-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSecurityUserTrait.php
More file actions
77 lines (65 loc) · 1.84 KB
/
Copy pathSecurityUserTrait.php
File metadata and controls
77 lines (65 loc) · 1.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<?php
namespace ADT\FancyAdmin\Model\Security;
use ADT\FancyAdmin\Model\Entities\AclRole;
use Doctrine\ORM\EntityManagerInterface;
use Nette\Http\Request;
use Nette\Security\AuthenticationException;
use Nette\Security\Authorizator;
use Nette\Security\IAuthenticator;
use Nette\Security\IIdentity;
use Nette\Security\Resource;
use Nette\Security\UserStorage;
use SensitiveParameter;
trait SecurityUserTrait
{
abstract protected function getAuthorizator(): Authorizator;
abstract public function getIdentity(): ?IIdentity;
protected Resource $fullDataAclResource;
protected Resource $backofficeAclResource;
public function isAllowed($resource = Authorizator::All, $privilege = Authorizator::All): bool
{
return array_any(
$this->getIdentity()->getRoles(),
fn(AclRole $role) => $role->getIsAdmin() || $this->getAuthorizator()->isAllowed($role->getRoleId(), $resource, $privilege)
);
}
public function isAdmin(): bool
{
return array_any(
$this->getIdentity()->getRoles(),
fn(AclRole $role) => $role->getIsAdmin()
);
}
/**
* @throws AuthenticationException
*/
public function login(
string|IIdentity $username,
#[SensitiveParameter]
?string $password = null,
?string $context = null,
array $metadata = []
): void
{
if (empty($context)) {
throw new \Exception('Context is required.');
}
parent::login($username, $password, $context, $metadata);
}
public function setFullDataAclResource(Resource $aclResource): void
{
$this->fullDataAclResource = $aclResource;
}
public function isAllowedFullDataAclResource(): bool
{
return $this->isAllowed($this->fullDataAclResource);
}
public function setBackofficeAclResource(Resource $aclResource): void
{
$this->backofficeAclResource = $aclResource;
}
public function isAllowedBackoffice(): bool
{
return $this->isAllowed($this->backofficeAclResource);
}
}