Conditions for Guards #268
Conversation
| $condition = isset($allowedPermissions['condition']) ? $allowedPermissions['condition'] : GuardInterface::CONDITION_AND; | ||
|
|
||
| foreach ($permissions as $permission) { | ||
| if ($condition == GuardInterface::CONDITION_OR && $this->authorizationService->isGranted($permission)) { |
There was a problem hiding this comment.
By the way, you are doing the check against condition inside the loop. I think the check can be move out the foreach.
|
Ok, those are done - sorry about the delay. |
|
Tests do not pass, there are three small CS fixes (https://travis-ci.org/ZF-Commons/zfc-rbac/jobs/38596755). Also, I'll ask you to update the doc too: https://github.com/ZF-Commons/zfc-rbac/blob/master/docs/04.%20Guards.md#routeguard Once everything is done, I'll merge and tag ;). |
|
There you go sir! |
|
@bakura10 Just noticed this one - can you get it merged now? |
| @@ -177,17 +177,34 @@ return [ | |||
| 'guards' => [ | |||
| 'ZfcRbac\Guard\RoutePermissionsGuard' => [ | |||
| 'admin*' => ['admin'], | |||
| 'post/manage' => ['post.update', 'post.delete'] | |||
| 'post/manage' => | |||
|
Hi, Sorry about this, we should definitely start to merge it :p. @danizord could you have your own quick review please ? |
|
Great - we have been using in production for some time now. Works grand. |
|
Ok, I'm going to merge than Monday if nothing complain about it. Can you remind me if I forget? |
| @@ -326,6 +326,26 @@ public function routeDataProvider() | |||
| 'isGranted' => true, | |||
| 'policy' => GuardInterface::POLICY_DENY | |||
| ], | |||
| [ | |||
| 'rules' => ['route' => [ | |||
There was a problem hiding this comment.
No need to align when the value is array
|
I think you can simplify the logic to something like that: if (GuardInterface::CONDITION_AND === $condition) {
foreach ($permissions as $permission) {
if (!$this->authorizationService->isGranted($permission)) {
return false;
}
}
return true;
}
if (GuardInterface::CONDITION_OR === $condition) {
foreach ($permissions as $permission) {
if ($this->authorizationService->isGranted($permission)) {
return true;
}
}
return false;
}
throw new InvalidArgumentException(sprintf(
'Condition must be either "AND" or "OR", %s given',
is_object($condition) ? get_class($condition) : gettype($condition)
)); |
|
I agree with @danizord change, more efficient and way easier to read. |
|
Thanks! Just a few more CS fixes to make travis happy: https://travis-ci.org/ZF-Commons/zfc-rbac/jobs/56477072 |
1 similar comment
|
👍 |
|
Thanks! I've tagged ZfcRbac as 2.5.0 :). Hopefully someone will be able to backport this feature for other guards ! |
See #262.
So far this only applies to the RoutePermissionGuard as a proof of concept.
It's a shame that this guard specifically was created with an AND default whereas an OR would have made more sense (like the RouteGuard).