public function buildResourceString(\Zend\Mvc\Router\RouteMatch $routeMatch, $request) { $resourceString = parent::buildResourceString($routeMatch, $request); if ($this->isSupported($resourceString, $request)) { return $this->getModelResource($routeMatch, $request, $resourceString); } else { return $resourceString; } }
/** * * @param MvcEvent $event * @return bool */ public function isGranted(MvcEvent $event) { $rules = $this->getRules(); $routeMatch = $event->getRouteMatch(); $request = $event->getRequest(); if (!$request instanceof HttpRequest) { return true; } $method = $request->getMethod(); $resource = $this->resourceResolver->buildResourceString($routeMatch, $request); // If no resource could be identified, it is considered as granted (this guard does not apply). if (!$resource) { return true; } list($controller, $group) = explode('::', $resource); // If it's an RPC call and not a REST controller, , it is considered as granted (this guard does not apply). if (!in_array($group, ['entity', 'collection'])) { return true; } // If no rules apply, it is considered as granted or not based on the protection policy. if (!isset($rules[$controller][$group][$method])) { return $this->getProtectionPolicy() === self::POLICY_ALLOW; } $actions = $rules[$controller][$group][$method]; if (is_string($actions)) { $actions = [$actions]; } if (is_array($actions)) { $and = true; foreach ($actions as $action) { $and = $and && $this->authorizationService->isGranted($action); } $actions = $and; } return (bool) $actions; }