/** * {@inheritdoc} */ public function isAllowed($role, $resource, $privilege) { if ($role instanceof IRole) { $role = $role->getRoleId(); } if (!$resource instanceof PresenterResource) { throw new \Ark8\Security\Exceptions\SkipException(sprintf('Resource must be instance of %s, %s given.', PresenterResource::class, gettype($resource))); } $request = $resource->getRequest(); $presenterName = $request->getPresenterName(); $refClass = new PresenterComponentReflection($class = $this->presenterFactory->getPresenterClass($presenterName)); if (!$refClass->hasMethod($name = Presenter::formatActionMethod($this->getActionName($request)))) { throw new \Ark8\Security\Exceptions\SkipException(sprintf('Method %s::%s is not implemented.', $class, $name)); } $refMethod = $refClass->getMethod($name); if (!$refMethod->hasAnnotation($privilege)) { throw new \Ark8\Security\Exceptions\SkipException(sprintf('Method %s::%s does not have annotation %s.', $class, $name, $privilege)); } return in_array($role, preg_split('#\\s+#', trim((string) $refMethod->getAnnotation($privilege)))); }
/** * @param Application\Request $request * * @return Application\IResponse * * @throws Application\BadRequestException */ public function run(Application\Request $request) { $this->request = $request; if ($this->httpRequest && $this->router && !$this->httpRequest->isAjax() && ($request->isMethod('get') || $request->isMethod('head'))) { $refUrl = clone $this->httpRequest->getUrl(); $url = $this->router->constructUrl($request, $refUrl->setPath($refUrl->getScriptPath())); if ($url !== NULL && !$this->httpRequest->getUrl()->isEqual($url)) { return new Application\Responses\RedirectResponse($url, Http\IResponse::S301_MOVED_PERMANENTLY); } } $params = $request->getParameters(); if (!isset($params['action'])) { throw new Application\BadRequestException('Parameter action is missing.'); } if (!isset($params['id'])) { throw new Application\BadRequestException('Parameter id is missing.'); } // calls $this->action<Action>() if (!($response = $this->tryCall(Application\UI\Presenter::formatActionMethod(Utils\Strings::capitalize($params['action'])), $params))) { throw new Application\BadRequestException('Action not callable.'); } return $response; }