/** * @param IUser $user * @param IResource|string $resource * @param string $privilege * @return bool */ public function evaluate(IUser $user, $resource, $privilege) { foreach ($this->roles as $role) { foreach ($user->getRoles() as $usersRole) { $roleId = Stringify::stringifyRole($role); $usersRoleId = Stringify::stringifyRole($usersRole); if ($roleId === $usersRoleId) { $queried = $this->isResourceQueried($resource) && $this->isPrivilegeQueried($privilege); $assertion = $this->assertion; return $queried && ($assertion === NULL || $assertion($user, $role, $resource)); } } } return FALSE; }
/** * @param IRole[]|string[] $roles */ protected function validateRoles(array $roles) { foreach ($roles as $role) { $role = Stringify::stringifyRole($role); if (!array_key_exists($role, $this->roles)) { throw new RoleDoesNotExists("Role '{$role}' does not exists."); } } }