diff --git a/src/ZfcAcl/Guard/Dispatch.php b/src/ZfcAcl/Guard/Dispatch.php index b553d6c..02e97b2 100644 --- a/src/ZfcAcl/Guard/Dispatch.php +++ b/src/ZfcAcl/Guard/Dispatch.php @@ -2,16 +2,22 @@ namespace ZfcAcl\Guard; -use Zend\Mvc\MvcEvent, - ZfcAcl\Exception\UnauthorizedException, - ZfcAcl\Model\Mapper\DispatchableResourceMapperInterface, - ZfcAcl\Service\Acl as AclService; +use Zend\Mvc\MvcEvent; +use ZfcAcl\Exception\UnauthorizedException; +use ZfcAcl\Model\Mapper\DispatchableResourceMapperInterface; +use ZfcAcl\Service\Acl as AclService; +use ZfcAcl\Service\ZfcAclAwareInterface; /** * Dispatch guard applies ACL checks the controller that has been requested */ -class Dispatch implements Guard +class Dispatch implements Guard, ZfcAclAwareInterface { + /** + * @var AclService + */ + protected $aclService; + /** * @var DispatchableResourceMapperInterface */ @@ -25,11 +31,6 @@ public function __construct(DispatchableResourceMapperInterface $dispatchableRes $this->setDispatchableResourceMapper($dispatchableResourceMapper); } - /** - * @var AclService - */ - protected $aclService; - public function dispatch(MvcEvent $e) { // @todo this logic should somehow be shared with Zend\Mvc\Application @@ -43,7 +44,7 @@ public function dispatch(MvcEvent $e) if (!$this->aclService->isAllowed($controllerResource)) { throw new UnauthorizedException( $this->aclService->getRole()->getRoleId() . ' is not allowed to access dispatchable ' - . $controller . ' (' . $controllerResource . ')' + . $controller . ' (' . $controllerResource . ')' ); } } @@ -64,13 +65,19 @@ public function setDispatchableResourceMapper(DispatchableResourceMapperInterfac $this->dispatchableResourceMapper = $dispatchableResourceMapper; } - public function getAclService() + /** + * {@inheritDoc} + */ + public function setZfcAclService(AclService $acl) { - return $this->aclService; + $this->aclService = $acl; } - public function setAclService(AclService $aclService) + /** + * {@inheritDoc} + */ + public function getZfcAclService() { - $this->aclService = $aclService; + return $this->aclService; } } \ No newline at end of file diff --git a/src/ZfcAcl/Guard/Event.php b/src/ZfcAcl/Guard/Event.php index f204fb8..37c4074 100644 --- a/src/ZfcAcl/Guard/Event.php +++ b/src/ZfcAcl/Guard/Event.php @@ -2,56 +2,74 @@ namespace ZfcAcl\Guard; -use Zend\EventManager\StaticEventManager, - Zend\Acl\Resource\ResourceInterface as Resource, - ZfcAcl\Model\EventGuardDefTriggeredEventAware, - ZfcAcl\Exception\UnauthorizedException; +use Zend\EventManager\StaticEventManager; +use Zend\Acl\Resource\ResourceInterface as Resource; +use ZfcAcl\Model\EventGuardDefTriggeredEventAware; +use ZfcAcl\Exception\UnauthorizedException; +use ZfcAcl\Service\ZfcAclAwareInterface; -class Event implements Guard { +class Event implements Guard, ZfcAclAwareInterface +{ + /** + * @var AclService + */ protected $aclService; protected $eventGuardDefMapper; - - public function bootstrap() { + + public function bootstrap() + { $events = StaticEventManager::getInstance(); $acl = $this->getAclService(); - + $defMapper = $this->getEventGuardDefMapper(); $defs = $defMapper->findByRoleId($acl->getRole()->getRoleId()); - - foreach($defs as $def) { - $events->attach($def->getEventId(), $def->getEvent(), function($e) use ($acl, $def) { - if($def instanceof EventGuardDefTriggeredEventAware) { + + foreach ($defs as $def) { + $events->attach($def->getEventId(), $def->getEvent(), function($e) use ($acl, $def) + { + if ($def instanceof EventGuardDefTriggeredEventAware) { $def->setTriggeredEvent($e); } - + $resource = $def->getResource(); $privilege = $def->getPrivilege(); - if(!$acl->isAllowed($resource, $privilege)) { + if (!$acl->isAllowed($resource, $privilege)) { $roleId = $acl->getRole()->getRoleId(); - if($resource instanceof Resource) { + if ($resource instanceof Resource) { $resource = $resource->getResourceId(); } - throw new UnauthorizedException("You ($roleId) are not allowed to perform '$privilege' on '$resource'"); + throw new UnauthorizedException( + "$roleId` is not allowed to perform '$privilege' on '$resource'" + ); } }, 1000); } - + } - - public function getEventGuardDefMapper() { + + public function getEventGuardDefMapper() + { return $this->eventGuardDefMapper; } - public function setEventGuardDefMapper($eventGuardDefMapper) { + public function setEventGuardDefMapper($eventGuardDefMapper) + { $this->eventGuardDefMapper = $eventGuardDefMapper; } - - public function getAclService() { - return $this->aclService; - } - public function setAclService($aclService) { - $this->aclService = $aclService; + /** + * {@inheritDoc} + */ + public function setZfcAclService(AclService $acl) + { + $this->aclService = $acl; } + /** + * {@inheritDoc} + */ + public function getZfcAclService() + { + return $this->aclService; + } } \ No newline at end of file diff --git a/src/ZfcAcl/Guard/Route.php b/src/ZfcAcl/Guard/Route.php index 2c79299..a50f241 100644 --- a/src/ZfcAcl/Guard/Route.php +++ b/src/ZfcAcl/Guard/Route.php @@ -2,51 +2,66 @@ namespace ZfcAcl\Guard; -use Zend\Mvc\MvcEvent, - ZfcAcl\Exception\UnauthorizedException, - Exception as NoRouteResourceFoundException; +use Zend\Mvc\MvcEvent; +use ZfcAcl\Exception\UnauthorizedException; +use Exception as NoRouteResourceFoundException; +use ZfcAcl\Service\ZfcAclAwareInterface; -class Route implements Guard { - protected $routeResourceMapMapper; +class Route implements Guard, ZfcAclAwareInterface +{ + /** + * @var AclService + */ protected $aclService; - - public function onRoute(MvcEvent $e) { + protected $routeResourceMapMapper; + + public function onRoute(MvcEvent $e) + { $routeMatch = $e->getRouteMatch(); $routeName = $routeMatch->getMatchedRouteName(); - + $map = $this->getRouteResourceMapMapper()->findByRouteName($routeName); - if($map === null) { + if ($map === null) { return; } $routeResource = $map->getRouteResource($routeName); - if($routeResource === null) { + if ($routeResource === null) { //$routeResource = $this->getDefaultRouteResource(); //matuszemi: TODO what in this case??? throw new NoRouteResourceFoundException("No route resource found"); } - + $acl = $this->getAclService(); - if(!$acl->isAllowed($routeResource)) { + if (!$acl->isAllowed($routeResource)) { $roleId = $acl->getRole()->getRoleId(); throw new UnauthorizedException("You ($roleId) are not allowed to access this route '$routeName' ($routeResource)"); } } - + //setters/getters - public function getRouteResourceMapMapper() { + public function getRouteResourceMapMapper() + { return $this->routeResourceMapMapper; } - public function setRouteResourceMapMapper($routeResourceMapMapper) { + public function setRouteResourceMapMapper($routeResourceMapMapper) + { $this->routeResourceMapMapper = $routeResourceMapMapper; } - - public function getAclService() { - return $this->aclService; - } - public function setAclService($aclService) { - $this->aclService = $aclService; + /** + * {@inheritDoc} + */ + public function setZfcAclService(AclService $acl) + { + $this->aclService = $acl; } + /** + * {@inheritDoc} + */ + public function getZfcAclService() + { + return $this->aclService; + } } \ No newline at end of file diff --git a/src/ZfcAcl/Service/ZfcAclAwareInterface.php b/src/ZfcAcl/Service/ZfcAclAwareInterface.php new file mode 100644 index 0000000..4e4709f --- /dev/null +++ b/src/ZfcAcl/Service/ZfcAclAwareInterface.php @@ -0,0 +1,22 @@ +getAclService()->isAllowed($resource, $privilege); } - - public function getAclService () + + /** + * {@inheritDoc} + */ + public function setZfcAclService(Acl $acl) { - return $this->aclService; + $this->aclService = $acl; } - - public function setAclService ($aclService) + + /** + * {@inheritDoc} + */ + public function getZfcAclService() { - $this->aclService = $aclService; + return $this->aclService; } } \ No newline at end of file