Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] - Feature/zfcacl aware #8

Closed
wants to merge 3 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 22 additions & 15 deletions src/ZfcAcl/Guard/Dispatch.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,22 @@

namespace ZfcAcl\Guard;

use Zend\Mvc\MvcEvent,
ZfcAcl\Exception\UnauthorizedException,
ZfcAcl\Model\Mapper\DispatchableResourceMapperInterface,
ZfcAcl\Service\Acl as AclService;
use Zend\Mvc\MvcEvent;
use ZfcAcl\Exception\UnauthorizedException;
use ZfcAcl\Model\Mapper\DispatchableResourceMapperInterface;
use ZfcAcl\Service\Acl as AclService;
use ZfcAcl\Service\ZfcAclAwareInterface;

/**
* Dispatch guard applies ACL checks the controller that has been requested
*/
class Dispatch implements Guard
class Dispatch implements Guard, ZfcAclAwareInterface
{
/**
* @var AclService
*/
protected $aclService;

/**
* @var DispatchableResourceMapperInterface
*/
Expand All @@ -25,11 +31,6 @@ public function __construct(DispatchableResourceMapperInterface $dispatchableRes
$this->setDispatchableResourceMapper($dispatchableResourceMapper);
}

/**
* @var AclService
*/
protected $aclService;

public function dispatch(MvcEvent $e)
{
// @todo this logic should somehow be shared with Zend\Mvc\Application
Expand All @@ -43,7 +44,7 @@ public function dispatch(MvcEvent $e)
if (!$this->aclService->isAllowed($controllerResource)) {
throw new UnauthorizedException(
$this->aclService->getRole()->getRoleId() . ' is not allowed to access dispatchable '
. $controller . ' (' . $controllerResource . ')'
. $controller . ' (' . $controllerResource . ')'
);
}
}
Expand All @@ -64,13 +65,19 @@ public function setDispatchableResourceMapper(DispatchableResourceMapperInterfac
$this->dispatchableResourceMapper = $dispatchableResourceMapper;
}

public function getAclService()
/**
* {@inheritDoc}
*/
public function setZfcAclService(AclService $acl)
{
return $this->aclService;
$this->aclService = $acl;
}

public function setAclService(AclService $aclService)
/**
* {@inheritDoc}
*/
public function getZfcAclService()
{
$this->aclService = $aclService;
return $this->aclService;
}
}
70 changes: 44 additions & 26 deletions src/ZfcAcl/Guard/Event.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,56 +2,74 @@

namespace ZfcAcl\Guard;

use Zend\EventManager\StaticEventManager,
Zend\Acl\Resource\ResourceInterface as Resource,
ZfcAcl\Model\EventGuardDefTriggeredEventAware,
ZfcAcl\Exception\UnauthorizedException;
use Zend\EventManager\StaticEventManager;
use Zend\Acl\Resource\ResourceInterface as Resource;
use ZfcAcl\Model\EventGuardDefTriggeredEventAware;
use ZfcAcl\Exception\UnauthorizedException;
use ZfcAcl\Service\ZfcAclAwareInterface;

class Event implements Guard {
class Event implements Guard, ZfcAclAwareInterface
{
/**
* @var AclService
*/
protected $aclService;
protected $eventGuardDefMapper;

public function bootstrap() {

public function bootstrap()
{
$events = StaticEventManager::getInstance();
$acl = $this->getAclService();

$defMapper = $this->getEventGuardDefMapper();
$defs = $defMapper->findByRoleId($acl->getRole()->getRoleId());

foreach($defs as $def) {
$events->attach($def->getEventId(), $def->getEvent(), function($e) use ($acl, $def) {
if($def instanceof EventGuardDefTriggeredEventAware) {

foreach ($defs as $def) {
$events->attach($def->getEventId(), $def->getEvent(), function($e) use ($acl, $def)
{
if ($def instanceof EventGuardDefTriggeredEventAware) {
$def->setTriggeredEvent($e);
}

$resource = $def->getResource();
$privilege = $def->getPrivilege();
if(!$acl->isAllowed($resource, $privilege)) {
if (!$acl->isAllowed($resource, $privilege)) {
$roleId = $acl->getRole()->getRoleId();
if($resource instanceof Resource) {
if ($resource instanceof Resource) {
$resource = $resource->getResourceId();
}
throw new UnauthorizedException("You ($roleId) are not allowed to perform '$privilege' on '$resource'");
throw new UnauthorizedException(
"$roleId` is not allowed to perform '$privilege' on '$resource'"
);
}
}, 1000);
}

}

public function getEventGuardDefMapper() {

public function getEventGuardDefMapper()
{
return $this->eventGuardDefMapper;
}

public function setEventGuardDefMapper($eventGuardDefMapper) {
public function setEventGuardDefMapper($eventGuardDefMapper)
{
$this->eventGuardDefMapper = $eventGuardDefMapper;
}

public function getAclService() {
return $this->aclService;
}

public function setAclService($aclService) {
$this->aclService = $aclService;
/**
* {@inheritDoc}
*/
public function setZfcAclService(AclService $acl)
{
$this->aclService = $acl;
}

/**
* {@inheritDoc}
*/
public function getZfcAclService()
{
return $this->aclService;
}
}
57 changes: 36 additions & 21 deletions src/ZfcAcl/Guard/Route.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,51 +2,66 @@

namespace ZfcAcl\Guard;

use Zend\Mvc\MvcEvent,
ZfcAcl\Exception\UnauthorizedException,
Exception as NoRouteResourceFoundException;
use Zend\Mvc\MvcEvent;
use ZfcAcl\Exception\UnauthorizedException;
use Exception as NoRouteResourceFoundException;
use ZfcAcl\Service\ZfcAclAwareInterface;

class Route implements Guard {
protected $routeResourceMapMapper;
class Route implements Guard, ZfcAclAwareInterface
{
/**
* @var AclService
*/
protected $aclService;

public function onRoute(MvcEvent $e) {
protected $routeResourceMapMapper;

public function onRoute(MvcEvent $e)
{
$routeMatch = $e->getRouteMatch();
$routeName = $routeMatch->getMatchedRouteName();

$map = $this->getRouteResourceMapMapper()->findByRouteName($routeName);
if($map === null) {
if ($map === null) {
return;
}
$routeResource = $map->getRouteResource($routeName);
if($routeResource === null) {
if ($routeResource === null) {
//$routeResource = $this->getDefaultRouteResource();
//matuszemi: TODO what in this case???
throw new NoRouteResourceFoundException("No route resource found");
}

$acl = $this->getAclService();
if(!$acl->isAllowed($routeResource)) {
if (!$acl->isAllowed($routeResource)) {
$roleId = $acl->getRole()->getRoleId();
throw new UnauthorizedException("You ($roleId) are not allowed to access this route '$routeName' ($routeResource)");
}
}

//setters/getters
public function getRouteResourceMapMapper() {
public function getRouteResourceMapMapper()
{
return $this->routeResourceMapMapper;
}

public function setRouteResourceMapMapper($routeResourceMapMapper) {
public function setRouteResourceMapMapper($routeResourceMapMapper)
{
$this->routeResourceMapMapper = $routeResourceMapMapper;
}

public function getAclService() {
return $this->aclService;
}

public function setAclService($aclService) {
$this->aclService = $aclService;
/**
* {@inheritDoc}
*/
public function setZfcAclService(AclService $acl)
{
$this->aclService = $acl;
}

/**
* {@inheritDoc}
*/
public function getZfcAclService()
{
return $this->aclService;
}
}
22 changes: 22 additions & 0 deletions src/ZfcAcl/Service/ZfcAclAwareInterface.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
<?php
namespace ZfcAcl\Service;

use ZfcAcl\Service\Acl;

/**
* Provides methods required by any object that should be aware of the ZfcAcl Acl service
*/
interface ZfcAclAwareInterface
{
/**
* @abstract
* @param Acl $acl
*/
public function setZfcAclService(Acl $acl);

/**
* @abstract
* @return Acl|null
*/
public function getZfcAclService();
}
34 changes: 25 additions & 9 deletions src/ZfcAcl/View/Helper/ZfcAcl.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,25 +2,41 @@

namespace ZfcAcl\View\Helper;

use Zend\View\Helper\AbstractHelper,
Zend\Authentication\AuthenticationService;
use Zend\View\Helper\AbstractHelper;
use Zend\Authentication\AuthenticationService;
use ZfcAcl\Service\Acl;
use ZfcAcl\Service\ZfcAclAwareInterface;

class ZfcAcl extends AbstractHelper
class ZfcAcl extends AbstractHelper implements ZfcAclAwareInterface
{
/**
* @var Acl
*/
protected $aclService;

/**
* @param null|string|\Zend\Acl\Resource $resource
* @param null|string $privilege
* @return boolean
*/
public function isAllowed($resource, $privilege = null)
{
return $this->getAclService()->isAllowed($resource, $privilege);
}

public function getAclService ()

/**
* {@inheritDoc}
*/
public function setZfcAclService(Acl $acl)
{
return $this->aclService;
$this->aclService = $acl;
}

public function setAclService ($aclService)

/**
* {@inheritDoc}
*/
public function getZfcAclService()
{
$this->aclService = $aclService;
return $this->aclService;
}
}