diff --git a/CHANGELOG.md b/CHANGELOG.md index 5176f7e..637e949 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ # CHANGELOG ## work in progress + - Fix #380: Avoid rewriting AccessRule::matchRole (maxxer) - Fix #378: Add module attribute 'disableIpLogging' (jkmssoft) ## 1.5.1 April 5, 2020 diff --git a/src/User/Filter/AccessRuleFilter.php b/src/User/Filter/AccessRuleFilter.php index 9b4a261..cbca56d 100644 --- a/src/User/Filter/AccessRuleFilter.php +++ b/src/User/Filter/AccessRuleFilter.php @@ -48,38 +48,21 @@ class AccessRuleFilter extends AccessRule /** * {@inheritdoc} - * */ + **/ protected function matchRole($user) { if (empty($this->roles)) { - return true; + return parent::matchRole($user); } - foreach ($this->roles as $role) { - if ($role === '?') { - if ($user->getIsGuest()) { - return true; - } - } elseif ($role === '@') { - if (!$user->getIsGuest()) { - return true; - } - } elseif ($role === 'admin') { - /** @var User $identity */ - $identity = $user->getIdentity(); - - if (!$user->getIsGuest() && $identity->getIsAdmin()) { - return true; - } - } else { - $roleParams = $this->roleParams instanceof Closure - ? call_user_func($this->roleParams, $this) - : $this->roleParams; - - if ($user->can($role, $roleParams)) { - return true; - } - } + // We just check our custom role "admin" otherwise call back the original implementation + if (!in_array("admin", $this->roles)) { + return parent::matchRole($user); + } + /** @var User $identity */ + $identity = $user->getIdentity(); + if (!$user->getIsGuest() && $identity->getIsAdmin()) { + return true; } return false;