orisai/nette-auth

Orisai Auth integration for Nette

1.0.1 2022-12-09 15:46 UTC

This package is auto-updated.

Last update: 2023-01-09 16:02:34 UTC


README

Orisai Auth integration for Nette

📄 Check out our documentation.

💸 If you like Orisai, please make a donation. Thank you!

badge.svg 68747470733a2f2f62616467656e2e6e65742f636f766572616c6c732f632f6769746875622f6f72697361692f6e657474652d617574682f76312e783f63616368653d333030 68747470733a2f2f62616467652e737472796b65722d6d757461746f722e696f2f6769746875622e636f6d2f6f72697361692f6e657474652d617574682f76312e78 68747470733a2f2f62616467656e2e6e65742f7061636b61676973742f64742f6f72697361692f6e657474652d617574683f63616368653d33363030 68747470733a2f2f62616467656e2e6e65742f7061636b61676973742f762f6f72697361692f6e657474652d617574683f63616368653d33363030 68747470733a2f2f62616467656e2e6e65742f62616467652f6c6963656e73652f4d504c2d322e302f626c75653f63616368653d33363030

namespace App\Admin\Article\View;

use Orisai\Auth\Authentication\Identity;
use Orisai\Auth\Authentication\SimpleFirewall;

final class ArticleEditController
{

	private SimpleFirewall $firewall;

	public function __construct(SimpleFirewall $firewall)
	{
		$this->firewall = $firewall;
	}

	public function run(): void
	{
		if (!$this->firewall->isAllowed('administration.entry')) {
			// Not allowed
		}

		$article = /* get article by ID from request */;

		if (!$this->firewall->isAllowed('article.edit', $article)) {
			// Not allowed
		}

		// Is allowed
	}

}

use App\Core\Article\Article;
use Orisai\Auth\Authorization\Policy;
use Orisai\Auth\Authorization\PolicyContext;

/**
 * @phpstan-implements Policy<Article>
 */
final class ArticleEditPolicy implements Policy
{

	public static function getPrivilege(): string
	{
		return 'article.edit';
	}

	public static function getRequirementsClass(): string
	{
		return Article::class;
	}

	/**
	 * @param Article $requirements
	 */
	public function isAllowed(Identity $identity, object $requirements, PolicyContext $context): bool
	{
		$authorizer = $context->getAuthorizer();

		return $authorizer->hasPrivilege($identity, self::getPrivilege())
			&& $requirements->getAuthor()->getId() === $identity->getId();
	}

}