/** * {@inheritDoc} */ public function isGranted(MvcEvent $event) { $routeMatch = $event->getRouteMatch(); $controller = strtolower($routeMatch->getParam('controller')); $action = strtolower($routeMatch->getParam('action')); // If no rules apply, it is considered as granted or not based on the protection policy if (!isset($this->rules[$controller])) { return $this->protectionPolicy === self::POLICY_ALLOW; } // Algorithm is as follow: we first check if there is an exact match (controller + action), if not // we check if there are rules set globally for the whole controllers (see the index "0"), and finally // if nothing is matched, we fallback to the protection policy logic if (isset($this->rules[$controller][$action])) { $allowedPermissions = $this->rules[$controller][$action]; } elseif (isset($this->rules[$controller][0])) { $allowedPermissions = $this->rules[$controller][0]; } else { return $this->protectionPolicy === self::POLICY_ALLOW; } // If no rules apply, it is considered as granted or not based on the protection policy if (empty($allowedPermissions)) { return $this->protectionPolicy === self::POLICY_ALLOW; } if (in_array('*', $allowedPermissions)) { return true; } foreach ($allowedPermissions as $permission) { if (!$this->authorizationService->isGranted($permission)) { return false; } } return true; }
/** * {@inheritDoc} */ public function isGranted(MvcEvent $event) { $matchedRouteName = $event->getRouteMatch()->getMatchedRouteName(); $allowedPermissions = null; foreach (array_keys($this->rules) as $routeRule) { if (fnmatch($routeRule, $matchedRouteName, FNM_CASEFOLD)) { $allowedPermissions = $this->rules[$routeRule]; break; } } // If no rules apply, it is considered as granted or not based on the protection policy if (null === $allowedPermissions) { return $this->protectionPolicy === self::POLICY_ALLOW; } if (in_array('*', $allowedPermissions)) { return true; } $permissions = isset($allowedPermissions['permissions']) ? $allowedPermissions['permissions'] : $allowedPermissions; $condition = isset($allowedPermissions['condition']) ? $allowedPermissions['condition'] : GuardInterface::CONDITION_AND; if (GuardInterface::CONDITION_AND === $condition) { foreach ($permissions as $permission) { if (!$this->authorizationService->isGranted($permission)) { return false; } } return true; } if (GuardInterface::CONDITION_OR === $condition) { foreach ($permissions as $permission) { if ($this->authorizationService->isGranted($permission)) { return true; } } return false; } throw new InvalidArgumentException(sprintf('Condition must be either "AND" or "OR", %s given', is_object($condition) ? get_class($condition) : gettype($condition))); }
/** * * @param MvcEvent $event * @return bool */ public function isGranted(MvcEvent $event) { $rules = $this->getRules(); $routeMatch = $event->getRouteMatch(); $request = $event->getRequest(); if (!$request instanceof HttpRequest) { return true; } $method = $request->getMethod(); $resource = $this->resourceResolver->buildResourceString($routeMatch, $request); // If no resource could be identified, it is considered as granted (this guard does not apply). if (!$resource) { return true; } list($controller, $group) = explode('::', $resource); // If it's an RPC call and not a REST controller, , it is considered as granted (this guard does not apply). if (!in_array($group, ['entity', 'collection'])) { return true; } // If no rules apply, it is considered as granted or not based on the protection policy. if (!isset($rules[$controller][$group][$method])) { return $this->getProtectionPolicy() === self::POLICY_ALLOW; } $actions = $rules[$controller][$group][$method]; if (is_string($actions)) { $actions = [$actions]; } if (is_array($actions)) { $and = true; foreach ($actions as $action) { $and = $and && $this->authorizationService->isGranted($action); } $actions = $and; } return (bool) $actions; }
/** * {@inheritDoc} */ public function isGranted(MvcEvent $event) { $matchedRouteName = $event->getRouteMatch()->getMatchedRouteName(); $allowedPermissions = null; foreach (array_keys($this->rules) as $routeRule) { if (fnmatch($routeRule, $matchedRouteName, FNM_CASEFOLD)) { $allowedPermissions = $this->rules[$routeRule]; break; } } // If no rules apply, it is considered as granted or not based on the protection policy if (null === $allowedPermissions) { return $this->protectionPolicy === self::POLICY_ALLOW; } if (in_array('*', $allowedPermissions)) { return true; } foreach ($allowedPermissions as $permission) { if (!$this->authorizationService->isGranted($permission)) { return false; } } return true; }
/** * Check against the given permission * * @param string $permission * @param mixed $context * @return bool */ public function __invoke($permission, $context = null) { return $this->authorizationService->isGranted($permission, $context); }
/** * @param string $action * @param mixed $context * @return boolean */ public function isAllowed($action, $context = null) { return $this->rbacService->isGranted($action, $context); }
/** * Check if the permission is granted to the current identity * * @param string $messageName * @param mixed $context * @return bool */ public function isGranted($messageName, $context = null) { return $this->zfcRbacAuthorizationService->isGranted($messageName, $context); }