $this->getMock('Rbac\\Rbac', [], [], '', false);
$identity = $this->getMock('ZfcRbac\\Identity\\IdentityInterface');
$roleService = $this->getMock('ZfcRbac\\Service\\RoleService', [], [], '', false);
$assertionManager = $this->getMock('ZfcRbac\\Assertion\\AssertionPluginManager', [], [], '', false);
$authorization = new AuthorizationService($rbac, $roleService, $assertionManager);
$roleService->expects($this->once())->method('getIdentity')->will($this->returnValue($identity));
$this->assertSame($authorization->getIdentity(), $identity);
}
/**
* Check if this assertion is true
*
* @param AuthorizationService $authorization
* @return bool
*/
public function assert(AuthorizationService $authorization)
{
return !is_object($authorization->getIdentity());
}
/**
* @param AuthorizationService $authorization
* @return bool
*/
public function assert(AuthorizationService $authorization)
{
return (bool) $authorization->getIdentity()->getDefaultAffiliate();
}
