Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • release-1.3.10
  • popover-bootstrap-3.4
  • zf-3.x
  • 3.0.9
  • 3.0.8
  • 1.3.10
  • 3.0.7
  • 3.0.6
  • 3.0.5
  • 3.0.4
  • 3.0.3
  • 3.0.2
  • 3.0.1
  • 3.0.0
  • 1.3.9
  • 1.3.8
  • 1.3.7
  • 1.3.6
  • 1.3.5
  • 1.3.4
  • 1.3.3
  • 1.3.2
  • 1.3.1
24 results

AbstractAssertion.php

Blame
  • Forked from lib / unicaen / auth
    127 commits behind, 3 commits ahead of the upstream repository.
    Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    AbstractAssertion.php 7.28 KiB
    <?php
    
    namespace UnicaenAuth\Assertion;
    
    use BjyAuthorize\Service\Authorize;
    use UnicaenAuth\Service\AuthorizeService;
    use UnicaenAuth\Service\Traits\AuthorizeServiceAwareTrait;
    use UnicaenAuth\Service\Traits\UserContextServiceAwareTrait;
    use UnicaenAuth\Service\UserContext;
    use Zend\Mvc\MvcEvent;
    use Zend\Permissions\Acl\Acl;
    use Zend\Permissions\Acl\Assertion\AssertionInterface;
    use Zend\Permissions\Acl\Resource\ResourceInterface;
    use Zend\Permissions\Acl\Role\RoleInterface;
    
    /**
     * Description of AbstractAssertion
     *
     * @author Laurent LÉCLUSE <laurent.lecluse at unicaen.fr>
     */
    abstract class AbstractAssertion implements AssertionInterface
    {
        use UserContextServiceAwareTrait;
        use AuthorizeServiceAwareTrait;
    
        /**
         * @var Acl
         */
        private $acl;
    
        /**
         * @var RoleInterface
         */
        private $role = false;
    
        /**
         * @var MvcEvent
         */
        private $mvcEvent;
    
    
    
        public function __construct(
            MvcEvent $mvcEvent,
            AuthorizeService $serviceAuthorize,
            UserContext $serviceUserContext
        )
        {
            $this->setMvcEvent($mvcEvent);
            $this->setServiceAuthorize($serviceAuthorize);
            $this->setServiceUserContext($serviceUserContext);
        }
    
    
    
        /**
         * !!!! Pour éviter l'erreur "Serialization of 'Closure' is not allowed"... !!!!
         *
         * @return array
         */
        public function __sleep()
        {
            return [];
        }
    
    
    
        /**
         * Returns true if and only if the assertion conditions are met
         *
         * This method is passed the ACL, Role, Resource, and privilege to which the authorization query applies. If the
         * $role, $this->resource, or $privilege parameters are null, it means that the query applies to all Roles, Resources, or
         * privileges, respectively.
         *
         * @param  Acl               $acl
         * @param  RoleInterface     $role
         * @param  ResourceInterface $resource
         * @param  string            $privilege
         *
         * @return bool
         */
        public final function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
        {
            $this->setAcl($acl);
            $this->setRole($role);
            $this->init();
            switch (true) {
                case $this->detectPrivilege($resource):
    //                var_dump('assertPrivilege '.get_class($this).' '.$resource->getResourceId().' '.$privilege);
                    return $this->assertPrivilege(ltrim(strstr($resource, '/'), '/'), $privilege);
    
                case $this->detectController($resource):
    
                    $resource   = (string)$resource;
                    $spos       = strpos($resource, '/') + 1;
                    $dpos       = strrpos($resource, ':') + 1;
                    $controller = substr($resource, $spos, $dpos - $spos - 1);
                    $action     = substr($resource, $dpos);
    
    //                var_dump('assertController '.get_class($this).' '.$controller.'.'.$action.' '.$privilege);
                    return $this->assertController($controller, $action, $privilege);
    
                case $this->detectEntity($resource):
    //                var_dump('assertEntity '.get_class($this).' '.$resource->getResourceId().' '.$privilege);
                    return $this->assertEntity($resource, $privilege);
    
                default:
    //                var_dump('assertOther '.get_class($this).' '.$resource->getResourceId().' '.$privilege);
                    return $this->assertOther($resource, $privilege);
            }
        }
    
    
    
        /**
         * @param string|ResourceInterface $resource
         * @param string                   $privilege
         *
         * @return bool
         */
        public function isAllowed($resource, $privilege = null)
        {
            return $this->getServiceAuthorize()->isAllowed($resource, $privilege);
        }
    
    
    
        /**
         * @return Acl
         */
        public function getAcl()
        {
            if (!$this->acl) {
                $this->acl = $this->getServiceAuthorize()->getAcl();
            }
    
            return $this->acl;
        }
    
    
    
        /**
         * @param Acl $acl
         *
         * @return AbstractAssertion
         */
        public function setAcl(Acl $acl = null)
        {
            $this->acl = $acl;
    
            return $this;
        }
    
    
    
        /**
         * @return RoleInterface
         */
        public function getRole()
        {
            if (false === $this->role) {
                $sUserContext = $this->serviceUserContext;
                if ($sUserContext->getIdentity()) {
                    $this->role = $sUserContext->getSelectedIdentityRole();
                }
            }
    
            return $this->role;
        }
    
    
    
        /**
         * @param RoleInterface $role
         *
         * @return AbstractAssertion
         */
        public function setRole(RoleInterface $role = null)
        {
            $this->role = $role;
    
            return $this;
        }
    
    
    
        /**
         * @param string $resource
         *
         * @return boolean
         */
        private function detectPrivilege($resource = null)
        {
            if ($resource instanceof ResourceInterface) $resource = $resource->getResourceId();
    
            return is_string($resource) && 0 === strpos($resource, 'privilege/');
        }
    
    
    
        /**
         * @param string $privilege
         * @param string $subPrivilege
         *
         * @return boolean
         */
        protected function assertPrivilege($privilege, $subPrivilege = null)
        {
            return true;
        }
    
    
    
        /**
         * @param string $resource
         *
         * @return boolean
         */
        private function detectController($resource = null)
        {
            if ($resource instanceof ResourceInterface) $resource = $resource->getResourceId();
    
            return 0 === strpos($resource, 'controller/');
        }
    
    
    
        /**
         * Ititialisation des paramètres de l'assertion (si nécessaire)
         */
        public function init()
        {
    
        }
    
    
    
        /**
         * @param string $controller
         * @param string $action
         * @param string $privilege
         *
         * @return boolean
         */
        protected function assertController($controller, $action = null, $privilege = null)
        {
            return true;
        }
    
    
    
        /**
         * @param string $resource
         *
         * @return boolean
         */
        private function detectEntity($resource = null)
        {
            return
                is_object($resource)
                && method_exists($resource, 'getId');
        }
    
    
    
        /**
         * @param ResourceInterface $entity
         * @param string            $privilege
         *
         * @return boolean
         */
        protected function assertEntity(ResourceInterface $entity, $privilege = null)
        {
            return true;
        }
    
    
    
        /**
         * @param ResourceInterface $resource
         * @param string            $privilege
         *
         * @return boolean
         */
        protected function assertOther(ResourceInterface $resource = null, $privilege = null)
        {
            return true;
        }
    
    
    
        /**
         * Parcours la liste des résultats des assertions transmises (liste de booleans)
         * Si l'une d'entres elles est fausse alors false est retourné. true sinon.
         *
         * @param array $assertions
         *
         * @return bool
         */
        protected function asserts($assertions)
        {
            if (!is_array($assertions)) {
                $assertions = [$assertions];
            }
    
            foreach ($assertions as $assertion) {
                if (!$assertion) return false;
            }
    
            return true;
        }
    
    
    
        public function setMvcEvent(MvcEvent $mvcEvent)
        {
            $this->mvcEvent = $mvcEvent;
        }
    
    
    
        /**
         * @return MvcEvent
         */
        protected function getMvcEvent()
        {
            return $this->mvcEvent;
        }
    
    }