mcndave/notes-security
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: mcndave:master
Branches Tags
mcndave:master
mcndave:attributes
..
compare: mcndave:attributes
Branches Tags
mcndave:master
mcndave:attributes

1 Commits
master ... attributes

Author SHA1 Message Date
Dave Mc Nicoll
b6a36319d1 - WIP on attributes 2023-01-26 18:50:16 +00:00
4 changed files with 25 additions and 34 deletions
Show Stats Expand all files Collapse all files

2
composer.json
View File

@ -6,7 +6,7 @@
"authors": [
{
"name": "Dave Mc Nicoll",
"email": "info@mcnd.ca"
"email": "mcndave@gmail.com"
}
],
"require": {

1
src/Attribute/Security.php
View File

@ -6,6 +6,5 @@ namespace Notes\Security\Attribute;
class Security implements \Notes\Attribute {
public function __construct(
public null|bool $locked = null,
public null|string $realm = null,
) {}
}

2
src/Attribute/Taxus.php
View File

@ -5,7 +5,7 @@ namespace Notes\Security\Attribute;
#[\Attribute(\Attribute::IS_REPEATABLE | \Attribute::TARGET_METHOD | \Attribute::TARGET_CLASS)]
class Taxus implements \Notes\Attribute {
public function __construct(
public null|string|\BackedEnum $privilege = null,
public string $privilege = "",
public null|string $module = null,
) {}
}

54
src/SecurityHandler.php
View File

@ -6,13 +6,14 @@ use Taxus\Taxus;
use Psr\Http\Message\ResponseInterface;
use Notes\ObjectResolver;
use Notes\ObjectReflection,
Notes\ObjectResolver;
class SecurityHandler {
protected ResponseInterface $redirectResponse;
protected ? \Closure $unauthorizeResponse;
protected \Closure $unauthorizeResponse;
protected ? Taxus $taxus;
@ -24,44 +25,35 @@ class SecurityHandler {
public function verify(string $className, string $methodName) : ? ResponseInterface
{
return $this->isLocked($className, $methodName) ? $this->redirectResponse : null;
}
public function isLocked(string $className, string $methodName) : bool
{
if ( $security = $this->getClassAttributes(Attribute\Security::class, $className, $methodName) ) {
return array_pop($security)->locked;
}
return true;
}
public function taxus(string $className, string $methodName, object $user = null) : ? ResponseInterface
{
if ($taxus = $this->getClassAttributes(Attribute\Taxus::class, $className, $methodName)) {
if ($this->unauthorizeResponse) {
foreach ($taxus as $item) {
if (!isset($item->privilege) || $this->taxus->granted($item->privilege, $user, $item)) {
return null;
}
}
return call_user_func_array($this->unauthorizeResponse, [ $user, $taxus, $className, $methodName ]);
}
else {
throw new \ErrorException("Unauthorized response given.");
}
# Should generate an equivalent of Ulmus's object reflection here !
if ( $security = $this->getClassAnnotations(Annotation\Security::class, $className, $methodName) ) {
return array_pop($security)->locked ? $this->redirectResponse : null;
}
return null;
}
protected function getClassAttributes(string $annotationClass, string $className, string $methodName)/* : \Notes\Attribute|array */
public function taxus(string $className, string $methodName, object $user = null) : ? ResponseInterface
{
if ($taxus = $this->getClassAnnotations(Annotation\Taxus::class, $className, $methodName)) {
foreach($taxus as $item) {
if ( !isset($item->privilege) || $this->taxus->granted($item->privilege, $user, $item) ) {
return null;
}
}
return call_user_func_array($this->unauthorizeResponse, [ $user, $taxus, $className, $methodName ] );
}
return null;
}
protected function getClassAnnotations(string $annotationClass, string $className, string $methodName)/* : \Notes\Annotation|array */
{
$objectResolver = new ObjectResolver($className, true, true, false, true);
try {
$method = $objectResolver->getAttributeListFromClassname( $annotationClass, false );
$method = $objectResolver->getAnnotationListFromClassname( $annotationClass, false );
}
catch(\Exception $e) { }