Kilix /
php-abac
@@ -16,10 +16,10 @@ discard block |
||
| 16 | 16 | * {@inheritdoc} |
| 17 | 17 | */ |
| 18 | 18 | public function deleteItem($key) { |
| 19 | - if(isset($this->items[$key])) { |
|
| 19 | + if (isset($this->items[$key])) { |
|
| 20 | 20 | unset($this->items[$key]); |
| 21 | 21 | } |
| 22 | - if(isset($this->deferredItems[$key])) { |
|
| 22 | + if (isset($this->deferredItems[$key])) { |
|
| 23 | 23 | unset($this->deferredItems[$key]); |
| 24 | 24 | } |
| 25 | 25 | return true; |
@@ -29,8 +29,8 @@ discard block |
||
| 29 | 29 | * {@inheritdoc} |
| 30 | 30 | */ |
| 31 | 31 | public function deleteItems(array $keys) { |
| 32 | - foreach($keys as $key) { |
|
| 33 | - if(!$this->deleteItem($key)) { |
|
| 32 | + foreach ($keys as $key) { |
|
| 33 | + if (!$this->deleteItem($key)) { |
|
| 34 | 34 | return false; |
| 35 | 35 | } |
| 36 | 36 | } |
@@ -59,7 +59,7 @@ discard block |
||
| 59 | 59 | * {@inheritdoc} |
| 60 | 60 | */ |
| 61 | 61 | public function commit() { |
| 62 | - foreach($this->deferredItems as $key => $item) { |
|
| 62 | + foreach ($this->deferredItems as $key => $item) { |
|
| 63 | 63 | $this->items[$key] = $item; |
| 64 | 64 | unset($this->deferredItems[$key]); |
| 65 | 65 | } |
@@ -77,7 +77,7 @@ discard block |
||
| 77 | 77 | * {@inheritdoc} |
| 78 | 78 | */ |
| 79 | 79 | public function getItem($key) { |
| 80 | - if(!$this->hasItem($key)) { |
|
| 80 | + if (!$this->hasItem($key)) { |
|
| 81 | 81 | return new MemoryCacheItem($key); |
| 82 | 82 | } |
| 83 | 83 | return $this->items[$key]; |
@@ -88,8 +88,8 @@ discard block |
||
| 88 | 88 | */ |
| 89 | 89 | public function getItems(array $keys = array()) { |
| 90 | 90 | $items = []; |
| 91 | - foreach($keys as $key) { |
|
| 92 | - if($this->hasItem($key)) { |
|
| 91 | + foreach ($keys as $key) { |
|
| 92 | + if ($this->hasItem($key)) { |
|
| 93 | 93 | $items[$key] = $this->getItem($key); |
| 94 | 94 | } |
| 95 | 95 | } |
@@ -53,7 +53,7 @@ |
||
| 53 | 53 | * {@inheritdoc} |
| 54 | 54 | */ |
| 55 | 55 | public function get() { |
| 56 | - if(!$this->isHit()) { |
|
| 56 | + if (!$this->isHit()) { |
|
| 57 | 57 | throw new ExpiredCacheException('Cache item is expired'); |
| 58 | 58 | } |
| 59 | 59 | return $this->value; |
@@ -121,7 +121,7 @@ |
||
| 121 | 121 | * @return \PhpAbac\Model\PolicyRuleAttribute |
| 122 | 122 | */ |
| 123 | 123 | public function removeExtraData($key) { |
| 124 | - if(isset($this->extraData[$key])) { |
|
| 124 | + if (isset($this->extraData[$key])) { |
|
| 125 | 125 | unset($this->extraData[$key]); |
| 126 | 126 | } |
| 127 | 127 | return $this; |
@@ -60,22 +60,22 @@ discard block |
||
| 60 | 60 | : $pra->getValue() |
| 61 | 61 | ; |
| 62 | 62 | // Checking that the configured comparison type is available |
| 63 | - if(!isset($this->comparisons[$pra->getComparisonType()])) { |
|
| 63 | + if (!isset($this->comparisons[$pra->getComparisonType()])) { |
|
| 64 | 64 | throw new \InvalidArgumentException('The requested comparison class does not exist'); |
| 65 | 65 | } |
| 66 | 66 | // The comparison class will perform the attribute check with the configured method |
| 67 | 67 | // For more complex comparisons, the comparison manager is injected |
| 68 | 68 | $comparison = new $this->comparisons[$pra->getComparisonType()]($this); |
| 69 | - if(!method_exists($comparison, $pra->getComparison())) { |
|
| 69 | + if (!method_exists($comparison, $pra->getComparison())) { |
|
| 70 | 70 | throw new \InvalidArgumentException('The requested comparison method does not exist'); |
| 71 | 71 | } |
| 72 | 72 | // Then the comparison is performed with needed |
| 73 | 73 | $result = $comparison->{$pra->getComparison()}($praValue, $attribute->getValue(), $pra->getExtraData()); |
| 74 | 74 | // If the checked attribute is not valid, the attribute slug is marked as rejected |
| 75 | 75 | // The rejected attributes will be returned instead of the expected true boolean |
| 76 | - if($result !== true) { |
|
| 76 | + if ($result !== true) { |
|
| 77 | 77 | // In case of sub comparing, the error reporting is disabled |
| 78 | - if(!in_array($attribute->getSlug(), $this->rejectedAttributes) && $subComparing === false) { |
|
| 78 | + if (!in_array($attribute->getSlug(), $this->rejectedAttributes) && $subComparing === false) { |
|
| 79 | 79 | $this->rejectedAttributes[] = $attribute->getSlug(); |
| 80 | 80 | } |
| 81 | 81 | return false; |
@@ -102,7 +102,7 @@ discard block |
||
| 102 | 102 | * @throws \InvalidArgumentException |
| 103 | 103 | */ |
| 104 | 104 | public function getDynamicAttribute($attributeSlug) { |
| 105 | - if(!isset($this->dynamicAttributes[$attributeSlug])) { |
|
| 105 | + if (!isset($this->dynamicAttributes[$attributeSlug])) { |
|
| 106 | 106 | throw new \InvalidArgumentException("The dynamic value for attribute $attributeSlug was not given"); |
| 107 | 107 | } |
| 108 | 108 | return $this->dynamicAttributes[$attributeSlug]; |
@@ -55,23 +55,23 @@ |
||
| 55 | 55 | * @return boolean |
| 56 | 56 | */ |
| 57 | 57 | public function contains($policyRuleAttributes, $attributes, $extraData = []) { |
| 58 | - foreach($extraData['attribute']->getValue() as $attribute) { |
|
| 58 | + foreach ($extraData['attribute']->getValue() as $attribute) { |
|
| 59 | 59 | $result = true; |
| 60 | 60 | // For each attribute, we check the whole rules set |
| 61 | - foreach($policyRuleAttributes as $pra) { |
|
| 61 | + foreach ($policyRuleAttributes as $pra) { |
|
| 62 | 62 | $attributeData = $pra->getAttribute(); |
| 63 | 63 | $attributeData->setValue( |
| 64 | 64 | $this->comparisonManager->getAttributeManager()->retrieveAttribute($attributeData, $extraData['user'], $attribute) |
| 65 | 65 | ); |
| 66 | 66 | // If one field is not matched, the whole attribute is rejected |
| 67 | - if(!$this->comparisonManager->compare($pra, true)) { |
|
| 67 | + if (!$this->comparisonManager->compare($pra, true)) { |
|
| 68 | 68 | //var_dump($attributeData->getName(), $attributeData->getValue(), $pra->getValue()); |
| 69 | 69 | $result = false; |
| 70 | 70 | break; |
| 71 | 71 | } |
| 72 | 72 | } |
| 73 | 73 | // If the result is still true at the end of the attribute check, the rule is enforced |
| 74 | - if($result === true) { |
|
| 74 | + if ($result === true) { |
|
| 75 | 75 | return true; |
| 76 | 76 | } |
| 77 | 77 | } |
@@ -53,7 +53,7 @@ |
||
| 53 | 53 | * {@inheritdoc} |
| 54 | 54 | */ |
| 55 | 55 | public function get() { |
| 56 | - if(!$this->isHit()) { |
|
| 56 | + if (!$this->isHit()) { |
|
| 57 | 57 | throw new ExpiredCacheException('Cache item is expired'); |
| 58 | 58 | } |
| 59 | 59 | return $this->value; |
@@ -27,7 +27,7 @@ discard block |
||
| 27 | 27 | $this->cacheFolder = |
| 28 | 28 | (isset($options['cache_folder'])) |
| 29 | 29 | ? "{$options['cache_folder']}/text" |
| 30 | - : __DIR__ . '/../../../data/cache/text' |
|
| 30 | + : __DIR__.'/../../../data/cache/text' |
|
| 31 | 31 | ; |
| 32 | 32 | } |
| 33 | 33 | |
@@ -35,10 +35,10 @@ discard block |
||
| 35 | 35 | * {@inheritdoc} |
| 36 | 36 | */ |
| 37 | 37 | public function deleteItem($key) { |
| 38 | - if(is_file("{$this->cacheFolder}/$key.txt")) { |
|
| 38 | + if (is_file("{$this->cacheFolder}/$key.txt")) { |
|
| 39 | 39 | unlink("{$this->cacheFolder}/$key.txt"); |
| 40 | 40 | } |
| 41 | - if(isset($this->deferredItems[$key])) { |
|
| 41 | + if (isset($this->deferredItems[$key])) { |
|
| 42 | 42 | unset($this->deferredItems[$key]); |
| 43 | 43 | } |
| 44 | 44 | return true; |
@@ -48,8 +48,8 @@ discard block |
||
| 48 | 48 | * {@inheritdoc} |
| 49 | 49 | */ |
| 50 | 50 | public function deleteItems(array $keys) { |
| 51 | - foreach($keys as $key) { |
|
| 52 | - if(!$this->deleteItem($key)) { |
|
| 51 | + foreach ($keys as $key) { |
|
| 52 | + if (!$this->deleteItem($key)) { |
|
| 53 | 53 | return false; |
| 54 | 54 | } |
| 55 | 55 | } |
@@ -80,7 +80,7 @@ discard block |
||
| 80 | 80 | * {@inheritdoc} |
| 81 | 81 | */ |
| 82 | 82 | public function commit() { |
| 83 | - foreach($this->deferredItems as $key => $item) { |
|
| 83 | + foreach ($this->deferredItems as $key => $item) { |
|
| 84 | 84 | $this->save($item); |
| 85 | 85 | unset($this->deferredItems[$key]); |
| 86 | 86 | } |
@@ -99,10 +99,10 @@ discard block |
||
| 99 | 99 | */ |
| 100 | 100 | public function getItem($key) { |
| 101 | 101 | $item = new TextCacheItem($key); |
| 102 | - if(!$this->hasItem($key)) { |
|
| 102 | + if (!$this->hasItem($key)) { |
|
| 103 | 103 | return $item; |
| 104 | 104 | } |
| 105 | - $data = explode(';',file_get_contents("{$this->cacheFolder}/{$key}.txt")); |
|
| 105 | + $data = explode(';', file_get_contents("{$this->cacheFolder}/{$key}.txt")); |
|
| 106 | 106 | return $item |
| 107 | 107 | ->set($data[0]) |
| 108 | 108 | ->expiresAt((new \DateTime($data[1]))) |
@@ -114,8 +114,8 @@ discard block |
||
| 114 | 114 | */ |
| 115 | 115 | public function getItems(array $keys = array()) { |
| 116 | 116 | $items = []; |
| 117 | - foreach($keys as $key) { |
|
| 118 | - if($this->hasItem($key)) { |
|
| 117 | + foreach ($keys as $key) { |
|
| 118 | + if ($this->hasItem($key)) { |
|
| 119 | 119 | $items[$key] = $this->getItem($key); |
| 120 | 120 | } |
| 121 | 121 | } |
@@ -127,8 +127,8 @@ discard block |
||
| 127 | 127 | */ |
| 128 | 128 | public function clear() { |
| 129 | 129 | $items = glob("{$this->cacheFolder}/*.txt"); // get all file names |
| 130 | - foreach($items as $item){ // iterate files |
|
| 131 | - if(is_file($item)) |
|
| 130 | + foreach ($items as $item) { // iterate files |
|
| 131 | + if (is_file($item)) |
|
| 132 | 132 | unlink($item); // delete file |
| 133 | 133 | } |
| 134 | 134 | $this->deferredItems = []; |
@@ -103,7 +103,7 @@ discard block |
||
| 103 | 103 | * @return \PhpAbac\Example\User |
| 104 | 104 | */ |
| 105 | 105 | public function removeVisa(Visa $visa) { |
| 106 | - if(isset($this->visas[$visa->getId()])) { |
|
| 106 | + if (isset($this->visas[$visa->getId()])) { |
|
| 107 | 107 | unset($this->visas[$visa->getId()]); |
| 108 | 108 | } |
| 109 | 109 | return $this; |
@@ -126,7 +126,7 @@ discard block |
||
| 126 | 126 | public function getVisa($country_code) { |
| 127 | 127 | /** @var Visa $visa */ |
| 128 | 128 | $visas = []; |
| 129 | - foreach($this->visas as $visa) { |
|
| 129 | + foreach ($this->visas as $visa) { |
|
| 130 | 130 | if ($visa->getCountry()->getCode() == $country_code) |
| 131 | 131 | $visas[] = $visa; |
| 132 | 132 | } |
@@ -30,26 +30,26 @@ discard block |
||
| 30 | 30 | * @param string $configPaths_root The origin folder to find $configPaths |
| 31 | 31 | * @param array $options |
| 32 | 32 | */ |
| 33 | - public function __construct( $configPaths, $cacheOptions = [], $configPaths_root = null, $options = [] ) { |
|
| 34 | - $this->configure( $configPaths, $configPaths_root ); |
|
| 35 | - $this->attributeManager = new AttributeManager( $this->configuration->getAttributes(), $options ); |
|
| 36 | - $this->policyRuleManager = new PolicyRuleManager( $this->attributeManager, $this->configuration->getRules() ); |
|
| 37 | - $this->cacheManager = new CacheManager( $cacheOptions ); |
|
| 38 | - $this->comparisonManager = new ComparisonManager( $this->attributeManager ); |
|
| 33 | + public function __construct($configPaths, $cacheOptions = [], $configPaths_root = null, $options = []) { |
|
| 34 | + $this->configure($configPaths, $configPaths_root); |
|
| 35 | + $this->attributeManager = new AttributeManager($this->configuration->getAttributes(), $options); |
|
| 36 | + $this->policyRuleManager = new PolicyRuleManager($this->attributeManager, $this->configuration->getRules()); |
|
| 37 | + $this->cacheManager = new CacheManager($cacheOptions); |
|
| 38 | + $this->comparisonManager = new ComparisonManager($this->attributeManager); |
|
| 39 | 39 | } |
| 40 | 40 | |
| 41 | 41 | /** |
| 42 | 42 | * @param array $configPaths |
| 43 | 43 | * @param string $configPaths_root The origin folder to find $configPaths |
| 44 | 44 | */ |
| 45 | - public function configure( $configPaths, $configPaths_root = null ) { |
|
| 45 | + public function configure($configPaths, $configPaths_root = null) { |
|
| 46 | 46 | // foreach ( $configPaths as &$configPath ) { |
| 47 | 47 | // $configPath = $configPaths_root . $configPath; |
| 48 | 48 | // } |
| 49 | - $locator = new FileLocator( $configPaths_root ); |
|
| 50 | - $this->configuration = new ConfigurationManager( $locator ); |
|
| 51 | - $this->configuration->setConfigPathRoot( $configPaths_root ); |
|
| 52 | - $this->configuration->parseConfigurationFile( $configPaths ); |
|
| 49 | + $locator = new FileLocator($configPaths_root); |
|
| 50 | + $this->configuration = new ConfigurationManager($locator); |
|
| 51 | + $this->configuration->setConfigPathRoot($configPaths_root); |
|
| 52 | + $this->configuration->parseConfigurationFile($configPaths); |
|
| 53 | 53 | } |
| 54 | 54 | |
| 55 | 55 | /** |
@@ -74,47 +74,47 @@ discard block |
||
| 74 | 74 | * |
| 75 | 75 | * @return boolean|array |
| 76 | 76 | */ |
| 77 | - public function enforce( $ruleName, $user, $resource = null, $options = [] ) { |
|
| 77 | + public function enforce($ruleName, $user, $resource = null, $options = []) { |
|
| 78 | 78 | // If there is dynamic attributes, we pass them to the comparison manager |
| 79 | 79 | // When a comparison will be performed, the passed values will be retrieved and used |
| 80 | - if ( isset( $options[ 'dynamic_attributes' ] ) ) { |
|
| 81 | - $this->comparisonManager->setDynamicAttributes( $options[ 'dynamic_attributes' ] ); |
|
| 80 | + if (isset($options['dynamic_attributes'])) { |
|
| 81 | + $this->comparisonManager->setDynamicAttributes($options['dynamic_attributes']); |
|
| 82 | 82 | } |
| 83 | 83 | // Retrieve cache value for the current rule and values if cache item is valid |
| 84 | - if ( ( $cacheResult = isset( $options[ 'cache_result' ] ) && $options[ 'cache_result' ] === true ) === true ) { |
|
| 85 | - $cacheItem = $this->cacheManager->getItem( "$ruleName-{$user->getId()}-" . ( ( $resource !== null ) ? $resource->getId() : '' ), ( isset( $options[ 'cache_driver' ] ) ) ? $options[ 'cache_driver' ] : null, ( isset( $options[ 'cache_ttl' ] ) ) ? $options[ 'cache_ttl' ] : null ); |
|
| 84 | + if (($cacheResult = isset($options['cache_result']) && $options['cache_result'] === true) === true) { |
|
| 85 | + $cacheItem = $this->cacheManager->getItem("$ruleName-{$user->getId()}-".(($resource !== null) ? $resource->getId() : ''), (isset($options['cache_driver'])) ? $options['cache_driver'] : null, (isset($options['cache_ttl'])) ? $options['cache_ttl'] : null); |
|
| 86 | 86 | // We check if the cache value s valid before returning it |
| 87 | - if ( ( $cacheValue = $cacheItem->get() ) !== null ) { |
|
| 87 | + if (($cacheValue = $cacheItem->get()) !== null) { |
|
| 88 | 88 | return $cacheValue; |
| 89 | 89 | } |
| 90 | 90 | } |
| 91 | - $policyRule_a = $this->policyRuleManager->getRule( $ruleName, $user, $resource ); |
|
| 91 | + $policyRule_a = $this->policyRuleManager->getRule($ruleName, $user, $resource); |
|
| 92 | 92 | |
| 93 | - foreach ( $policyRule_a as $policyRule ) { |
|
| 93 | + foreach ($policyRule_a as $policyRule) { |
|
| 94 | 94 | // For each policy rule attribute, we retrieve the attribute value and proceed configured extra data |
| 95 | - foreach ( $policyRule->getPolicyRuleAttributes() as $pra ) { |
|
| 95 | + foreach ($policyRule->getPolicyRuleAttributes() as $pra) { |
|
| 96 | 96 | /** @var PolicyRuleAttribute $pra */ |
| 97 | 97 | $attribute = $pra->getAttribute(); |
| 98 | 98 | |
| 99 | 99 | $getter_params = $this->prepareGetterParams($pra->getGetterParams(), $user, $resource); |
| 100 | 100 | // var_dump($pra->getGetterParams()); |
| 101 | 101 | // var_dump($getter_params); |
| 102 | - $attribute->setValue( $this->attributeManager->retrieveAttribute( $attribute, $user, $resource, $getter_params ) ); |
|
| 103 | - if ( count( $pra->getExtraData() ) > 0 ) { |
|
| 104 | - $this->processExtraData( $pra, $user, $resource ); |
|
| 102 | + $attribute->setValue($this->attributeManager->retrieveAttribute($attribute, $user, $resource, $getter_params)); |
|
| 103 | + if (count($pra->getExtraData()) > 0) { |
|
| 104 | + $this->processExtraData($pra, $user, $resource); |
|
| 105 | 105 | } |
| 106 | - $this->comparisonManager->compare( $pra ); |
|
| 106 | + $this->comparisonManager->compare($pra); |
|
| 107 | 107 | } |
| 108 | 108 | // The given result could be an array of rejected attributes or true |
| 109 | 109 | // True means that the rule is correctly enforced for the given user and resource |
| 110 | 110 | $result = $this->comparisonManager->getResult(); |
| 111 | - if ( true === $result ) { |
|
| 111 | + if (true === $result) { |
|
| 112 | 112 | break; |
| 113 | 113 | } |
| 114 | 114 | } |
| 115 | - if ( $cacheResult ) { |
|
| 116 | - $cacheItem->set( $result ); |
|
| 117 | - $this->cacheManager->save( $cacheItem ); |
|
| 115 | + if ($cacheResult) { |
|
| 116 | + $cacheItem->set($result); |
|
| 117 | + $this->cacheManager->save($cacheItem); |
|
| 118 | 118 | } |
| 119 | 119 | |
| 120 | 120 | return $result; |
@@ -132,13 +132,13 @@ discard block |
||
| 132 | 132 | private function prepareGetterParams($getter_params, $user, $resource) { |
| 133 | 133 | if (empty($getter_params)) return []; |
| 134 | 134 | $values = []; |
| 135 | - foreach($getter_params as $getter_name=>$params) { |
|
| 136 | - foreach($params as $param) { |
|
| 137 | - if ( '@' !== $param[ 'param_name' ][ 0 ] ) { |
|
| 138 | - $values[$getter_name][] = $param[ 'param_value' ]; |
|
| 135 | + foreach ($getter_params as $getter_name=>$params) { |
|
| 136 | + foreach ($params as $param) { |
|
| 137 | + if ('@' !== $param['param_name'][0]) { |
|
| 138 | + $values[$getter_name][] = $param['param_value']; |
|
| 139 | 139 | } |
| 140 | 140 | else { |
| 141 | - $values[$getter_name][] = $this->attributeManager->retrieveAttribute( $this->attributeManager->getAttribute( $param[ 'param_value' ] ) , $user, $resource ); |
|
| 141 | + $values[$getter_name][] = $this->attributeManager->retrieveAttribute($this->attributeManager->getAttribute($param['param_value']), $user, $resource); |
|
| 142 | 142 | } |
| 143 | 143 | } |
| 144 | 144 | } |
@@ -150,26 +150,26 @@ discard block |
||
| 150 | 150 | * @param object $user |
| 151 | 151 | * @param object $resource |
| 152 | 152 | */ |
| 153 | - public function processExtraData( PolicyRuleAttribute $pra, $user, $resource ) { |
|
| 154 | - foreach ( $pra->getExtraData() as $key => $data ) { |
|
| 155 | - switch ( $key ) { |
|
| 153 | + public function processExtraData(PolicyRuleAttribute $pra, $user, $resource) { |
|
| 154 | + foreach ($pra->getExtraData() as $key => $data) { |
|
| 155 | + switch ($key) { |
|
| 156 | 156 | case 'with': |
| 157 | 157 | // This data has to be removed for it will be stored elsewhere |
| 158 | 158 | // in the policy rule attribute |
| 159 | - $pra->removeExtraData( 'with' ); |
|
| 159 | + $pra->removeExtraData('with'); |
|
| 160 | 160 | // The "with" extra data is an array of attributes, which are objects |
| 161 | 161 | // Once we process it as policy rule attributes, we set it as the main policy rule attribute value |
| 162 | 162 | $subPolicyRuleAttributes = []; |
| 163 | 163 | $extraData = []; |
| 164 | 164 | |
| 165 | - foreach ( $this->policyRuleManager->processRuleAttributes( $data, $user, $resource ) as $subPolicyRuleAttribute ) { |
|
| 165 | + foreach ($this->policyRuleManager->processRuleAttributes($data, $user, $resource) as $subPolicyRuleAttribute) { |
|
| 166 | 166 | $subPolicyRuleAttributes[] = $subPolicyRuleAttribute; |
| 167 | 167 | } |
| 168 | - $pra->setValue( $subPolicyRuleAttributes ); |
|
| 168 | + $pra->setValue($subPolicyRuleAttributes); |
|
| 169 | 169 | // This data can be used in complex comparisons |
| 170 | - $pra->addExtraData( 'attribute', $pra->getAttribute() ); |
|
| 171 | - $pra->addExtraData( 'user', $user ); |
|
| 172 | - $pra->addExtraData( 'resource', $resource ); |
|
| 170 | + $pra->addExtraData('attribute', $pra->getAttribute()); |
|
| 171 | + $pra->addExtraData('user', $user); |
|
| 172 | + $pra->addExtraData('resource', $resource); |
|
| 173 | 173 | break; |
| 174 | 174 | } |
| 175 | 175 | } |
