|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* This file is part of the login-cidadao project or it's bundles. |
|
4
|
|
|
* |
|
5
|
|
|
* (c) Guilherme Donato <guilhermednt on github> |
|
6
|
|
|
* |
|
7
|
|
|
* For the full copyright and license information, please view the LICENSE |
|
8
|
|
|
* file that was distributed with this source code. |
|
9
|
|
|
*/ |
|
10
|
|
|
|
|
11
|
|
|
namespace LoginCidadao\RemoteClaimsBundle\Model; |
|
12
|
|
|
|
|
13
|
|
|
use Doctrine\ORM\EntityManagerInterface; |
|
14
|
|
|
use LoginCidadao\CoreBundle\Entity\Authorization; |
|
15
|
|
|
use LoginCidadao\CoreBundle\Model\PersonInterface; |
|
16
|
|
|
use LoginCidadao\OAuthBundle\Model\ClientInterface; |
|
17
|
|
|
use LoginCidadao\RemoteClaimsBundle\Entity\RemoteClaimAuthorization; |
|
18
|
|
|
use LoginCidadao\RemoteClaimsBundle\Entity\RemoteClaimAuthorizationRepository; |
|
19
|
|
|
|
|
20
|
|
|
class RemoteClaimManager implements RemoteClaimManagerInterface |
|
21
|
|
|
{ |
|
22
|
|
|
/** @var EntityManagerInterface */ |
|
23
|
|
|
private $em; |
|
24
|
|
|
|
|
25
|
|
|
/** @var RemoteClaimAuthorizationRepository */ |
|
26
|
|
|
private $remoteClaimAuthorizationRepository; |
|
27
|
|
|
|
|
28
|
|
|
/** |
|
29
|
|
|
* RemoteClaimManager constructor. |
|
30
|
|
|
* @param EntityManagerInterface $em |
|
31
|
|
|
* @param RemoteClaimAuthorizationRepository $remoteClaimAuthorizationRepository |
|
32
|
|
|
*/ |
|
33
|
|
|
public function __construct( |
|
34
|
|
|
EntityManagerInterface $em, |
|
35
|
|
|
RemoteClaimAuthorizationRepository $remoteClaimAuthorizationRepository |
|
36
|
|
|
) { |
|
37
|
|
|
$this->em = $em; |
|
38
|
|
|
$this->remoteClaimAuthorizationRepository = $remoteClaimAuthorizationRepository; |
|
39
|
|
|
} |
|
40
|
|
|
|
|
41
|
|
|
/** |
|
42
|
|
|
* {@inheritdoc} |
|
43
|
|
|
*/ |
|
44
|
|
|
public function enforceAuthorization(RemoteClaimAuthorizationInterface $authorization) |
|
45
|
|
|
{ |
|
46
|
|
|
$existingAuthorization = $this->remoteClaimAuthorizationRepository->findAuthorization($authorization); |
|
47
|
|
|
if ($existingAuthorization instanceof RemoteClaimAuthorizationInterface) { |
|
48
|
|
|
return $existingAuthorization; |
|
49
|
|
|
} |
|
50
|
|
|
|
|
51
|
|
|
$this->em->persist($authorization); |
|
52
|
|
|
|
|
53
|
|
|
return $authorization; |
|
54
|
|
|
} |
|
55
|
|
|
|
|
56
|
|
|
/** |
|
57
|
|
|
* {@inheritdoc} |
|
58
|
|
|
*/ |
|
59
|
|
|
public function isAuthorized($claimName, PersonInterface $person, ClientInterface $client) |
|
60
|
|
|
{ |
|
61
|
|
|
if (!$claimName instanceof TagUri) { |
|
62
|
|
|
$claimName = TagUri::createFromString($claimName); |
|
63
|
|
|
} |
|
64
|
|
|
$authorization = (new RemoteClaimAuthorization()) |
|
65
|
|
|
->setClaimName($claimName) |
|
66
|
|
|
->setPerson($person) |
|
67
|
|
|
->setClient($client); |
|
68
|
|
|
$existingAuthorization = $this->remoteClaimAuthorizationRepository->findAuthorization($authorization); |
|
69
|
|
|
|
|
70
|
|
|
return $existingAuthorization instanceof RemoteClaimAuthorizationInterface; |
|
71
|
|
|
} |
|
72
|
|
|
|
|
73
|
|
|
/** |
|
74
|
|
|
* {@inheritdoc} |
|
75
|
|
|
*/ |
|
76
|
|
|
public function revokeAllAuthorizations(Authorization $authorization) |
|
77
|
|
|
{ |
|
78
|
|
|
$remoteClaimAuthorizations = $this->remoteClaimAuthorizationRepository |
|
79
|
|
|
->findAllByClientAndPerson($authorization->getClient(), $authorization->getPerson()); |
|
|
|
|
|
|
80
|
|
|
|
|
81
|
|
|
foreach ($remoteClaimAuthorizations as $remoteClaimAuthorization) { |
|
82
|
|
|
$this->em->remove($remoteClaimAuthorization); |
|
83
|
|
|
} |
|
84
|
|
|
$this->em->flush(); |
|
85
|
|
|
|
|
86
|
|
|
return true; |
|
87
|
|
|
} |
|
88
|
|
|
} |
|
89
|
|
|
|
PROCERGS /
login-cidadao
Loading history...
Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: