Author: Michaël Gallego (mic.gallego@gmail.com)
RoleService Class Documentation
示例#1
0
 public function testThrowExceptionIfIdentityIsWrongType()
 {
     $this->setExpectedException('ZfcRbac\\Exception\\RuntimeException', 'ZfcRbac expects your identity to implement ZfcRbac\\Identity\\IdentityInterface, "stdClass" given');
     $identityProvider = $this->getMock('ZfcRbac\\Identity\\IdentityProviderInterface');
     $identityProvider->expects($this->any())->method('getIdentity')->will($this->returnValue(new \stdClass()));
     $roleService = new RoleService($identityProvider, $this->getMock('ZfcRbac\\Role\\RoleProviderInterface'), $this->getMock('Rbac\\Traversal\\Strategy\\TraversalStrategyInterface'));
     $roleService->getIdentityRoles();
 }
示例#2
0
 /**
  * @param ContainerInterface $container
  * @param string $requestedName
  * @param array|null $options
  * @return RoleService
  */
 public function __invoke(ContainerInterface $container, $requestedName, array $options = null)
 {
     /* @var \ZfcRbac\Options\ModuleOptions $moduleOptions */
     $moduleOptions = $container->get('ZfcRbac\\Options\\ModuleOptions');
     /* @var \ZfcRbac\Identity\IdentityProviderInterface $identityProvider */
     $identityProvider = $container->get($moduleOptions->getIdentityProvider());
     $roleProviderConfig = $moduleOptions->getRoleProvider();
     if (empty($roleProviderConfig)) {
         throw new RuntimeException('No role provider has been set for ZfcRbac');
     }
     /* @var \ZfcRbac\Role\RoleProviderPluginManager $pluginManager */
     $pluginManager = $container->get('ZfcRbac\\Role\\RoleProviderPluginManager');
     /* @var \ZfcRbac\Role\RoleProviderInterface $roleProvider */
     $roleProvider = $pluginManager->get(key($roleProviderConfig), current($roleProviderConfig));
     /* @var \Rbac\Traversal\Strategy\TraversalStrategyInterface $traversalStrategy */
     $traversalStrategy = $container->get('Rbac\\Rbac')->getTraversalStrategy();
     $roleService = new RoleService($identityProvider, $roleProvider, $traversalStrategy);
     $roleService->setGuestRole($moduleOptions->getGuestRole());
     return $roleService;
 }
示例#3
0
 /**
  * Check if the permission is granted to the current identity
  *
  * @param string|PermissionInterface $permission
  * @param mixed                      $context
  * @return bool
  */
 public function isGranted($permission, $context = null)
 {
     $roles = $this->roleService->getIdentityRoles();
     if (empty($roles)) {
         return false;
     }
     if (!$this->rbac->isGranted($roles, $permission)) {
         return false;
     }
     if ($this->hasAssertion($permission)) {
         return $this->assert($this->assertions[(string) $permission], $context);
     }
     return true;
 }
示例#4
0
 /**
  * Check if the permission is granted to the current identity
  *
  * @param string|PermissionInterface $permission
  * @param mixed                      $context
  * @return bool
  */
 public function isGranted($permission, $context = null)
 {
     $roles = $this->roleService->getIdentityRoles();
     if (empty($roles)) {
         return false;
     }
     if (!$this->rbac->isGranted($roles, $permission)) {
         return false;
     }
     if (!$this->hasAssertion($permission)) {
         return true;
     }
     // multiple assertions
     if (is_array($this->assertions[(string) $permission])) {
         $map = $this->assertions[(string) $permission];
         if (empty($map['assertions'])) {
             return true;
         }
         if (!is_array($map['assertions'])) {
             // convert single assertion to array
             $map['assertions'] = [$map['assertions']];
         }
         $condition = isset($map['condition']) ? $map['condition'] : AssertionInterface::CONDITION_AND;
         if (AssertionInterface::CONDITION_AND === $condition) {
             foreach ($map['assertions'] as $assertion) {
                 if (!$this->assert($assertion, $context)) {
                     return false;
                 }
             }
             return true;
         }
         if (AssertionInterface::CONDITION_OR === $condition) {
             foreach ($map['assertions'] as $assertion) {
                 if ($this->assert($assertion, $context)) {
                     return true;
                 }
             }
             return false;
         }
         throw new Exception\InvalidArgumentException(sprintf('Condition must be either "AND" or "OR", %s given', is_object($condition) ? get_class($condition) : gettype($condition)));
     } else {
         // single assertion
         return $this->assert($this->assertions[(string) $permission], $context);
     }
 }
示例#5
0
 /**
  * {@inheritDoc}
  */
 public function isGranted(MvcEvent $event)
 {
     $matchedRouteName = $event->getRouteMatch()->getMatchedRouteName();
     $allowedRoles = null;
     foreach (array_keys($this->rules) as $routeRule) {
         if (fnmatch($routeRule, $matchedRouteName, FNM_CASEFOLD)) {
             $allowedRoles = $this->rules[$routeRule];
             break;
         }
     }
     // If no rules apply, it is considered as granted or not based on the protection policy
     if (null === $allowedRoles) {
         return $this->protectionPolicy === self::POLICY_ALLOW;
     }
     if (in_array('*', $allowedRoles)) {
         return true;
     }
     return $this->roleService->matchIdentityRoles($allowedRoles);
 }
示例#6
0
 /**
  * {@inheritDoc}
  */
 public function isGranted(MvcEvent $event)
 {
     $routeMatch = $event->getRouteMatch();
     $controller = strtolower($routeMatch->getParam('controller'));
     $action = strtolower($routeMatch->getParam('action'));
     // If no rules apply, it is considered as granted or not based on the protection policy
     if (!isset($this->rules[$controller])) {
         return $this->protectionPolicy === self::POLICY_ALLOW;
     }
     // Algorithm is as follow: we first check if there is an exact match (controller + action), if not
     // we check if there are rules set globally for the whole controllers (see the index "0"), and finally
     // if nothing is matched, we fallback to the protection policy logic
     if (isset($this->rules[$controller][$action])) {
         $allowedRoles = $this->rules[$controller][$action];
     } elseif (isset($this->rules[$controller][0])) {
         $allowedRoles = $this->rules[$controller][0];
     } else {
         return $this->protectionPolicy === self::POLICY_ALLOW;
     }
     if (in_array('*', $allowedRoles)) {
         return true;
     }
     return $this->roleService->matchIdentityRoles($allowedRoles);
 }
示例#7
0
 /**
  * Collect roles and permissions
  *
  * @param  RoleService $roleService
  * @return void
  */
 private function collectIdentityRolesAndPermissions(RoleService $roleService)
 {
     $identityRoles = $roleService->getIdentityRoles();
     foreach ($identityRoles as $role) {
         $roleName = $role->getName();
         if (!$role instanceof HierarchicalRoleInterface) {
             $this->collectedRoles[] = $roleName;
         } else {
             $iteratorIterator = new RecursiveIteratorIterator(new RecursiveRoleIterator($role->getChildren()), RecursiveIteratorIterator::SELF_FIRST);
             foreach ($iteratorIterator as $childRole) {
                 $this->collectedRoles[$roleName][] = $childRole->getName();
                 $this->collectPermissions($childRole);
             }
         }
         $this->collectPermissions($role);
     }
 }
示例#8
0
 /**
  * @param string|string[] $roleOrRoles
  * @return bool
  */
 public function __invoke($roleOrRoles)
 {
     return $this->roleService->matchIdentityRoles((array) $roleOrRoles);
 }