From b506bae846f012b1e2c5e38e71a54a951f773d15 Mon Sep 17 00:00:00 2001 From: Dave Mc Nicoll Date: Fri, 27 Aug 2021 19:38:31 +0000 Subject: [PATCH] - Added Taxus annotation - Edidet the way SecurityHandler was working internally --- src/Annotation/Taxus.php | 16 +++++++++++++ src/SecurityHandler.php | 52 ++++++++++++++++++++++++++++++---------- 2 files changed, 55 insertions(+), 13 deletions(-) create mode 100644 src/Annotation/Taxus.php diff --git a/src/Annotation/Taxus.php b/src/Annotation/Taxus.php new file mode 100644 index 0000000..ac10154 --- /dev/null +++ b/src/Annotation/Taxus.php @@ -0,0 +1,16 @@ +privilege = $privilege; + } + } +} diff --git a/src/SecurityHandler.php b/src/SecurityHandler.php index 46f31f3..c084a61 100644 --- a/src/SecurityHandler.php +++ b/src/SecurityHandler.php @@ -2,6 +2,8 @@ namespace Notes\Security; +use Taxus\Taxus; + use Psr\Http\Message\ResponseInterface; use Notes\ObjectReflection, @@ -9,33 +11,57 @@ use Notes\ObjectReflection, class SecurityHandler { - protected ResponseInterface $response; + protected ResponseInterface $redirectResponse; - public function __construct(ResponseInterface $response) { - $this->response = $response; + protected \Closure $unauthorizeResponse; + + protected ? Taxus $taxus; + + public function __construct(ResponseInterface $redirectResponse, ? \Closure $unauthorizeResponse = null, ? Taxus $taxus = null) { + $this->redirectResponse = $redirectResponse; + $this->unauthorizeResponse = $unauthorizeResponse; + $this->taxus = $taxus; } - public function verify(string $className, string $methodName) : ? ResponseInterface { + public function verify(string $className, string $methodName) : ? ResponseInterface + { # Should generate an equivalent of Ulmus's object reflection here ! - if ( $this->getClassAnnotations($className, $methodName)->locked ) { - return $this->response; + if ( $security = $this->getClassAnnotations(Annotation\Security::class, $className, $methodName) ) { + return array_pop($security)->locked ? $this->redirectResponse : null; } return null; } - protected function getClassAnnotations(string $className, string $methodName)/* : \Notes\Annotation|array */ + public function taxus(string $className, string $methodName, object $user = null) : ? ResponseInterface + { + if ($taxus = $this->getClassAnnotations(Annotation\Taxus::class, $className, $methodName)) { + foreach($taxus as $item) { + if ( !isset($item->privilege) || $this->taxus->granted($item->privilege, $user, $item) ) { + return null; + } + } + + return call_user_func_array($this->unauthorizeResponse, [ $user, $taxus, $className, $methodName ] ); + } + + return null; + } + + protected function getClassAnnotations(string $annotationClass, string $className, string $methodName)/* : \Notes\Annotation|array */ { $objectResolver = new ObjectResolver($className, true, true, false, true); - if ( null !== ( $method = $objectResolver->getAnnotationListFromClassname( Annotation\Security::class ) ) ) { - if ( $method[$methodName] ?? false ) { - return $method[$methodName]; - } + try { + $method = $objectResolver->getAnnotationListFromClassname( $annotationClass, false ); } + catch(\Exception $e) { } - if ( null !== ( $object = $objectResolver->getAnnotationFromClassname( Annotation\Security::class ) ) ) { - return $object; + if ( $method[$methodName] ?? false ) { + return $method[$methodName]; + } + else { + return array_filter($method, fn($e) => is_object($e)); } } }