|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* Spiral Framework. |
|
4
|
|
|
* |
|
5
|
|
|
* @license MIT |
|
6
|
|
|
* @author Anton Titov (Wolfy-J) |
|
7
|
|
|
*/ |
|
8
|
|
|
|
|
9
|
|
|
namespace Spiral\Vault\Bootloaders; |
|
10
|
|
|
|
|
11
|
|
|
use Spiral\Core\Bootloaders\Bootloader; |
|
12
|
|
|
use Spiral\Security\ActorInterface; |
|
13
|
|
|
use Spiral\Security\Actors\Guest; |
|
14
|
|
|
use Spiral\Security\PermissionsInterface; |
|
15
|
|
|
use Spiral\Vault\Configs\VaultConfig; |
|
16
|
|
|
use Spiral\Vault\Security\InsecureRule; |
|
17
|
|
|
|
|
18
|
|
|
/** |
|
19
|
|
|
* Development helper, DO NOT USE in production. Allows full access to Vault for Guest actor. |
|
20
|
|
|
*/ |
|
21
|
|
|
class InsecureBootloader extends Bootloader |
|
22
|
|
|
{ |
|
23
|
|
|
const BOOT = true; |
|
24
|
|
|
const ROLE = Guest::ROLE; |
|
25
|
|
|
|
|
26
|
|
|
const BINDINGS = [ |
|
27
|
|
|
ActorInterface::class => Guest::class |
|
28
|
|
|
]; |
|
29
|
|
|
|
|
30
|
|
|
/** |
|
31
|
|
|
* @param PermissionsInterface $permissions |
|
32
|
|
|
* @param VaultConfig $config |
|
33
|
|
|
*/ |
|
34
|
|
|
public function boot(PermissionsInterface $permissions, VaultConfig $config) |
|
35
|
|
|
{ |
|
36
|
|
|
if (!$permissions->hasRole(static::ROLE)) { |
|
37
|
|
|
$permissions->addRole(static::ROLE); |
|
38
|
|
|
} |
|
39
|
|
|
|
|
40
|
|
|
$namespace = $config->guardNamespace(); |
|
41
|
|
|
|
|
42
|
|
|
//Following rule will raise log message to notify that insecure setting were used |
|
43
|
|
|
$permissions->associate(static::ROLE, "{$namespace}.*", InsecureRule::class); |
|
44
|
|
|
$permissions->associate(static::ROLE, "{$namespace}.*.*", InsecureRule::class); |
|
45
|
|
|
$permissions->associate(static::ROLE, "{$namespace}.*.*.*", InsecureRule::class); |
|
46
|
|
|
$permissions->associate(static::ROLE, "{$namespace}.*.*.*.*", InsecureRule::class); |
|
47
|
|
|
} |
|
48
|
|
|
} |
spiral-modules /
vault
