Skip to content

Instantly share code, notes, and snippets.

@webdevilopers
Created July 15, 2014 12:27
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save webdevilopers/3fcd420d540158c02c3a to your computer and use it in GitHub Desktop.
ZfcRbac assertion example using factories
<?php
namespace Application\Assertions;
use ZfcRbac\Assertion\AssertionInterface;
use ZfcRbac\Service\AuthorizationService;
class CanEditContractAssertion implements AssertionInterface
{
/**
* Check if this assertion is true
*
* @param AuthorizationService $authorization
* @param mixed $contract
*
* @return bool
*/
public function assert(AuthorizationService $authorization, $contract = null)
{
// echo $authorization->getIdentity()->getId();
// echo $contract->getProjectManager()->getId();
if ($authorization->getIdentity() === $contract->getProjectManager()) {
return true;
}
return $authorization->isGranted('contract.edit.all');
#return $authorization->isGranted('contract.edit');
}
}
<?php
namespace Application\Controller;
use Zend\Mvc\Controller\AbstractActionController;
use Zend\View\Model\ViewModel;
use Application\Service\ContractService;
class ContractController extends AbstractActionController
{
protected $contractService;
public function __construct(ContractService $contractService)
{
$this->contractService = $contractService;
}
public function editAction()
{
$id = (int) $this->params('id');
if (!$id) {
return $this->redirect()->toRoute('contract', array('action'=>'list'));
}
$this->contractService->editContract($id);
}
}
<?php
namespace Application\Service;
use Doctrine\Common\Persistence\ObjectManager;
use ZfcRbac\Service\AuthorizationService;
use ZfcRbac\Exception\UnauthorizedException;
class ContractService
{
protected $objectManager;
protected $authorizationService;
public function __construct(
ObjectManager $objectManager,
AuthorizationService $autorizationService
) {
$this->objectManager = $objectManager;
$this->authorizationService = $autorizationService;
}
public function editContract($id)
{
$contract = $this->objectManager->find('Application\Entity\Contract', $id);
$rbac = $this->authorizationService;
if (!$this->authorizationService->isGranted('contract.edit', $contract)) {
throw new UnauthorizedException('You are not allowed !');
}
}
}
<?php
namespace Application;
use Application\Service\ContractService as ContractService;
use Application\Controller\ContractController as ContractController;
class Module
{
public function getServiceConfig()
{
return [
'factories' => [
'ContractService' => function($sm) {
return new ContractService(
$sm->get('doctrine.entitymanager.orm_default'),
$sm->get('ZfcRbac\Service\AuthorizationService')
);
}
]
];
}
public function getControllerConfig()
{
return [
'factories' => [
'Application\Controller\Contract' => function($cpm) {
return new ContractController(
$cpm->getServiceLocator()->get('ContractService')
);
}
]
];
}
}
<?php
return [
'zfc_rbac' => [
'assertion_map' => [
'contract.edit' => 'Application\Assertions\CanEditContractAssertion' // don't use same name es role_provider permission
],
'role_provider' => [
'ZfcRbac\Role\InMemoryRoleProvider' => [
'admin' => [
'children' => ['user'],
'permissions' => [
'contract.edit.all',
'admin'
],
],
'user' => [
'children' => ['guest'], // OPTIONAL
'permissions' => [
'contract.list',
'contract.add',
'contract.edit',
]
]
]
],
]
];
@ojhaujjwal
Copy link

I didn't find any problem on quick look.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment