탐색 도움말
가입하기 로그인
zhangbj
/
web
Watch 1
Star 0
포크 0
코드 이슈 1 풀 리퀘스트 0 릴리즈 0 위키 Activity
2 커밋
1 브랜치
트리: 97d25c38f3
브랜치 태그
${ item.name }
Create branch ${ searchTerm }
from '97d25c38f3'
${ noResults }
web/vendor/illuminate/auth/Access/Gate.php

Gate.php 15KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561 
  1. <?php

  2. 

  3. namespace Illuminate\Auth\Access;

  4. 

  5. use Illuminate\Support\Arr;

  6. use Illuminate\Support\Str;

  7. use InvalidArgumentException;

  8. use Illuminate\Contracts\Container\Container;

  9. use Illuminate\Contracts\Auth\Access\Gate as GateContract;

  10. 

  11. class Gate implements GateContract

  12. {

  13.     use HandlesAuthorization;

  14. 

  15.     /**

  16.      * The container instance.

  17.      *

  18.      * @var \Illuminate\Contracts\Container\Container

  19.      */

  20.     protected $container;

  21. 

  22.     /**

  23.      * The user resolver callable.

  24.      *

  25.      * @var callable

  26.      */

  27.     protected $userResolver;

  28. 

  29.     /**

  30.      * All of the defined abilities.

  31.      *

  32.      * @var array

  33.      */

  34.     protected $abilities = [];

  35. 

  36.     /**

  37.      * All of the defined policies.

  38.      *

  39.      * @var array

  40.      */

  41.     protected $policies = [];

  42. 

  43.     /**

  44.      * All of the registered before callbacks.

  45.      *

  46.      * @var array

  47.      */

  48.     protected $beforeCallbacks = [];

  49. 

  50.     /**

  51.      * All of the registered after callbacks.

  52.      *

  53.      * @var array

  54.      */

  55.     protected $afterCallbacks = [];

  56. 

  57.     /**

  58.      * Create a new gate instance.

  59.      *

  60.      * @param  \Illuminate\Contracts\Container\Container  $container

  61.      * @param  callable  $userResolver

  62.      * @param  array  $abilities

  63.      * @param  array  $policies

  64.      * @param  array  $beforeCallbacks

  65.      * @param  array  $afterCallbacks

  66.      * @return void

  67.      */

  68.     public function __construct(Container $container, callable $userResolver, array $abilities = [],

  69.                                 array $policies = [], array $beforeCallbacks = [], array $afterCallbacks = [])

  70.     {

  71.         $this->policies = $policies;

  72.         $this->container = $container;

  73.         $this->abilities = $abilities;

  74.         $this->userResolver = $userResolver;

  75.         $this->afterCallbacks = $afterCallbacks;

  76.         $this->beforeCallbacks = $beforeCallbacks;

  77.     }

  78. 

  79.     /**

  80.      * Determine if a given ability has been defined.

  81.      *

  82.      * @param  string|array  $ability

  83.      * @return bool

  84.      */

  85.     public function has($ability)

  86.     {

  87.         $abilities = is_array($ability) ? $ability : func_get_args();

  88. 

  89.         foreach ($abilities as $ability) {

  90.             if (! isset($this->abilities[$ability])) {

  91.                 return false;

  92.             }

  93.         }

  94. 

  95.         return true;

  96.     }

  97. 

  98.     /**

  99.      * Define a new ability.

  100.      *

  101.      * @param  string  $ability

  102.      * @param  callable|string  $callback

  103.      * @return $this

  104.      *

  105.      * @throws \InvalidArgumentException

  106.      */

  107.     public function define($ability, $callback)

  108.     {

  109.         if (is_callable($callback)) {

  110.             $this->abilities[$ability] = $callback;

  111.         } elseif (is_string($callback) && Str::contains($callback, '@')) {

  112.             $this->abilities[$ability] = $this->buildAbilityCallback($ability, $callback);

  113.         } else {

  114.             throw new InvalidArgumentException("Callback must be a callable or a 'Class@method' string.");

  115.         }

  116. 

  117.         return $this;

  118.     }

  119. 

  120.     /**

  121.      * Define abilities for a resource.

  122.      *

  123.      * @param  string  $name

  124.      * @param  string  $class

  125.      * @param  array|null   $abilities

  126.      * @return $this

  127.      */

  128.     public function resource($name, $class, array $abilities = null)

  129.     {

  130.         $abilities = $abilities ?: [

  131.             'view'   => 'view',

  132.             'create' => 'create',

  133.             'update' => 'update',

  134.             'delete' => 'delete',

  135.         ];

  136. 

  137.         foreach ($abilities as $ability => $method) {

  138.             $this->define($name.'.'.$ability, $class.'@'.$method);

  139.         }

  140. 

  141.         return $this;

  142.     }

  143. 

  144.     /**

  145.      * Create the ability callback for a callback string.

  146.      *

  147.      * @param  string  $ability

  148.      * @param  string  $callback

  149.      * @return \Closure

  150.      */

  151.     protected function buildAbilityCallback($ability, $callback)

  152.     {

  153.         return function () use ($ability, $callback) {

  154.             list($class, $method) = Str::parseCallback($callback);

  155. 

  156.             $policy = $this->resolvePolicy($class);

  157. 

  158.             $arguments = func_get_args();

  159. 

  160.             $user = array_shift($arguments);

  161. 

  162.             $result = $this->callPolicyBefore(

  163.                 $policy, $user, $ability, $arguments

  164.             );

  165. 

  166.             if (! is_null($result)) {

  167.                 return $result;

  168.             }

  169. 

  170.             return $policy->{$method}(...func_get_args());

  171.         };

  172.     }

  173. 

  174.     /**

  175.      * Define a policy class for a given class type.

  176.      *

  177.      * @param  string  $class

  178.      * @param  string  $policy

  179.      * @return $this

  180.      */

  181.     public function policy($class, $policy)

  182.     {

  183.         $this->policies[$class] = $policy;

  184. 

  185.         return $this;

  186.     }

  187. 

  188.     /**

  189.      * Register a callback to run before all Gate checks.

  190.      *

  191.      * @param  callable  $callback

  192.      * @return $this

  193.      */

  194.     public function before(callable $callback)

  195.     {

  196.         $this->beforeCallbacks[] = $callback;

  197. 

  198.         return $this;

  199.     }

  200. 

  201.     /**

  202.      * Register a callback to run after all Gate checks.

  203.      *

  204.      * @param  callable  $callback

  205.      * @return $this

  206.      */

  207.     public function after(callable $callback)

  208.     {

  209.         $this->afterCallbacks[] = $callback;

  210. 

  211.         return $this;

  212.     }

  213. 

  214.     /**

  215.      * Determine if the given ability should be granted for the current user.

  216.      *

  217.      * @param  string  $ability

  218.      * @param  array|mixed  $arguments

  219.      * @return bool

  220.      */

  221.     public function allows($ability, $arguments = [])

  222.     {

  223.         return $this->check($ability, $arguments);

  224.     }

  225. 

  226.     /**

  227.      * Determine if the given ability should be denied for the current user.

  228.      *

  229.      * @param  string  $ability

  230.      * @param  array|mixed  $arguments

  231.      * @return bool

  232.      */

  233.     public function denies($ability, $arguments = [])

  234.     {

  235.         return ! $this->allows($ability, $arguments);

  236.     }

  237. 

  238.     /**

  239.      * Determine if all of the given abilities should be granted for the current user.

  240.      *

  241.      * @param  iterable|string  $abilities

  242.      * @param  array|mixed  $arguments

  243.      * @return bool

  244.      */

  245.     public function check($abilities, $arguments = [])

  246.     {

  247.         return collect($abilities)->every(function ($ability) use ($arguments) {

  248.             try {

  249.                 return (bool) $this->raw($ability, $arguments);

  250.             } catch (AuthorizationException $e) {

  251.                 return false;

  252.             }

  253.         });

  254.     }

  255. 

  256.     /**

  257.      * Determine if any one of the given abilities should be granted for the current user.

  258.      *

  259.      * @param  iterable|string  $abilities

  260.      * @param  array|mixed  $arguments

  261.      * @return bool

  262.      */

  263.     public function any($abilities, $arguments = [])

  264.     {

  265.         return collect($abilities)->contains(function ($ability) use ($arguments) {

  266.             return $this->check($ability, $arguments);

  267.         });

  268.     }

  269. 

  270.     /**

  271.      * Determine if the given ability should be granted for the current user.

  272.      *

  273.      * @param  string  $ability

  274.      * @param  array|mixed  $arguments

  275.      * @return \Illuminate\Auth\Access\Response

  276.      *

  277.      * @throws \Illuminate\Auth\Access\AuthorizationException

  278.      */

  279.     public function authorize($ability, $arguments = [])

  280.     {

  281.         $result = $this->raw($ability, $arguments);

  282. 

  283.         if ($result instanceof Response) {

  284.             return $result;

  285.         }

  286. 

  287.         return $result ? $this->allow() : $this->deny();

  288.     }

  289. 

  290.     /**

  291.      * Get the raw result from the authorization callback.

  292.      *

  293.      * @param  string  $ability

  294.      * @param  array|mixed  $arguments

  295.      * @return mixed

  296.      */

  297.     protected function raw($ability, $arguments = [])

  298.     {

  299.         if (! $user = $this->resolveUser()) {

  300.             return false;

  301.         }

  302. 

  303.         $arguments = Arr::wrap($arguments);

  304. 

  305.         // First we will call the "before" callbacks for the Gate. If any of these give

  306.         // back a non-null response, we will immediately return that result in order

  307.         // to let the developers override all checks for some authorization cases.

  308.         $result = $this->callBeforeCallbacks(

  309.             $user, $ability, $arguments

  310.         );

  311. 

  312.         if (is_null($result)) {

  313.             $result = $this->callAuthCallback($user, $ability, $arguments);

  314.         }

  315. 

  316.         // After calling the authorization callback, we will call the "after" callbacks

  317.         // that are registered with the Gate, which allows a developer to do logging

  318.         // if that is required for this application. Then we'll return the result.

  319.         $this->callAfterCallbacks(

  320.             $user, $ability, $arguments, $result

  321.         );

  322. 

  323.         return $result;

  324.     }

  325. 

  326.     /**

  327.      * Resolve and call the appropriate authorization callback.

  328.      *

  329.      * @param  \Illuminate\Contracts\Auth\Authenticatable  $user

  330.      * @param  string  $ability

  331.      * @param  array  $arguments

  332.      * @return bool

  333.      */

  334.     protected function callAuthCallback($user, $ability, array $arguments)

  335.     {

  336.         $callback = $this->resolveAuthCallback($user, $ability, $arguments);

  337. 

  338.         return $callback($user, ...$arguments);

  339.     }

  340. 

  341.     /**

  342.      * Call all of the before callbacks and return if a result is given.

  343.      *

  344.      * @param  \Illuminate\Contracts\Auth\Authenticatable  $user

  345.      * @param  string  $ability

  346.      * @param  array  $arguments

  347.      * @return bool|null

  348.      */

  349.     protected function callBeforeCallbacks($user, $ability, array $arguments)

  350.     {

  351.         $arguments = array_merge([$user, $ability], [$arguments]);

  352. 

  353.         foreach ($this->beforeCallbacks as $before) {

  354.             if (! is_null($result = $before(...$arguments))) {

  355.                 return $result;

  356.             }

  357.         }

  358.     }

  359. 

  360.     /**

  361.      * Call all of the after callbacks with check result.

  362.      *

  363.      * @param  \Illuminate\Contracts\Auth\Authenticatable  $user

  364.      * @param  string  $ability

  365.      * @param  array  $arguments

  366.      * @param  bool  $result

  367.      * @return void

  368.      */

  369.     protected function callAfterCallbacks($user, $ability, array $arguments, $result)

  370.     {

  371.         $arguments = array_merge([$user, $ability, $result], [$arguments]);

  372. 

  373.         foreach ($this->afterCallbacks as $after) {

  374.             $after(...$arguments);

  375.         }

  376.     }

  377. 

  378.     /**

  379.      * Resolve the callable for the given ability and arguments.

  380.      *

  381.      * @param  \Illuminate\Contracts\Auth\Authenticatable  $user

  382.      * @param  string  $ability

  383.      * @param  array  $arguments

  384.      * @return callable

  385.      */

  386.     protected function resolveAuthCallback($user, $ability, array $arguments)

  387.     {

  388.         if (isset($arguments[0]) &&

  389.             ! is_null($policy = $this->getPolicyFor($arguments[0])) &&

  390.             $callback = $this->resolvePolicyCallback($user, $ability, $arguments, $policy)) {

  391.             return $callback;

  392.         }

  393. 

  394.         if (isset($this->abilities[$ability])) {

  395.             return $this->abilities[$ability];

  396.         }

  397. 

  398.         return function () {

  399.             return false;

  400.         };

  401.     }

  402. 

  403.     /**

  404.      * Get a policy instance for a given class.

  405.      *

  406.      * @param  object|string  $class

  407.      * @return mixed

  408.      */

  409.     public function getPolicyFor($class)

  410.     {

  411.         if (is_object($class)) {

  412.             $class = get_class($class);

  413.         }

  414. 

  415.         if (! is_string($class)) {

  416.             return;

  417.         }

  418. 

  419.         if (isset($this->policies[$class])) {

  420.             return $this->resolvePolicy($this->policies[$class]);

  421.         }

  422. 

  423.         foreach ($this->policies as $expected => $policy) {

  424.             if (is_subclass_of($class, $expected)) {

  425.                 return $this->resolvePolicy($policy);

  426.             }

  427.         }

  428.     }

  429. 

  430.     /**

  431.      * Build a policy class instance of the given type.

  432.      *

  433.      * @param  object|string  $class

  434.      * @return mixed

  435.      */

  436.     public function resolvePolicy($class)

  437.     {

  438.         return $this->container->make($class);

  439.     }

  440. 

  441.     /**

  442.      * Resolve the callback for a policy check.

  443.      *

  444.      * @param  \Illuminate\Contracts\Auth\Authenticatable  $user

  445.      * @param  string  $ability

  446.      * @param  array  $arguments

  447.      * @param  mixed  $policy

  448.      * @return bool|callable

  449.      */

  450.     protected function resolvePolicyCallback($user, $ability, array $arguments, $policy)

  451.     {

  452.         if (! is_callable([$policy, $this->formatAbilityToMethod($ability)])) {

  453.             return false;

  454.         }

  455. 

  456.         return function () use ($user, $ability, $arguments, $policy) {

  457.             // This callback will be responsible for calling the policy's before method and

  458.             // running this policy method if necessary. This is used to when objects are

  459.             // mapped to policy objects in the user's configurations or on this class.

  460.             $result = $this->callPolicyBefore(

  461.                 $policy, $user, $ability, $arguments

  462.             );

  463. 

  464.             // When we receive a non-null result from this before method, we will return it

  465.             // as the "final" results. This will allow developers to override the checks

  466.             // in this policy to return the result for all rules defined in the class.

  467.             if (! is_null($result)) {

  468.                 return $result;

  469.             }

  470. 

  471.             $ability = $this->formatAbilityToMethod($ability);

  472. 

  473.             // If this first argument is a string, that means they are passing a class name

  474.             // to the policy. We will remove the first argument from this argument array

  475.             // because this policy already knows what type of models it can authorize.

  476.             if (isset($arguments[0]) && is_string($arguments[0])) {

  477.                 array_shift($arguments);

  478.             }

  479. 

  480.             return is_callable([$policy, $ability])

  481.                         ? $policy->{$ability}($user, ...$arguments)

  482.                         : false;

  483.         };

  484.     }

  485. 

  486.     /**

  487.      * Call the "before" method on the given policy, if applicable.

  488.      *

  489.      * @param  mixed  $policy

  490.      * @param  \Illuminate\Contracts\Auth\Authenticatable  $user

  491.      * @param  string  $ability

  492.      * @param  array  $arguments

  493.      * @return mixed

  494.      */

  495.     protected function callPolicyBefore($policy, $user, $ability, $arguments)

  496.     {

  497.         if (method_exists($policy, 'before')) {

  498.             return $policy->before($user, $ability, ...$arguments);

  499.         }

  500.     }

  501. 

  502.     /**

  503.      * Format the policy ability into a method name.

  504.      *

  505.      * @param  string  $ability

  506.      * @return string

  507.      */

  508.     protected function formatAbilityToMethod($ability)

  509.     {

  510.         return strpos($ability, '-') !== false ? Str::camel($ability) : $ability;

  511.     }

  512. 

  513.     /**

  514.      * Get a gate instance for the given user.

  515.      *

  516.      * @param  \Illuminate\Contracts\Auth\Authenticatable|mixed  $user

  517.      * @return static

  518.      */

  519.     public function forUser($user)

  520.     {

  521.         $callback = function () use ($user) {

  522.             return $user;

  523.         };

  524. 

  525.         return new static(

  526.             $this->container, $callback, $this->abilities,

  527.             $this->policies, $this->beforeCallbacks, $this->afterCallbacks

  528.         );

  529.     }

  530. 

  531.     /**

  532.      * Resolve the user from the user resolver.

  533.      *

  534.      * @return mixed

  535.      */

  536.     protected function resolveUser()

  537.     {

  538.         return call_user_func($this->userResolver);

  539.     }

  540. 

  541.     /**

  542.      * Get all of the defined abilities.

  543.      *

  544.      * @return array

  545.      */

  546.     public function abilities()

  547.     {

  548.         return $this->abilities;

  549.     }

  550. 

  551.     /**

  552.      * Get all of the defined policies.

  553.      *

  554.      * @return array

  555.      */

  556.     public function policies()

  557.     {

  558.         return $this->policies;

  559.     }

  560. }