Support for callback policies

thekordy · Nov 6, 2016 · 3174525 · 3174525
1 parent 0273361
commit 3174525
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 11 deletions.
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-This package is a set of tools for Laravel 5.1 and 5.2 to facilitate authorize management for your Laravel project or package. You can use AuzoTools to manage authorization in your project, or to provide configurable authorization option for your package users.
+This package is a set of tools for Laravel 5.1, 5.2, and 5.3 to facilitate authorize management for your Laravel project or package. You can use AuzoTools to manage authorization in your project, or to provide configurable authorization option for your package users.
 
 ## Tools included:
 1. [Manage Laravel authorization.](#manage-laravel-authorization)
@@ -45,6 +45,49 @@ Parameter functions can act as policies, so when AuzoTools is evaluating a user
 
 See an example at the [test file](https://github.com/thekordy/auzo-tools/blob/master/tests/PermissionRegistrarTest.php)
 
+### You have two ways to define policies, either callbacks or a dedicated class methods. ###
+
+#### 1. Callbacks policies ####
+
+Create config file as this one:
+
+```php
+// config/acl.php
+
+return [
+    'before' => [
+        function($user, $ability) {
+            return $user->id == 1;
+        }
+    ],
+    'abilities' => [
+
+        'post.update' => [
+            function($user, $ability, $model) { return $user->id == 3; },
+            ['or' => function ($user, $ability, $model) { return $user->id == 2; }],
+        ],
+
+        'post.destroy' => [
+            function ($user, $ability, $model) { return $user->id == 2; },
+        ],
+    ],
+    // use this to log or monitor authorization given to users
+    //  you may not modify the result of the authorization check from an after callback
+    'after' => [
+        function ($user, $ability, $result, $arguments = null)
+        {
+            if ($result) {
+                \Log::info("Authorization Log: User $user->name ($user->email) is granted access to ability $ability at ".date('d-m-Y H:j'));
+            } else {
+                \Log::info("Authorization Log: User $user->name ($user->email) is forbidden to access ability $ability at ".date('d-m-Y H:j'));
+            }
+        },
+    ],
+];
+```
+
+#### 2. Dedicated class methods ####
+
 Create config file as this one:
 
 ```php
@@ -141,6 +184,8 @@ class MyPolicyClass
 }
 ```
 
+### Finally: ###
+
 Load Abilities to Laravel Gate at boot by runing the `\AuzoToolsPermissionRegistrar::registerPermissions($abilities_policies)` in your service provider 
 ```php
 // app/Providers/AppServiceProvider.php

diff --git a/src/Services/PermissionRegistrar.php b/src/Services/PermissionRegistrar.php
@@ -96,12 +96,17 @@ private function runGateBefore(array $before_permissions)
                     $operator = 'and';
                 }
 
-                list($class, $method) = explode('@', $policy);
-                $policy_method = app($class)->$method($user, $ability); // should return boolean
+                if (is_callable($policy)) {
+                    $policy_method_return = call_user_func($policy, $user, $ability);
+                } else {
+                    list($class, $method) = explode('@', $policy);
+                    $policy_method_return = app($class)->$method($user, $ability); // should return boolean
+                }
+
                 if ($operator === 'or' || $operator === '||') {
-                    $result = $result || $policy_method;
+                    $result = $result || $policy_method_return;
                 } else {
-                    $result = $result && $policy_method;
+                    $result = $result && $policy_method_return;
                 }
             }
             if ($result == true) {
@@ -119,8 +124,13 @@ private function runGateAfter(array $after_authorization_callbacks)
     {
         $this->gate->after(function ($user, $ability, $result, $arguments = null) use ($after_authorization_callbacks) {
             foreach ($after_authorization_callbacks as $callback) {
-                list($class, $method) = explode('@', $callback);
-                app($class)->$method($user, $ability, $result, $arguments);
+
+                if (is_callable($callback)) {
+                    call_user_func($callback, $user, $ability, $result, $arguments);
+                } else {
+                    list($class, $method) = explode('@', $callback);
+                    app($class)->$method($user, $ability, $result, $arguments); // should return boolean
+                }
             }
         });
     }
@@ -144,12 +154,17 @@ private function runGateDefine(array $abilities_permissions)
                         $operator = 'and';
                     }
 
-                    list($class, $method) = explode('@', $policy);
-                    $policy_method = app($class)->$method($user, $ability, $model); // should return boolean
+                    if (is_callable($policy)) {
+                        $policy_method_return = call_user_func($policy, $user, $ability, $model);
+                    } else {
+                        list($class, $method) = explode('@', $policy);
+                        $policy_method_return = app($class)->$method($user, $ability, $model); // should return boolean
+                    }
+
                     if ($operator === 'or' || $operator === '||') {
-                        $result = $result || $policy_method;
+                        $result = $result || $policy_method_return;
                     } else {
-                        $result = $result && $policy_method;
+                        $result = $result && $policy_method_return;
                     }
                 }