/**
* This function gets the current user object and needs to validate its access against the required roles.
* The function must either return ACCESS_GRANTED, ACCESS_ABSTAIN or ACCESS_DENIED.
*
* @param UserAbstract $user Current user instance.
* @param array $requestedRoles An array of requested roles for the current access map.
*
* @return integer ACCESS_GRANTED, ACCESS_ABSTAIN or ACCESS_DENIED.
*/
public function vote(UserAbstract $user, array $requestedRoles)
{
$result = self::ACCESS_DENIED;
if ($user->isAuthenticated()) {
$result = self::ACCESS_GRANTED;
}
return $result;
}
/**
* Stores user data into an array, encrypts it and returns the encrypted string.
*
* @param UserAbstract $user Instance of UserAbstract class that holds the pre-filled object from user provider.
*
* @return string
*/
public function encryptUserData(UserAbstract $user)
{
// extract the roles
$roles = $user->getRoles();
$roleArray = [];
foreach ($roles as $r) {
$roleArray[] = $r->getRole();
}
// data (we use short syntax to reduce the size of the cookie or session)
$data = ['u' => $user->getUsername(), 'r' => $roleArray, 'vu' => time() + 86400 * 30, 'sid' => $this->httpSession()->getSessionId(), 'ap' => $user->getAuthProviderName()];
// build and add token to $data
return $this->getCrypt()->encrypt($this->jsonEncode($data), $this->getEncryptionKey());
}
/**
* This function gets the current user object and needs to validate its access against the required roles.
* The function must either return ACCESS_GRANTED, ACCESS_ABSTAIN or ACCESS_DENIED.
*
* @param UserAbstract $user Current user instance.
* @param array $requestedRoles An array of requested roles for the current access map.
*
* @return integer ACCESS_GRANTED, ACCESS_ABSTAIN or ACCESS_DENIED.
*/
public function vote(UserAbstract $user, array $requestedRoles)
{
$result = self::ACCESS_ABSTAIN;
$userRoles = $user->getRoles();
foreach ($requestedRoles as $role) {
if (!$this->supportsRole($role)) {
continue;
}
$result = self::ACCESS_DENIED;
foreach ($userRoles as $ur) {
/**
* @var $ur Role
*/
if ($role->getRole() === $ur->getRole()) {
return self::ACCESS_GRANTED;
}
}
}
return $result;
}
/**
* Base constructor.
*/
public function __construct()
{
parent::populate('anonymous', '', [], false);
}
/**
* Sets roles for current user.
*/
private function setUserRoles()
{
$this->initRoleHierarchy();
$this->user->setRoles($this->roleHierarchy->getAccessibleRoles($this->user->getRoles()));
}