/** * renders <f:then> child if the role could be found in the security context, * otherwise renders <f:else> child. * * @param string $role The role * @return string the rendered string * @author Andreas Förthner <*****@*****.**> * @api */ public function render($role) { if ($this->securityContext->hasRole($role)) { return $this->renderThenChild(); } else { return $this->renderElseChild(); } }
/** * This is the default Acl voter, it votes for the ACCESS privilege for the given resource * * @param F3\FLOW3\Security\Context $securityContext The current securit context * @param string $resource The resource to vote for * @return integer One of: VOTE_GRANT, VOTE_ABSTAIN, VOTE_DENY */ public function voteForResource(\F3\FLOW3\Security\Context $securityContext, $resource) { $accessGrants = 0; $accessDenies = 0; foreach ($securityContext->getRoles() as $role) { $privileges = $this->policyService->getPrivilegesForResource($role, $resource); if (!isset($privileges[0])) { continue; } if ($privileges[0]->isGrant()) { $accessGrants++; } else { $accessDenies++; } } if ($accessDenies > 0) { return self::VOTE_DENY; } if ($accessGrants > 0) { return self::VOTE_GRANT; } return self::VOTE_ABSTAIN; }
/** * Logout all active authentication tokens * * @return void */ public function logout() { foreach ($this->securityContext->getAuthenticationTokens() as $token) { $token->setAuthenticationStatus(\F3\FLOW3\Security\Authentication\TokenInterface::NO_CREDENTIALS_GIVEN); } }