示例#1
0
 /**
  * @param ResourceInterface|null $resource
  * @return $this
  */
 public function setResourceId(ResourceInterface $resource = null)
 {
     if ($resource) {
         $this->resourceId = $resource->getResourceId();
     }
     return $this;
 }
 public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
 {
     if (!$role instanceof UserInterface || !$resource instanceof JobInterface || 'edit' != $privilege) {
         return false;
     }
     return $resource->getPermissions()->isGranted($role->getId(), Permissions::PERMISSION_CHANGE);
 }
示例#3
0
 public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
 {
     if (!$resource instanceof User) {
         return false;
     }
     return $acl->isAdminRole($resource->getRole());
 }
 public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
 {
     if (!$role instanceof UserInterface || !$resource instanceof FileInterface) {
         return false;
     }
     $privilege = $privilege ?: PermissionsInterface::PERMISSION_VIEW;
     return $resource->getPermissions()->isGranted($role, $privilege);
 }
 /**
  * Checks permissions based on resources' permissions.
  *
  * {@inheritDoc}
  *
  * @see \Zend\Permissions\Acl\Assertion\AssertionInterface::assert()
  */
 public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
 {
     if (!$role instanceof UserInterface || !$resource instanceof ApplicationInterface) {
         return false;
     }
     /* @var $resource ApplicationInterface */
     $permission = 'read' == $privilege ? PermissionsInterface::PERMISSION_VIEW : PermissionsInterface::PERMISSION_CHANGE;
     return $resource->getPermissions()->isGranted($role, $permission);
 }
示例#6
0
 public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
 {
     if ($resource instanceof Site) {
         $site = $resource;
     } elseif ($resource instanceof SitePage) {
         $site = $resource->getSite();
     } else {
         return false;
     }
     return $site->isPublic();
 }
示例#7
0
 public function assert(\Zend\Permissions\Acl\Acl $acl, \Zend\Permissions\Acl\Role\RoleInterface $role = null, \Zend\Permissions\Acl\Resource\ResourceInterface $resource = null, $privilege = null)
 {
     $model = $resource->getModel();
     if ($model instanceof \Application\Model\Relation\UserCalendar) {
         $collection = $model->getCalendar()->getUserCalendars();
     } elseif ($model instanceof \Application\Model\Relation\UserPlace) {
         $collection = $model->getPlace()->getUserPlaces();
     } else {
         throw new \InvalidArgumentException('The resource being checked is not a supported relation. Either implement the relation support, or modify ACL rules.');
     }
     return count($collection) === 1;
 }
示例#8
0
 public function assert(\Zend\Permissions\Acl\Acl $acl, \Zend\Permissions\Acl\Role\RoleInterface $role = null, \Zend\Permissions\Acl\Resource\ResourceInterface $resource = null, $privilege = null)
 {
     $model = $resource->getModel();
     if (!$model instanceof \Application\Authorization\HasRelationToUsersInterface) {
         throw new \InvalidArgumentException('The resource being checked must implement HasRelationToUsersInterface. Either implement the interface, or modify ACL rules.');
     }
     // If we found the user in relations, that means there is a relation, so return false (duh!)
     foreach ($model->getUsers() as $user) {
         if ($user === $role->getUser()) {
             return false;
         }
     }
     return true;
 }
示例#9
0
 /**
  * Returns true if and only if the assertion conditions are met
  *
  * This method is passed the ACL, Role, Resource, and privilege to which the authorization query applies. If the
  * $role, $resource, or $privilege parameters are null, it means that the query applies to all Roles, Resources, or
  * privileges, respectively.
  *
  * @param  Acl                        $acl
  * @param  RoleInterface         $role
  * @param  ResourceInterface $resource
  * @param  string                         $privilege
  * @return bool
  */
 public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
 {
     if (!$role instanceof User) {
         return false;
     }
     if (!$resource instanceof OrganResourceInterface) {
         return false;
     }
     $member = $role->getMember();
     $organ = $resource->getResourceOrgan();
     foreach ($member->getOrganInstallations() as $organInstall) {
         if ($organInstall->getOrgan()->getId() === $organ->getId() && $this->isCurrentMember($organInstall)) {
             return true;
         }
     }
     return false;
 }
 public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
 {
     if ($resource instanceof Site) {
         $site = $resource;
     } elseif ($resource instanceof SitePage) {
         $site = $resource->getSite();
     } else {
         // Not a recognized resource.
         return false;
     }
     $criteria = Criteria::create()->where(Criteria::expr()->eq('user', $role));
     $sitePermission = $site->getSitePermissions()->matching($criteria)->first();
     if (!$sitePermission) {
         // This user has no site permission
         return false;
     }
     $userRoleNumber = $this->getRoleNumber($sitePermission->getRole());
     return $userRoleNumber <= $this->roleNumber;
 }
 /**
  * Checks permissions based on resources' permissions.
  *
  * {@inheritDoc}
  *
  * @see \Zend\Permissions\Acl\Assertion\AssertionInterface::assert()
  */
 public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
 {
     if (!$role instanceof UserInterface || !$resource instanceof ApplicationInterface) {
         return false;
     }
     /* @var $resource ApplicationInterface|DraftableEntityInterface */
     $permissions = $resource->getPermissions();
     /* If application is a draft, only the associated user may view and edit.
      * As an anonymous user is not saved with the entity, we need to check the 'change' permission.
      */
     if ($resource->isDraft()) {
         return $role === $resource->getUser() || $permissions->isGranted($role, PermissionsInterface::PERMISSION_CHANGE);
     }
     if (ApplicationInterface::PERMISSION_SUBSEQUENT_ATTACHMENT_UPLOAD == $privilege) {
         // only applicant is allowed to upload subsequent attachments
         return $permissions->isAssigned($role) && $permissions->isGranted($role, PermissionsInterface::PERMISSION_VIEW);
     }
     $permission = 'read' == $privilege ? PermissionsInterface::PERMISSION_VIEW : PermissionsInterface::PERMISSION_CHANGE;
     return $permissions->isGranted($role, $permission);
 }
示例#12
0
 /**
  * Returns true, if the user has write access to the job granted from the organization.
  *
  * @param RoleInterface $role This must be a UserInterface instance
  * @param ResourceInterface $resource This must be a JobInterface instance
  *
  * @return bool
  */
 protected function checkOrganizationPermissions($role, $resource)
 {
     /* @var $resource \Jobs\Entity\JobInterface */
     /* @var $role     \Auth\Entity\UserInterface */
     $organization = $resource->getOrganization();
     if (!$organization) {
         return false;
     }
     if ($organization->isHiringOrganization()) {
         $organization = $organization->getParent();
     }
     $orgUser = $organization->getUser();
     if ($orgUser && $role->getId() == $orgUser->getId()) {
         return true;
     }
     $employees = $organization->getEmployees();
     foreach ($employees as $emp) {
         /* @var $emp \Organizations\Entity\EmployeeInterface */
         if ($emp->getUser()->getId() == $role->getId() && $emp->getPermissions()->isAllowed(EmployeePermissionsInterface::JOBS_CHANGE)) {
             return true;
         }
     }
     return false;
 }
示例#13
0
 /**
  * @param \Phpro\SmartCrud\Event\CrudEvent                 $event
  * @param \BjyAuthorize\Service\Authorize                  $authorizeService
  * @param \Zend\Permissions\Acl\Resource\ResourceInterface $resource
  */
 protected function mockEvent($authorizeService, $event, $resource)
 {
     $authorizeService->isAllowed(Argument::cetera())->willReturn(true);
     $this->mockListenerFactory($authorizeService->getWrappedObject());
     $event->getEntity()->willReturn($resource->getWrappedObject());
 }
示例#14
0
 /**
  * Returns true if and only if the assertion conditions are met
  *
  * This method is passed the ACL, Role, Resource, and privilege to which the authorization query applies. If the
  * $role, $resource, or $privilege parameters are null, it means that the query applies to all Roles, Resources, or
  * privileges, respectively.
  *
  * @param  Acl               $acl
  * @param  RoleInterface     $role
  * @param  ResourceInterface $resource
  * @param  string            $privilege
  *
  * @return bool
  */
 public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
 {
     /* @var ResourceInterface|Cv $resource */
     return $role instanceof UserInterface && $resource instanceof CvInterface && 'view' == $privilege && ($resource->getPermissions()->isGranted($role, PermissionsInterface::PERMISSION_VIEW) || Status::PUBLIC_TO_ALL == (string) $resource->getStatus());
 }
 /**
  * Checks write Access on attachments
  * 
  * @param RoleInterface $role
  * @param ResourceInterface $resource
  * @return boolean
  */
 protected function assertWrite($role, $resource)
 {
     $job = $resource->getJob();
     return $job && $role->getId() == $job->getUser()->getId();
 }
示例#16
0
 /**
  * Returns true if and only if the assertion conditions are met
  *
  * This method is passed the ACL, Role, Resource, and privilege to which the authorization query applies. If the
  * $role, $resource, or $privilege parameters are null, it means that the query applies to all Roles, Resources, or
  * privileges, respectively.
  *
  * @param  Acl $acl
  * @param  RoleInterface $role
  * @param  ResourceInterface $resource
  * @param  string $privilege
  * @return bool
  */
 public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
 {
     if ($this->inWhitelist($role->getRoleId(), $resource->getResourceId(), $privilege)) {
         return false;
     }
     $rows = $this->getRolesAndResources($role->getRoleId(), $resource->getResourceId());
     foreach ($rows as $row) {
         $methods = explode(',', $row['methods']);
         if (!in_array($privilege, $methods)) {
             return false;
         }
     }
     return true;
 }
示例#17
0
文件: Memory.php 项目: fwk/security
 public function removeResource(ResourceInterface $resource)
 {
     unset($this->resources[$resource->getResourceId()]);
     return $this;
 }
示例#18
0
 public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
 {
     return 'edit' == $privilege && $role instanceof UserInterface && $resource instanceof OrganizationInterface && $resource->getPermissions()->isGranted($role, PermissionsInterface::PERMISSION_CHANGE);
 }