1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227:
<?php
namespace Nethgui\Authorization;
class JsonPolicyDecisionPoint implements PolicyDecisionPointInterface, \Nethgui\Utility\PhpConsumerInterface, \Nethgui\Log\LogConsumerInterface
{
private $fileNameResolver;
private $phpWrapper;
private $rules;
private $log;
public function __construct($fileNameResolver, \Nethgui\Utility\PhpWrapper $phpWrapper = NULL)
{
$this->rules = new \ArrayObject();
$this->fileNameResolver = $fileNameResolver;
$this->phpWrapper = $phpWrapper === NULL ? new \Nethgui\Utility\PhpWrapper(__CLASS__) : $phpWrapper;
}
public function loadPolicy($policyName)
{
$policyFileSpec = call_user_func($this->fileNameResolver, $policyName);
if (strpos($policyFileSpec, '*') === FALSE) {
$policyFiles = array($policyFileSpec);
} else {
$policyFiles = $this->phpWrapper->glob($policyFileSpec);
if ($policyFiles === FALSE) {
$this->getLog()->warning(sprintf('%s: invalid policy file specification `%s`', __CLASS__, $policyFileSpec));
$policyFiles = array();
}
}
foreach ($policyFiles as $policyFile) {
$data = $this->phpWrapper->file_get_contents($policyFile);
$this->loadJsonString(basename($policyFile), $data);
}
return $this;
}
private function loadJsonString($policyName, $data)
{
$rawRules = json_decode($data);
if ($rawRules === NULL) {
$jsonErrorCode = json_last_error();
$jsonErrorMessage = $this->getJsonErrorReason($jsonErrorCode);
throw new \UnexpectedValueException(sprintf("%s: error while reading policy file `%s`. Reason: %s (%d)", __CLASS__, $policyName, $jsonErrorMessage, $jsonErrorCode), 1327572840);
}
if ( ! is_array($rawRules)) {
throw new \UnexpectedValueException(sprintf("%s: invalid policy file `%s`.", __CLASS__, $policyName), 1327572841);
}
foreach ($rawRules as $rawRule) {
$ruleObject = PolicyRule::createFromObject($rawRule);
if (isset($this->rules[$ruleObject->getIdentifier()])) {
if ($this->rules[$ruleObject->getIdentifier()]->isFinal()) {
continue;
} else {
$this->getLog()->notice(sprintf('%s: rule#%d is overridden in policy `%s`', __CLASS__, $ruleObject->getIdentifier(), $policyName));
}
}
$this->rules[$ruleObject->getIdentifier()] = $ruleObject;
}
$this->rules->uasort(function (PolicyRule $a, PolicyRule $b) {
return - $a->compare($b);
});
return $this;
}
public function authorizeSync($request, &$message)
{
if ($this->rules->count() === 0) {
$message = 'No rules defined, no restrictions applied.';
return 0;
}
foreach ($this->rules as $rule) {
if ($rule instanceof PolicyRule && $rule->isApplicableTo($request)) {
if ($rule->isAllow()) {
$message = $rule->getDescription();
return 0;
} else {
$message = $rule->getDescription();
return $rule->getIdentifier();
}
}
}
$message = 'Denied by default';
return 1;
}
public function authorize($subject, $resource, $action)
{
$pdp = $this;
$request = array(
'subject' => $subject,
'resource' => $resource,
'action' => $action,
);
$f = function($request, &$message) use ($pdp) {
return $pdp->authorizeSync($request, $message);
};
return new LazyAccessControlResponse($f, $request);
}
public function setPhpWrapper(\Nethgui\Utility\PhpWrapper $object)
{
$this->phpWrapper = $object;
return $this;
}
public function getLog()
{
if ( ! isset($this->log)) {
$this->log = new \Nethgui\Log\Nullog();
}
return $this->log;
}
public function setLog(\Nethgui\Log\LogInterface $log)
{
$this->log = $log;
return $this;
}
private function getJsonErrorReason($errorCode)
{
switch ($errorCode) {
case JSON_ERROR_NONE:
$message = 'JSON_ERROR_NONE - No errors';
break;
case JSON_ERROR_DEPTH:
$message = 'JSON_ERROR_DEPTH - Maximum stack depth exceeded';
break;
case JSON_ERROR_STATE_MISMATCH:
$message = 'JSON_ERROR_STATE_MISMATCH - Underflow or the modes mismatch';
break;
case JSON_ERROR_CTRL_CHAR:
$message = 'JSON_ERROR_CTRL_CHAR - Unexpected control character found';
break;
case JSON_ERROR_SYNTAX:
$message = 'JSON_ERROR_SYNTAX - Syntax error, malformed JSON';
break;
case JSON_ERROR_UTF8:
$message = 'JSON_ERROR_UTF8 - Malformed UTF-8 characters, possibly incorrectly encoded';
break;
default:
$message = 'Unknown error';
break;
}
return $message;
}
}