mirror of
https://github.com/flarum/core.git
synced 2025-08-24 17:13:44 +02:00
Policy Extender and Tests (#2461)
Policy application has also been refactored, so that policies return one of `allow`, `deny`, `forceAllow`, `forceDeny`. The result of a set of policies is no longer the first non-null result, but rather the highest priority result (forceDeny > forceAllow > deny > allow, so if a single forceDeny is present, that beats out all other returned results). This removes order in which extensions boot as a factor.
This commit is contained in:
Alexander Skvortsov
committed by
GitHub
GitHub
parent
8901073d12
commit
d1dfa758e4
69
src/Extend/Policy.php
Normal file
69
src/Extend/Policy.php
Normal file
@@ -0,0 +1,69 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of Flarum.
|
||||
*
|
||||
* For detailed copyright and license information, please view the
|
||||
* LICENSE file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Flarum\Extend;
|
||||
|
||||
use Flarum\Extension\Extension;
|
||||
use Flarum\User\Access\AbstractPolicy;
|
||||
use Illuminate\Contracts\Container\Container;
|
||||
|
||||
class Policy implements ExtenderInterface
|
||||
{
|
||||
private $globalPolicies = [];
|
||||
private $modelPolicies = [];
|
||||
|
||||
/**
|
||||
* Add a custom policy for when an ability check is ran without a model instance.
|
||||
*
|
||||
* @param string $policy ::class attribute of policy class, which must extend Flarum\User\AbstractPolicy
|
||||
*/
|
||||
public function globalPolicy(string $policy)
|
||||
{
|
||||
$this->globalPolicies[] = $policy;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a custom policy for when an ability check is ran on an instance of a model.
|
||||
*
|
||||
* @param string $modelClass The ::class attribute of the model you are applying policies to.
|
||||
* This model should extend from \Flarum\Database\AbstractModel.
|
||||
* @param string $policy ::class attribute of policy class, which must extend Flarum\User\AbstractPolicy
|
||||
*/
|
||||
public function modelPolicy(string $modelClass, string $policy)
|
||||
{
|
||||
if (! array_key_exists($modelClass, $this->modelPolicies)) {
|
||||
$this->modelPolicies[$modelClass] = [];
|
||||
}
|
||||
|
||||
$this->modelPolicies[$modelClass][] = $policy;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function extend(Container $container, Extension $extension = null)
|
||||
{
|
||||
$container->extend('flarum.policies', function ($existingPolicies) {
|
||||
foreach ($this->modelPolicies as $modelClass => $addPolicies) {
|
||||
if (! array_key_exists($modelClass, $existingPolicies)) {
|
||||
$existingPolicies[$modelClass] = [];
|
||||
}
|
||||
|
||||
foreach ($addPolicies as $policy) {
|
||||
$existingPolicies[$modelClass][] = $policy;
|
||||
}
|
||||
}
|
||||
|
||||
$existingPolicies[AbstractPolicy::GLOBAL] = array_merge($existingPolicies[AbstractPolicy::GLOBAL], $this->globalPolicies);
|
||||
|
||||
return $existingPolicies;
|
||||
});
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user