-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAuthority.php
More file actions
88 lines (75 loc) · 2.5 KB
/
Authority.php
File metadata and controls
88 lines (75 loc) · 2.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
/*
* Opulence
*
* @link https://www.opulencephp.com
* @copyright Copyright (C) 2021 David Young
* @license https://github.com/opulencephp/Opulence/blob/1.2/LICENSE.md
*/
namespace Opulence\Authorization;
use Opulence\Authorization\Permissions\IPermissionRegistry;
/**
* Defines the authority
*/
class Authority implements IAuthority
{
/** @var int|string The primary identity of the current subject */
protected $subjectId = -1;
/** @var array The list of roles the subject has */
protected $subjectRoles = null;
/** @var IPermissionRegistry The permission registry */
protected $permissionRegistry = null;
/**
* @param int|string $subjectId The primary identity of the current subject
* @param array $subjectRoles The list of roles the subject has
* @param IPermissionRegistry $permissionRegistry The permission registry
*/
public function __construct($subjectId, array $subjectRoles, IPermissionRegistry $permissionRegistry)
{
$this->setSubject($subjectId, $subjectRoles);
$this->permissionRegistry = $permissionRegistry;
}
/**
* @inheritdoc
*/
public function can(string $permission, ...$arguments) : bool
{
// Check the overrides first
foreach ($this->permissionRegistry->getOverrideCallbacks() as $overrideCallback) {
if ($overrideCallback($this->subjectId, $permission, ...$arguments)) {
return true;
}
}
$requiredRoles = $this->permissionRegistry->getRoles($permission);
// If our subject has at least one of the required roles
if ($requiredRoles !== null && count(array_intersect($requiredRoles, $this->subjectRoles)) > 0) {
return true;
}
if (($callback = $this->permissionRegistry->getCallback($permission)) === null) {
return false;
}
return $callback($this->subjectId, ...$arguments);
}
/**
* @inheritdoc
*/
public function cannot(string $permission, ...$arguments) : bool
{
return !$this->can($permission, ...$arguments);
}
/**
* @inheritdoc
*/
public function forSubject($subjectId, array $subjectRoles = null) : IAuthority
{
return new self($subjectId, $subjectRoles, $this->permissionRegistry);
}
/**
* @inheritdoc
*/
public function setSubject($subjectId, array $subjectRoles)
{
$this->subjectId = $subjectId;
$this->subjectRoles = $subjectRoles;
}
}