-
Notifications
You must be signed in to change notification settings - Fork 0
/
RequestPolicy.php
54 lines (47 loc) · 1.63 KB
/
RequestPolicy.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
<?php
declare(strict_types=1);
namespace DataCenter\Policy;
use Authorization\IdentityInterface;
use Cake\Http\Exception\InternalErrorException;
use Cake\Http\ServerRequest;
use DataCenter\Controller\UsersController;
/**
* Request policy
*/
class RequestPolicy
{
/**
* Method to check if the request can be accessed
*
* @param \Authorization\IdentityInterface|null $identity Identity
* @param \Cake\Http\ServerRequest $request Server Request
* @return bool
*/
public function canAccess(?IdentityInterface $identity, ServerRequest $request)
{
// All authenticated users can access all actions
if ($identity) {
return true;
}
// All DataCenter and DebugKit actions are accessible to unauthenticated users
$plugin = $request->getParam('plugin');
if (in_array($plugin, ['DataCenter', 'DebugKit'])) {
return true;
}
// Check if controller defined this as an action accessible to unauthenticated users
$controller = $request->getParam('controller');
$controllerClass = 'App\Controller\\' . $controller . 'Controller';
if (!defined("$controllerClass::ALLOW")) {
throw new InternalErrorException($controllerClass . ' allow list not found');
}
$action = $request->getParam('action');
if (in_array($action, $controllerClass::ALLOW)) {
return true;
}
// Check if this is a login-related action
if ($controller == 'Users' && in_array($action, UsersController::AUTH_ACTIONS)) {
return true;
}
return false;
}
}