Implement permission check in routes

2026-01-11 17:58:41 +00:00 · 2018-08-17 19:56:21 +02:00 · 2018-08-17 19:56:21 +02:00 · cd8f4945e6
commit cd8f4945e6
parent 8a3893b36b
3 changed files with 15 additions and 24 deletions
--- a/Autoloader.php
+++ b/Autoloader.php
@ -81,7 +81,7 @@ final class Autoloader
        $class = \str_replace(['_', '\\'], '/', $class);
        foreach (self::$paths as $path) {
-            if (file_exists($file = $path . $class . '.php')) {
+            if (\file_exists($file = $path . $class . '.php')) {
                include_once $file;
                return;
@ -106,7 +106,7 @@ final class Autoloader
        $class = \str_replace(['_', '\\'], '/', $class);
        foreach (self::$paths as $path) {
-            if (file_exists($file = $path . $class . '.php')) {
+            if (\file_exists($file = $path . $class . '.php')) {
                return true;
            }
        }
--- a/Router/Router.php
+++ b/Router/Router.php
@ -60,7 +60,7 @@ final class Router
     * Add route.
     *
     * @param string $route       Route regex
-     * @param mixed  $destination Destination e.g. Module:function & verb
+     * @param mixed  $destination Destination e.g. Module:function string or callback
     * @param int    $verb        Request verb
     *
     * @return void
@ -91,22 +91,22 @@ final class Router
     *
     * @since  1.0.0
     */
-    public function route($request, int $verb = RouteVerb::GET) : array
+    public function route(string $request, int $verb = RouteVerb::GET, string $app = '', string $orgId = '', $account = null) : array
    {
        if ($request instanceof RequestAbstract) {
            $uri  = $request->getUri()->getRoute();
            $verb = $request->getRouteVerb();
        } elseif (\is_string($request)) {
            $uri = $request;
        } else {
            throw new \InvalidArgumentException();
        }
        $bound = [];
        foreach ($this->routes as $route => $destination) {
            foreach ($destination as $d) {
-                if ($this->match($route, $d['verb'], $uri, $verb)) {
+                if ($this->match($route, $d['verb'], $request, $verb)) {
-                    $bound[] = ['dest' => $d['dest']];
+                    if (!isset($d['permission']) 
                        || !isset($account) 
                        || (isset($d['permission']) 
                            && isset($account) 
                            && $account->hasPermission($d['permission']['type'], $orgId, $app, $d['permission']['module'], $d['permission']['state']))
                    ) {
                        $bound[] = ['dest' => $d['dest']];
                    } else {
                        array_merge($bound, $this->route('/' . $app . '/e403', $verb));
                    }
                }
            }
        }
--- a/tests/Router/RouterTest.php
+++ b/tests/Router/RouterTest.php
@ -75,13 +75,4 @@ class RouterTest extends \PHPUnit\Framework\TestCase
            $router->route('http://test.com/backends/admin/settings/general/something?test', RouteVerb::GET)
        );
    }
    /**
     * @expectedException \InvalidArgumentException
     */
    public function testInvalidRequestType()
    {
        $router = new Router();
        $router->route([]);
    }
 }