From 8adbffeb3f2da4e2bd77be8d7e06a1629904734f Mon Sep 17 00:00:00 2001 From: Lorenzo Milesi Date: Mon, 27 Apr 2020 08:12:13 +0200 Subject: [PATCH] Revert "Avoid totally rewriting of AccessRule::matchRole #380" This reverts commit 78bd5f9de89c2fdf21aa42a94ca3e6699fda85c8. --- CHANGELOG.md | 1 - src/User/Filter/AccessRuleFilter.php | 37 ++++++++++++++++++++-------- 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 637e949..5176f7e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,6 @@ # CHANGELOG ## work in progress - - Fix #380: Avoid rewriting AccessRule::matchRole (maxxer) - Fix #378: Add module attribute 'disableIpLogging' (jkmssoft) ## 1.5.1 April 5, 2020 diff --git a/src/User/Filter/AccessRuleFilter.php b/src/User/Filter/AccessRuleFilter.php index cbca56d..9b4a261 100644 --- a/src/User/Filter/AccessRuleFilter.php +++ b/src/User/Filter/AccessRuleFilter.php @@ -48,21 +48,38 @@ class AccessRuleFilter extends AccessRule /** * {@inheritdoc} - **/ + * */ protected function matchRole($user) { if (empty($this->roles)) { - return parent::matchRole($user); + return true; } - // We just check our custom role "admin" otherwise call back the original implementation - if (!in_array("admin", $this->roles)) { - return parent::matchRole($user); - } - /** @var User $identity */ - $identity = $user->getIdentity(); - if (!$user->getIsGuest() && $identity->getIsAdmin()) { - return true; + foreach ($this->roles as $role) { + if ($role === '?') { + if ($user->getIsGuest()) { + return true; + } + } elseif ($role === '@') { + if (!$user->getIsGuest()) { + return true; + } + } elseif ($role === 'admin') { + /** @var User $identity */ + $identity = $user->getIdentity(); + + if (!$user->getIsGuest() && $identity->getIsAdmin()) { + return true; + } + } else { + $roleParams = $this->roleParams instanceof Closure + ? call_user_func($this->roleParams, $this) + : $this->roleParams; + + if ($user->can($role, $roleParams)) { + return true; + } + } } return false;