public function assert(AuthorizationResult $result, $role = null) { if (!$role instanceof RoleInterface) { throw new InvalidArgumentException(); } $instanceManager = $this->getInstanceManager(); $permissionService = $this->getPermissionService(); $assertion = new InstanceAssertion($instanceManager, $permissionService, $this->traversalStrategy); $checkPermission = $result->getPermission() . '.' . $role->getName(); $result = clone $result; $instancesToCheck = []; $rolesToCheck = $assertion->flattenRoles([$role]); foreach ($rolesToCheck as $roleToCheck) { foreach ($roleToCheck->getPermissions() as $permission) { $instance = $permission->getParameter('instance'); if (!in_array($instance, $instancesToCheck)) { $instancesToCheck[] = $instance; } } } try { $this->getPermissionService()->findPermissionByName($checkPermission); } catch (PermissionNotFoundException $e) { $checkPermission = $result->getPermission(); } $result->setPermission($checkPermission); foreach ($instancesToCheck as $instance) { if (!$assertion->assert($result, $instance)) { return false; } } return true; }
/** * Check if this assertion is true * * @param AuthorizationResult $authorization * @param mixed $context * @throws RuntimeException * @throws InvalidArgumentException * @return bool */ public function assert(AuthorizationResult $authorization, $context = null) { if ($context === null) { $instance = null; } elseif ($context instanceof InstanceProviderInterface) { $instance = $context->getInstance(); if (!is_object($instance)) { throw new RuntimeException(sprintf('%s provides an instance of null', get_class($context))); } } elseif ($context instanceof InstanceInterface) { $instance = $context; } else { throw new InvalidArgumentException(sprintf('Expected null, InstanceProviderInterface or InstanceInterface but got %s', is_object($context) ? get_class($context) : gettype($context))); } $permissionToCheck = $authorization->getPermission(); $rolesToCheck = $this->flattenRoles($authorization->getRoles()); $permissions = $this->permissionService->findParametrizedPermissions($permissionToCheck, 'instance', $instance); if ($this->isGranted($rolesToCheck, $permissions)) { return true; } // Not found..well, that's unfortunate! Let's check if it's satisfiable with global permissions if ($instance !== null) { $permissions = $this->permissionService->findParametrizedPermissions($permissionToCheck, 'instance', null); if ($this->isGranted($rolesToCheck, $permissions)) { return true; } } return false; }
/** * Check if this assertion is true * * @param AuthorizationResult $authorization * @param mixed $context * @return bool * @throws InvalidArgumentException */ public function assert(AuthorizationResult $authorization, $context = null) { if ($context instanceof PageRepositoryInterface) { } elseif ($context instanceof PageRevisionInterface) { $context = $context->getRepository(); } else { throw new InvalidArgumentException(); } $flattened = $this->flattenRoles($authorization->getRoles()); foreach ($context->getRoles() as $role) { if (in_array($role, $flattened)) { return true; } } return false; }
/** * @param string $permission * @param array $roles * @return AuthorizationResult */ protected function createResult($permission, $roles) { $result = new AuthorizationResult(); $result->setPermission($permission); $result->setIdentity($this->getIdentity()); $result->setRoles($roles); $result->setAuthorizationService($this); return $result; }