Avoid totally rewriting of AccessRule::matchRole #380

CHANGELOG.md

@@ -1,6 +1,7 @@
 # CHANGELOG
 
 ## work in progress
+ - Fix #380: Avoid rewriting AccessRule::matchRole (maxxer)
  - Fix #378: Add module attribute 'disableIpLogging' (jkmssoft)
 
 ## 1.5.1 April 5, 2020

src/User/Filter/AccessRuleFilter.php

@@ -48,38 +48,21 @@ class AccessRuleFilter extends AccessRule
 
     /**
      * {@inheritdoc}
-     * */
+     **/
     protected function matchRole($user)
     {
         if (empty($this->roles)) {
-            return true;
+            return parent::matchRole($user);
         }
 
-        foreach ($this->roles as $role) {
-            if ($role === '?') {
-                if ($user->getIsGuest()) {
-                    return true;
-                }
-            } elseif ($role === '@') {
-                if (!$user->getIsGuest()) {
-                    return true;
-                }
-            } elseif ($role === 'admin') {
-                /** @var User $identity */
-                $identity = $user->getIdentity();
-
-                if (!$user->getIsGuest() && $identity->getIsAdmin()) {
-                    return true;
-                }
-            } else {
-                $roleParams = $this->roleParams instanceof Closure
-                    ? call_user_func($this->roleParams, $this)
-                    : $this->roleParams;
-
-                if ($user->can($role, $roleParams)) {
-                    return true;
-                }
-            }
+        // We just check our custom role "admin" otherwise call back the original implementation
+        if (!in_array("admin", $this->roles)) {
+            return parent::matchRole($user);
+        }
+        /** @var User $identity */
+        $identity = $user->getIdentity();
+        if (!$user->getIsGuest() && $identity->getIsAdmin()) {
+            return true;
         }
 
         return false;