- Added Taxus annotation
- Edidet the way SecurityHandler was working internally
This commit is contained in:
Dave Mc Nicoll
parent
71bdc9171a
commit
b506bae846
|
|
@ -0,0 +1,16 @@
|
|||
<?php
|
||||
|
||||
namespace Notes\Security\Annotation;
|
||||
|
||||
class Taxus implements \Notes\Annotation {
|
||||
|
||||
public string $module;
|
||||
|
||||
public string $privilege;
|
||||
|
||||
public function __construct(? string $privilege = null) {
|
||||
if ($privilege !== null) {
|
||||
$this->privilege = $privilege;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
namespace Notes\Security;
|
||||
|
||||
use Taxus\Taxus;
|
||||
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
|
||||
use Notes\ObjectReflection,
|
||||
|
|
@ -9,33 +11,57 @@ use Notes\ObjectReflection,
|
|||
|
||||
class SecurityHandler {
|
||||
|
||||
protected ResponseInterface $response;
|
||||
protected ResponseInterface $redirectResponse;
|
||||
|
||||
public function __construct(ResponseInterface $response) {
|
||||
$this->response = $response;
|
||||
protected \Closure $unauthorizeResponse;
|
||||
|
||||
protected ? Taxus $taxus;
|
||||
|
||||
public function __construct(ResponseInterface $redirectResponse, ? \Closure $unauthorizeResponse = null, ? Taxus $taxus = null) {
|
||||
$this->redirectResponse = $redirectResponse;
|
||||
$this->unauthorizeResponse = $unauthorizeResponse;
|
||||
$this->taxus = $taxus;
|
||||
}
|
||||
|
||||
public function verify(string $className, string $methodName) : ? ResponseInterface {
|
||||
public function verify(string $className, string $methodName) : ? ResponseInterface
|
||||
{
|
||||
# Should generate an equivalent of Ulmus's object reflection here !
|
||||
if ( $this->getClassAnnotations($className, $methodName)->locked ) {
|
||||
return $this->response;
|
||||
if ( $security = $this->getClassAnnotations(Annotation\Security::class, $className, $methodName) ) {
|
||||
return array_pop($security)->locked ? $this->redirectResponse : null;
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
protected function getClassAnnotations(string $className, string $methodName)/* : \Notes\Annotation|array */
|
||||
public function taxus(string $className, string $methodName, object $user = null) : ? ResponseInterface
|
||||
{
|
||||
if ($taxus = $this->getClassAnnotations(Annotation\Taxus::class, $className, $methodName)) {
|
||||
foreach($taxus as $item) {
|
||||
if ( !isset($item->privilege) || $this->taxus->granted($item->privilege, $user, $item) ) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
return call_user_func_array($this->unauthorizeResponse, [ $user, $taxus, $className, $methodName ] );
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
protected function getClassAnnotations(string $annotationClass, string $className, string $methodName)/* : \Notes\Annotation|array */
|
||||
{
|
||||
$objectResolver = new ObjectResolver($className, true, true, false, true);
|
||||
|
||||
if ( null !== ( $method = $objectResolver->getAnnotationListFromClassname( Annotation\Security::class ) ) ) {
|
||||
if ( $method[$methodName] ?? false ) {
|
||||
return $method[$methodName];
|
||||
}
|
||||
try {
|
||||
$method = $objectResolver->getAnnotationListFromClassname( $annotationClass, false );
|
||||
}
|
||||
catch(\Exception $e) { }
|
||||
|
||||
if ( null !== ( $object = $objectResolver->getAnnotationFromClassname( Annotation\Security::class ) ) ) {
|
||||
return $object;
|
||||
if ( $method[$methodName] ?? false ) {
|
||||
return $method[$methodName];
|
||||
}
|
||||
else {
|
||||
return array_filter($method, fn($e) => is_object($e));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue