summaryrefslogtreecommitdiff
path: root/src/Middleware
diff options
context:
space:
mode:
authorIgor Scheller <igor.scheller@igorshp.de>2018-11-14 02:17:27 +0100
committermsquare <msquare@notrademark.de>2018-12-02 12:53:31 +0100
commitc9d7e88cc70b6ad124c28be479a6e64c4b174ea6 (patch)
treeee4a37c27b05c1ef4ccc6a01cc088b510f5084ef /src/Middleware
parent55beca95cd8d6ecfe610daea304c8374a10485af (diff)
Implemented controller permissions
Diffstat (limited to 'src/Middleware')
-rw-r--r--src/Middleware/CallableHandler.php8
-rw-r--r--src/Middleware/RequestHandler.php45
2 files changed, 53 insertions, 0 deletions
diff --git a/src/Middleware/CallableHandler.php b/src/Middleware/CallableHandler.php
index eb493bf1..0bb666a3 100644
--- a/src/Middleware/CallableHandler.php
+++ b/src/Middleware/CallableHandler.php
@@ -74,4 +74,12 @@ class CallableHandler implements MiddlewareInterface, RequestHandlerInterface
$response = $this->container->get('response');
return $response->withContent($return);
}
+
+ /**
+ * @return callable
+ */
+ public function getCallable()
+ {
+ return $this->callable;
+ }
}
diff --git a/src/Middleware/RequestHandler.php b/src/Middleware/RequestHandler.php
index ebe1ff9e..b0fc664f 100644
--- a/src/Middleware/RequestHandler.php
+++ b/src/Middleware/RequestHandler.php
@@ -3,6 +3,9 @@
namespace Engelsystem\Middleware;
use Engelsystem\Application;
+use Engelsystem\Controllers\BaseController;
+use Engelsystem\Helpers\Authenticator;
+use Engelsystem\Http\Exceptions\HttpForbidden;
use InvalidArgumentException;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
@@ -37,6 +40,14 @@ class RequestHandler implements MiddlewareInterface
$requestHandler = $request->getAttribute('route-request-handler');
$requestHandler = $this->resolveRequestHandler($requestHandler);
+ if ($requestHandler instanceof CallableHandler) {
+ $callable = $requestHandler->getCallable();
+
+ if (is_array($callable) && $callable[0] instanceof BaseController) {
+ $this->checkPermissions($callable[0], $callable[1]);
+ }
+ }
+
if ($requestHandler instanceof MiddlewareInterface) {
return $requestHandler->process($request, $handler);
}
@@ -49,6 +60,8 @@ class RequestHandler implements MiddlewareInterface
}
/**
+ * Resolve the given class
+ *
* @param string|callable|MiddlewareInterface|RequestHandlerInterface $handler
* @return MiddlewareInterface|RequestHandlerInterface
*/
@@ -76,4 +89,36 @@ class RequestHandler implements MiddlewareInterface
return $this->resolveMiddleware($handler);
}
+
+ /**
+ * Check required page permissions
+ *
+ * @param BaseController $controller
+ * @param string $method
+ * @return bool
+ */
+ protected function checkPermissions(BaseController $controller, string $method): bool
+ {
+ /** @var Authenticator $auth */
+ $auth = $this->container->get('auth');
+ $permissions = $controller->getPermissions();
+
+ // Merge action permissions
+ if (isset($permissions[$method])) {
+ $permissions = array_merge($permissions, (array)$permissions[$method]);
+ }
+
+ foreach ($permissions as $key => $permission) {
+ // Skip all action permission entries
+ if (!is_int($key)) {
+ continue;
+ }
+
+ if (!$auth->can($permission)) {
+ throw new HttpForbidden();
+ }
+ }
+
+ return true;
+ }
}