I'd like my ACL to handle ownership as well. Instead of calling
I'd like to be able to call
$user->isAllowed($resource, $privilege, $userId, $resourceId)
and check whether this user owns the reource in question.
Authorizator.php in my
folder accordingly and it works just fine. What bugs me is that I also had to
/nette/security/src/Security/User.php, which is
baaad! I do NOT want to edit core parts of framework (for too
many obviuos reasons).
What would be the best solution for me?
Last edited by BugsBunny (2015-02-16 07:14)
- Member | 2593
way. I use ORM, so i have true entities. In
you must create some your own resources.
To check rights you can't use
this method ged only users roles, not instance od User.
Inject ACL to your presenter (or any class where you need check) and use:
<?php $this->acl->isAllowed($userEntity, $resource, $privilege); // User entity is instance implements IRole and Resource is instance implements IRole. ?>
P.S. This is used in project, where user has only one role!
Last edited by Šaman (2015-02-16 13:14)
Implemented. I basically had the solution in front of me the whole time (my own /app/model/Authorizator.php implemeting Nette\Security\IAuthorizator), I was just stuck with using it through $this->user->isAllowed(…) instead of straight $this->acl->isAllowed(…). Thanks everyone!