Gatekeeper

Immutable access control helper.

class Gatekeeper

This class determines the user's subjects upon instantiation and stores them for its duration.

Copyright
2015-2016 Appertly
License
Apache-2.0

Constructors / Destructors

Public
ReturnsSignature and Description
void
__construct(Service $aclService, Principal $principal, array<SubjectResolver> $subjectResolvers)

Creates a new Gatekeeper.

Instance Methods

Public
ReturnsSignature and Description
void
assert(string $verb, string $type, mixed $id)

Determines if the currently authenticated user can access the resource.

void
assertAll<T>(string $verb, string $type, Traversable<T> $ids)

Determines if the currently authenticated user can access the resources.

bool
can(string $verb, string $type, mixed $id)

Determines if the currently authenticated user can access the resource.

Method Details

__construct

public function __construct(Service $aclService, Principal $principal, array<SubjectResolver> $subjectResolvers)

Creates a new Gatekeeper.

Parameters
NameTypeDescription
$aclServiceService

The ACL service

$principalPrincipal

The authenticated principal

$subjectResolversarray<SubjectResolver>

Any additional subject resolvers

assert

public function assert(string $verb, string $type, mixed $id)

Determines if the currently authenticated user can access the resource.

Parameters
NameTypeDescription
$verbstring

The verb (e.g. 'read', 'write')

$typestring

The type of object

$idmixed

The object identifier

Throws
TypeConditions
Forbidden

If the user has no access

assertAll

public function assertAll<T>(string $verb, string $type, Traversable<T> $ids)

Determines if the currently authenticated user can access the resources.

Since
0.5.1
Parameters
NameTypeDescription
$verbstring

The verb (e.g. 'read', 'write')

$typestring

The type of object

$idsTraversable<T>

The object identifiers

Throws
TypeConditions
Forbidden

If the user has no access

can

public function can(string $verb, string $type, mixed $id)

Determines if the currently authenticated user can access the resource.

Parameters
NameTypeDescription
$verbstring

The verb (e.g. 'read', 'write')

$typestring

The type of object

$idmixed

The object identifier

Returns
TypeDescription
bool

Whether the user has access