Skip to content
Permalink
Browse files

SecurityExtension: uses configuration Schema

  • Loading branch information...
dg committed Mar 11, 2019
1 parent c128c4d commit bb751fe694183463ab23f7753f9094f8c565c1d2
Showing with 30 additions and 15 deletions.
  1. +3 −0 composer.json
  2. +27 −15 src/Bridges/SecurityDI/SecurityExtension.php
@@ -24,6 +24,9 @@
"nette/tester": "^2.0",
"tracy/tracy": "^2.4"
},
"conflict": {
"nette/di": "<3.0"
},
"autoload": {
"classmap": ["src/"]
},
@@ -10,34 +10,46 @@
namespace Nette\Bridges\SecurityDI;
use Nette;
use Nette\Schema\Expect;
/**
* Security extension for Nette DI.
*/
class SecurityExtension extends Nette\DI\CompilerExtension
{
public $defaults = [
'debugger' => null,
'users' => [], // of [user => password] or [user => ['password' => password, 'roles' => [role]]]
'roles' => [], // of [role => parent(s)]
'resources' => [], // of [resource => parent]
];
/** @var bool */
private $debugMode;
public function __construct(bool $debugMode = false)
{
$this->defaults['debugger'] = interface_exists(\Tracy\IBarPanel::class);
$this->debugMode = $debugMode;
}
public function getConfigSchema(): Nette\Schema\Schema
{
return Expect::structure([
'debugger' => Expect::bool(interface_exists(\Tracy\IBarPanel::class)),
'users' => Expect::arrayOf(
Expect::anyOf(
Expect::string(), // user => password
Expect::structure([ // user => password + roles
'password' => Expect::string(),
'roles' => Expect::anyOf(Expect::string(), Expect::listOf('string')),
])->castTo('array')
)
),
'roles' => Expect::arrayOf('string|array|null'), // role => parent(s)
'resources' => Expect::arrayOf('string|null'), // resource => parent
]);
}
public function loadConfiguration()
{
$config = $this->validateConfig($this->defaults);
$config = $this->config;
$builder = $this->getContainerBuilder();
$builder->addDefinition($this->prefix('passwords'))
@@ -50,15 +62,15 @@ public function loadConfiguration()
$user = $builder->addDefinition($this->prefix('user'))
->setFactory(Nette\Security\User::class);
if ($this->debugMode && $config['debugger']) {
if ($this->debugMode && $config->debugger) {
$user->addSetup('@Tracy\Bar::addPanel', [
new Nette\DI\Definitions\Statement(Nette\Bridges\SecurityTracy\UserPanel::class),
]);
}
if ($config['users']) {
if ($config->users) {
$usersList = $usersRoles = [];
foreach ($config['users'] as $username => $data) {
foreach ($config->users as $username => $data) {
$data = is_array($data) ? $data : ['password' => $data];
$this->validateConfig(['password' => null, 'roles' => null], $data, $this->prefix("security.users.$username"));
$usersList[$username] = $data['password'];
@@ -74,15 +86,15 @@ public function loadConfiguration()
}
}
if ($config['roles'] || $config['resources']) {
if ($config->roles || $config->resources) {
$authorizator = $builder->addDefinition($this->prefix('authorizator'))
->setType(Nette\Security\IAuthorizator::class)
->setFactory(Nette\Security\Permission::class);
foreach ($config['roles'] as $role => $parents) {
foreach ($config->roles as $role => $parents) {
$authorizator->addSetup('addRole', [$role, $parents]);
}
foreach ($config['resources'] as $resource => $parents) {
foreach ($config->resources as $resource => $parents) {
$authorizator->addSetup('addResource', [$resource, $parents]);
}

0 comments on commit bb751fe

Please sign in to comment.
You can’t perform that action at this time.