/** * @param RequestConfiguration $requestConfiguration * @param string $permission * * @return bool */ public function isGranted(RequestConfiguration $requestConfiguration, $permission) { if (!$requestConfiguration->hasPermission()) { return true; } return $this->rbacAuthorizationChecker->isGranted($permission); }
function it_uses_rbac_authorization_checker(RequestConfiguration $requestConfiguration, RbacAuthorizationCheckerInterface $rbacAuthorizationChecker) { $requestConfiguration->hasPermission()->willReturn(true); $requestConfiguration->getPermission('sylius.product.foo')->willReturn('sylius.product.foo'); $rbacAuthorizationChecker->isGranted('sylius.product.foo')->willReturn(false); $this->isGranted($requestConfiguration, 'sylius.product.foo')->shouldReturn(false); $rbacAuthorizationChecker->isGranted('sylius.product.foo')->willReturn(true); $this->isGranted($requestConfiguration, 'sylius.product.foo')->shouldReturn(true); }
/** * {@inheritdoc} */ public function get(RequestConfiguration $requestConfiguration, RepositoryInterface $repository) { if ($requestConfiguration->hasPermission() && $this->requireOwnerCheck($vars = $requestConfiguration->getVars())) { $owner = $this->currentIdentityProvider->getIdentity(); $ownerField = is_bool($vars['acl_owner']) ? ResourceOwnerFilter::FIELD : $vars['acl_owner']; // using in grid param $requestConfiguration->getRequest()->query->set(ResourceOwnerFilter::TYPE, $owner); $criteria = $requestConfiguration->getCriteria(); $criteria[$ownerField] = $owner; $requestConfiguration->getParameters()->set('criteria', $criteria); } return $this->decoratedResolver->get($requestConfiguration, $repository); }
/** * @param RequestConfiguration $configuration * @param string $permission * * @throws AccessDeniedException */ protected function isGrantedOr403(RequestConfiguration $configuration, $permission) { if (!$configuration->hasPermission()) { return; } $permission = $configuration->getPermission($permission); if (!$this->authorizationChecker->isGranted($configuration, $permission)) { throw new AccessDeniedException(); } }