- Reworked the SecurityHandler granting part which now supports NULL as a 'skipping' value. This necessity appeared since a new property in the attribute was added.
This commit is contained in:
Dave Mc Nicoll
parent
4568427c66
commit
86afea9b4e
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
namespace Notes\Security;
|
namespace Notes\Security;
|
||||||
|
|
||||||
|
use Notes\Common\ReflectedAttribute;
|
||||||
use Taxus\Taxus;
|
use Taxus\Taxus;
|
||||||
|
|
||||||
use Psr\Http\Message\ResponseInterface;
|
use Psr\Http\Message\ResponseInterface;
|
||||||
|
|
@ -27,10 +28,12 @@ class SecurityHandler {
|
||||||
return $this->isLocked($className, $methodName) ? $this->redirectResponse : null;
|
return $this->isLocked($className, $methodName) ? $this->redirectResponse : null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# @TODO Must HANDLE REALM !
|
||||||
public function isLocked(string $className, string $methodName) : bool
|
public function isLocked(string $className, string $methodName) : bool
|
||||||
{
|
{
|
||||||
if ( $security = $this->getClassAttributes(Attribute\Security::class, $className, $methodName) ) {
|
# Searching method first and fallbacking on object if none found
|
||||||
return array_pop($security)->locked;
|
if ( $list = $this->findAttributes(Attribute\Security::class, $className, $methodName) ) {
|
||||||
|
return array_pop($list)->locked;
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
@ -38,15 +41,16 @@ class SecurityHandler {
|
||||||
|
|
||||||
public function taxus(string $className, string $methodName, object $user = null) : ? ResponseInterface
|
public function taxus(string $className, string $methodName, object $user = null) : ? ResponseInterface
|
||||||
{
|
{
|
||||||
if ($taxus = $this->getClassAttributes(Attribute\Taxus::class, $className, $methodName)) {
|
$fromObject = $this->findAttributes(Attribute\Taxus::class, $className);
|
||||||
if ($this->unauthorizeResponse) {
|
$fromMethod = $this->findAttributes(Attribute\Taxus::class, $className, $methodName);
|
||||||
foreach ($taxus as $item) {
|
|
||||||
if (!isset($item->privilege) || $this->taxus->granted($item->privilege, $user, $item)) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return call_user_func_array($this->unauthorizeResponse, [ $user, $taxus, $className, $methodName ]);
|
if ($fromMethod || $fromObject) {
|
||||||
|
if ( $this->taxusGrantPermission($fromMethod, $user) || $this->taxusGrantPermission($fromObject, $user) ) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($this->unauthorizeResponse) {
|
||||||
|
return call_user_func_array($this->unauthorizeResponse, [ $user, ['method' => $fromMethod, 'object' => $fromObject ], $className, $methodName ]);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
throw new \ErrorException("Unauthorized response given.");
|
throw new \ErrorException("Unauthorized response given.");
|
||||||
|
|
@ -56,22 +60,39 @@ class SecurityHandler {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function getClassAttributes(string $annotationClass, string $className, string $methodName)/* : \Notes\Attribute|array */
|
protected function findAttributes(string $attribute, string $class, ? string $method = null) : array
|
||||||
{
|
{
|
||||||
$objectResolver = new ObjectResolver($className);
|
$objectResolver = new ObjectResolver($class);
|
||||||
|
|
||||||
try {
|
if ($method) {
|
||||||
$method = $objectResolver->reflectedClass->getClassAttributeList( $annotationClass, true, false );
|
$fromMethod = $objectResolver->reflectedClass->getMethods( false );
|
||||||
|
|
||||||
# var_dump($method);
|
if (isset($fromMethod[$method])) {
|
||||||
}
|
$attributeList = $fromMethod[$method]->getAttributes($attribute);
|
||||||
catch(\Exception $e) { }
|
|
||||||
|
|
||||||
if ( $method[$methodName] ?? false ) {
|
if ($attributeList) {
|
||||||
return $method[$methodName];
|
return array_map(fn(ReflectedAttribute $ref) => $ref->object, $attributeList);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
return array_filter($method, fn($e) => is_object($e));
|
$attributeList = $objectResolver->reflectedClass->getAttributes(false, $attribute) ?: $objectResolver->reflectedClass->getAttributes(true, $attribute);
|
||||||
|
|
||||||
|
if ($attributeList) {
|
||||||
|
return array_map(fn(ReflectedAttribute $ref) => $ref->object, $attributeList);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return [];
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function taxusGrantPermission(array $attributeList, object $user = null) : bool
|
||||||
|
{
|
||||||
|
foreach ($attributeList as $item) {
|
||||||
|
if (! isset($item->privilege) || $this->taxus->granted($item->privilege, $user, $item)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue