Avoid totally rewriting of AccessRule::matchRole #380

2020-04-23 22:24:39 +02:00
parent 369c59bbb1
commit 78bd5f9de8
2 changed files with 11 additions and 27 deletions
--- a/src/User/Filter/AccessRuleFilter.php
+++ b/src/User/Filter/AccessRuleFilter.php
@ -48,38 +48,21 @@ class AccessRuleFilter extends AccessRule

    /**
     * {@inheritdoc}
-     * */
+     **/
    protected function matchRole($user)
    {
        if (empty($this->roles)) {
-            return true;
+            return parent::matchRole($user);
        }

-        foreach ($this->roles as $role) {
-            if ($role === '?') {
-                if ($user->getIsGuest()) {
-                    return true;
-                }
-            } elseif ($role === '@') {
-                if (!$user->getIsGuest()) {
-                    return true;
-                }
-            } elseif ($role === 'admin') {
-                /** @var User $identity */
-                $identity = $user->getIdentity();
-
-                if (!$user->getIsGuest() && $identity->getIsAdmin()) {
-                    return true;
-                }
-            } else {
-                $roleParams = $this->roleParams instanceof Closure
-                    ? call_user_func($this->roleParams, $this)
-                    : $this->roleParams;
-
-                if ($user->can($role, $roleParams)) {
-                    return true;
-                }
-            }
+        // We just check our custom role "admin" otherwise call back the original implementation
+        if (!in_array("admin", $this->roles)) {
+            return parent::matchRole($user);
+        }
+        /** @var User $identity */
+        $identity = $user->getIdentity();
+        if (!$user->getIsGuest() && $identity->getIsAdmin()) {
+            return true;
        }

        return false;