/**
* Main method to check authorization
*
* @param MvcEvent $e
*
* @return ResponseInterface
*/
public function checkAccess(MvcEvent $e)
{
/** @var Response $response */
$response = $e->getResponse();
/** @var UserEntity $identity */
$identity = $this->authService->getIdentity();
$role = $identity ? $identity->getRole() : UserEntity::ROLE_GUEST;
list($moduleName, $controllerName, $actionName) = $this->namesResolver->resolve($e);
if ($this->acl->isAllowed($role, $moduleName, $controllerName . ':' . $actionName)) {
$e->getViewModel()->setVariable('acl', $this->acl);
return $response;
}
$this->getEventManager()->trigger(self::EVENT_IS_NOT_ALLOWED, $e->getTarget());
$router = $e->getRouter();
if ($role !== UserEntity::ROLE_GUEST) {
$url = $router->assemble(['controller' => 'no-access'], ['name' => 'auth/default']);
} else {
$url = $router->assemble(['controller' => 'login'], ['name' => 'access/default']);
}
$response->setStatusCode(302);
$response->getHeaders()->clearHeaders();
$response->getHeaders()->addHeaderLine('Location', $url);
$e->stopPropagation();
return $response;
}
public function testResolve()
{
$event = new MvcEvent();
$controller = new AbcController();
$event->setTarget($controller);
$routeMatch = new RouteMatch(['action' => 'def']);
$event->setRouteMatch($routeMatch);
list($module, $controller, $action) = $this->testedObject->resolve($event);
$this->assertSame('applicationcoreacltest\\model\\provider', $module);
$this->assertSame('abc', $controller);
$this->assertSame('def', $action);
}