/**
* Basic auth process
*
* @param Context $context
* @param callable $chain
* @return Context
*
* @throws AccessDeniedException
*/
public function handle(Context $context, callable $chain = null)
{
// define access report
$context->access = new Firewall\Access(true, 0, 0);
// access control needed
$context->access->level = $context->invokable->annotation('access');
if ($context->access->level and !Auth::rank($context->access->level)) {
$context->access->granted = false;
throw new AccessDeniedException();
}
// update context
$context->access->auth = Auth::valid();
$context->access->user = Auth::user();
return $chain($context);
}
/**
* Check access
*
* @param Context $context
* @return Context
*
* @throws AccessDeniedException
*/
protected function guard(Context $context)
{
$this->logger->debug('kernel.guard: check user rank');
// 401
if ($context->logic->access and $context->logic->access > Auth::rank()) {
throw new AccessDeniedException('Access denied (#' . $context->logic->name . ': ' . $context->logic->access . ', user: '******')');
}
// set user
if (Auth::valid()) {
$context->user = Auth::user();
}
$this->logger->debug('kernel.guard: access granted (#' . $context->logic->name . ': ' . $context->logic->access . ', user: '******')');
return $context;
}