mcndave
/
notes-security
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- Secured the unauthorized route if nothing was provided

This commit is contained in:
Dave M. 2022-10-12 18:19:41 +00:00
parent b506bae846
commit 532cecfcad
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/SecurityHandler.php
View File

@ -13,7 +13,7 @@ class SecurityHandler {
protected ResponseInterface $redirectResponse;
protected \Closure $unauthorizeResponse;
protected ? \Closure $unauthorizeResponse;
protected ? Taxus $taxus;
@ -36,6 +36,7 @@ class SecurityHandler {
public function taxus(string $className, string $methodName, object $user = null) : ? ResponseInterface
{
if ($taxus = $this->getClassAnnotations(Annotation\Taxus::class, $className, $methodName)) {
if ($this->unauthorizeResponse) {
foreach ($taxus as $item) {
if (!isset($item->privilege) || $this->taxus->granted($item->privilege, $user, $item)) {
return null;
@ -44,6 +45,10 @@ class SecurityHandler {
return call_user_func_array($this->unauthorizeResponse, [ $user, $taxus, $className, $methodName ]);
}
else {
throw new \ErrorException("Unauthorized response given.");
}
}
return null;
}