PrivilegeRuleProvider.php 2.88 KB
Newer Older
1
2
3
4
5
<?php

namespace UnicaenAuth\Provider\Rule;

use BjyAuthorize\Provider\Rule\ProviderInterface;
6
use UnicaenAuth\Provider\Privilege\PrivilegeProviderAwareTrait;
7
use UnicaenAuth\Provider\Privilege\Privileges;
Bertrand Gauthier's avatar
Bertrand Gauthier committed
8
use Laminas\ServiceManager\ServiceLocatorInterface;
9
10
11
12
13
14
15
16
17
18

/**
 * Rule provider based on a given array of rules
 *
 * @author Laurent LÉCLUSE <laurent.lecluse at unicaen.fr>
 */
class PrivilegeRuleProvider implements ProviderInterface
{
    use PrivilegeProviderAwareTrait;

19
20
21
22
23
    /**
     * @var ServiceLocatorInterface
     */
    protected $serviceLocator;

24
25
26
27
28
29
    /**
     * @var array
     */
    protected $rules;

    /**
30
31
     * @param array                   $config
     * @param ServiceLocatorInterface $serviceLocator
32
33
34
     */
    public function __construct(array $config, ServiceLocatorInterface $serviceLocator)
    {
35
36
        $this->serviceLocator = $serviceLocator;
        $this->config = $config;
37
38
    }

39
40
41
42
    /**
     * @var array
     */
    protected $config = [];
43

44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
    /**
     * @param array $config
     */
    public function setConfig(array $config)
    {
        $this->config = $config;
    }

    /**
     * @return mixed
     */
    public function processConfig()
    {
        $this->rules = $this->makeRules($this->config);
    }
59
60
61
62
63
64
65
66

    public function makeRules(array $config)
    {
        $pr = $this->getPrivilegeProvider()->getPrivilegesRoles();

        foreach ($config as $grant => $rules) {
            foreach ($rules as $index => $rule) {
                if (is_array($rule)) {
67
                    $privileges = isset($rule['privileges']) ? (array)$rule['privileges'] : [];
68
69
                    $ressources = $rule['resources'];
                    $assertion  = isset($rule['assertion']) ? $rule['assertion'] : null;
70

71
                    $bjyRoles   = isset($rule['roles']) ? (array)$rule['roles'] : [];
72
73
74
75
76
77
78
79
80
81
82
83
84
                    foreach ($pr as $privilege => $roles) {
                        if (in_array($privilege, $privileges)) {
                            $bjyRoles = array_unique(array_merge($bjyRoles, $roles));
                        }
                    }
                    $bjyRule = [
                        $bjyRoles,
                        $ressources,
                        $privileges,
                    ];
                    if ($assertion) $bjyRule[3] = $assertion;

                    $config[$grant][$index] = $bjyRule;
85

86
87
88
                }
            }
        }
89
90

        // Mise en place des droits pour tester les privilèges en tant que ressources
91
92
93
        $rules = $config;
        if (!isset($rules['allow'])) $rules['allow'] = [];
        foreach ($pr as $privilege => $roles) {
94
            $rules[empty($roles) ? 'deny' : 'allow'][] = [
95
                $roles,
96
                Privileges::getResourceId($privilege),
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
            ];
        }

        return $rules;
    }



    /**
     * {@inheritDoc}
     */
    public function getRules()
    {
        return $this->rules;
    }
}