|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace CultuurNet\UDB3\Offer\Security; |
|
4
|
|
|
|
|
5
|
|
|
use CultuurNet\UDB3\Label\ReadModels\JSON\Repository\ReadRepositoryInterface; |
|
6
|
|
|
use CultuurNet\UDB3\Offer\Commands\AuthorizableCommandInterface; |
|
7
|
|
|
use CultuurNet\UDB3\Security\LabelSecurityInterface; |
|
8
|
|
|
use CultuurNet\UDB3\Security\SecurityDecoratorBase; |
|
9
|
|
|
use CultuurNet\UDB3\Security\SecurityInterface; |
|
10
|
|
|
use CultuurNet\UDB3\Security\UserIdentificationInterface; |
|
11
|
|
|
use ValueObjects\String\String as StringLiteral; |
|
12
|
|
|
|
|
13
|
|
|
class SecurityWithLabelPrivacy extends SecurityDecoratorBase |
|
14
|
|
|
{ |
|
15
|
|
|
/** |
|
16
|
|
|
* @var UserIdentificationInterface |
|
17
|
|
|
*/ |
|
18
|
|
|
private $userIdentification; |
|
19
|
|
|
|
|
20
|
|
|
/** |
|
21
|
|
|
* @var ReadRepositoryInterface |
|
22
|
|
|
*/ |
|
23
|
|
|
private $labelReadRepository; |
|
24
|
|
|
|
|
25
|
|
|
/** |
|
26
|
|
|
* SecurityWithLabelPrivacy constructor. |
|
27
|
|
|
* |
|
28
|
|
|
* @param SecurityInterface $decoratee |
|
29
|
|
|
* @param UserIdentificationInterface $userIdentification |
|
30
|
|
|
* @param ReadRepositoryInterface $labelReadRepository |
|
31
|
|
|
*/ |
|
32
|
|
|
public function __construct( |
|
33
|
|
|
SecurityInterface $decoratee, |
|
34
|
|
|
UserIdentificationInterface $userIdentification, |
|
35
|
|
|
ReadRepositoryInterface $labelReadRepository |
|
36
|
|
|
) { |
|
37
|
|
|
parent::__construct($decoratee); |
|
38
|
|
|
|
|
39
|
|
|
$this->userIdentification = $userIdentification; |
|
40
|
|
|
$this->labelReadRepository = $labelReadRepository; |
|
41
|
|
|
} |
|
42
|
|
|
|
|
43
|
|
|
|
|
44
|
|
|
/** |
|
45
|
|
|
* @inheritdoc |
|
46
|
|
|
*/ |
|
47
|
|
|
public function isAuthorized(AuthorizableCommandInterface $command) |
|
48
|
|
|
{ |
|
49
|
|
|
if ($this->isLabelCommand($command)) { |
|
50
|
|
|
/** @var LabelSecurityInterface $command */ |
|
51
|
|
|
return $this->canUseLabel($command); |
|
52
|
|
|
} else { |
|
53
|
|
|
return parent::isAuthorized($command); |
|
54
|
|
|
} |
|
55
|
|
|
} |
|
56
|
|
|
|
|
57
|
|
|
/** |
|
58
|
|
|
* @param AuthorizableCommandInterface $command |
|
59
|
|
|
* @return bool |
|
60
|
|
|
*/ |
|
61
|
|
|
private function isLabelCommand(AuthorizableCommandInterface $command) |
|
62
|
|
|
{ |
|
63
|
|
|
return ($command instanceof LabelSecurityInterface); |
|
64
|
|
|
} |
|
65
|
|
|
|
|
66
|
|
|
/** |
|
67
|
|
|
* @param LabelSecurityInterface $command |
|
68
|
|
|
* @return bool |
|
69
|
|
|
* @throws \InvalidArgumentException |
|
70
|
|
|
*/ |
|
71
|
|
|
private function canUseLabel(LabelSecurityInterface $command) |
|
72
|
|
|
{ |
|
73
|
|
|
if ($this->userIdentification->isGodUser()) { |
|
74
|
|
|
return true; |
|
75
|
|
|
} else { |
|
76
|
|
|
return $this->labelReadRepository->canUseLabel( |
|
77
|
|
|
$this->userIdentification->getId(), |
|
|
|
|
|
|
78
|
|
|
$command->getName() |
|
|
|
|
|
|
79
|
|
|
); |
|
80
|
|
|
} |
|
81
|
|
|
} |
|
82
|
|
|
} |
|
83
|
|
|
|
cultuurnet /
udb3-php
Loading history...
Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: