/** * Initializes annotations in application. * * @param Core $core */ public function init(Core $core) { AnnotationRegistry::registerAutoloadNamespace('\\Dgafka\\AuthorizationSecurity\\UI\\Annotation\\Type', __DIR__ . '/Type'); $expressionReader = new ExpressionReader(new ExpressionLanguage($core->config()->debugMode() ? null : new ExpressionLanguageCache(new FilesystemCache($core->config()->cachePath() . '/expressions')))); $aopKernel = Kernel::getInstance(); $aopKernel->init(array('debug' => $core->config()->debugMode(), 'cacheDir' => $core->config()->cachePath() . '/aop', 'includePaths' => $core->config()->includePaths())); $core->initialize(DIContainer::getInstance(), $expressionReader); }
/** * Check if user with given context is authorized to do some action * * @param SecurityCommand $securityCommand * * @return bool */ public function isAuthorized(SecurityCommand $securityCommand) { /** @var Security $security */ $security = DIContainer::getInstance()->get('security'); $isAuthorized = true; try { $security->authorize($securityCommand); } catch (SecurityAccessDenied $e) { $isAuthorized = false; } return $isAuthorized; }
/** * This method will check, if user is authorized * * @param MethodInvocation $invocation * @Around("$this->authorizePointcut") */ public function authorize(MethodInvocation $invocation) { $rflMethod = $invocation->getMethod(); $type = null; $userFactory = null; $expression = null; $resourceFactory = null; $resourceFactoryAdditionalParameters = null; $policies = array(); foreach ($rflMethod->getAnnotations() as $annotation) { switch ($annotation) { case $annotation instanceof AuthorizationSecurity: $type = $annotation->securityTypeName(); $userFactory = $annotation->userFactoryName(); break; case $annotation instanceof AuthorizationExpression: $expression = $annotation->expression(); break; case $annotation instanceof AuthorizationResourceFactory: $resourceFactory = $annotation->resourceFactoryName(); $resourceFactoryAdditionalParameters = $annotation->additionalParameters(); break; case $annotation instanceof AuthorizationPolicy: $policies[] = $annotation->policyName(); break; } } /** @var Security $securityAPI */ $securityAPI = DIContainer::getInstance()->get('security'); if (!is_null($resourceFactory)) { /** @var ResourceFactory $userFactory */ $resourceFactoryForArguments = DIContainer::getInstance()->getResourceFactory($resourceFactory); $resourceFactoryForArguments->setArguments($invocation->getArguments()); $resourceFactoryForArguments->setAdditionalParameters($resourceFactoryAdditionalParameters); } $securityCommand = new SecurityCommand($type, $userFactory, $expression, $resourceFactory, $policies); $securityAPI->authorize($securityCommand); $invocation->proceed(); }