create-prisma-php-app 4.2.1 → 4.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bootstrap.php +46 -2
- package/package.json +1 -1
package/dist/bootstrap.php
CHANGED
|
@@ -822,12 +822,51 @@ final class Bootstrap extends RuntimeException
|
|
|
822
822
|
return (json_last_error() === JSON_ERROR_NONE) ? $json : $_POST;
|
|
823
823
|
}
|
|
824
824
|
|
|
825
|
+
private static function validateAccess(Exposed $attribute): bool
|
|
826
|
+
{
|
|
827
|
+
if ($attribute->requiresAuth || !empty($attribute->allowedRoles)) {
|
|
828
|
+
$auth = Auth::getInstance();
|
|
829
|
+
|
|
830
|
+
if (!$auth->isAuthenticated()) {
|
|
831
|
+
return false;
|
|
832
|
+
}
|
|
833
|
+
|
|
834
|
+
if (!empty($attribute->allowedRoles)) {
|
|
835
|
+
$payload = $auth->getPayload();
|
|
836
|
+
$currentRole = null;
|
|
837
|
+
|
|
838
|
+
if (is_scalar($payload)) {
|
|
839
|
+
$currentRole = $payload;
|
|
840
|
+
} else {
|
|
841
|
+
$roleKey = !empty(Auth::ROLE_NAME) ? Auth::ROLE_NAME : 'role';
|
|
842
|
+
|
|
843
|
+
if (is_object($payload)) {
|
|
844
|
+
$currentRole = $payload->$roleKey ?? null;
|
|
845
|
+
} elseif (is_array($payload)) {
|
|
846
|
+
$currentRole = $payload[$roleKey] ?? null;
|
|
847
|
+
}
|
|
848
|
+
}
|
|
849
|
+
|
|
850
|
+
if ($currentRole === null || !in_array($currentRole, $attribute->allowedRoles)) {
|
|
851
|
+
return false;
|
|
852
|
+
}
|
|
853
|
+
}
|
|
854
|
+
}
|
|
855
|
+
|
|
856
|
+
return true;
|
|
857
|
+
}
|
|
858
|
+
|
|
825
859
|
private static function isFunctionAllowed(string $fn): bool
|
|
826
860
|
{
|
|
827
861
|
try {
|
|
828
862
|
$ref = new ReflectionFunction($fn);
|
|
829
863
|
$attrs = $ref->getAttributes(Exposed::class);
|
|
830
|
-
|
|
864
|
+
|
|
865
|
+
if (empty($attrs)) {
|
|
866
|
+
return false;
|
|
867
|
+
}
|
|
868
|
+
|
|
869
|
+
return self::validateAccess($attrs[0]->newInstance());
|
|
831
870
|
} catch (Throwable) {
|
|
832
871
|
return false;
|
|
833
872
|
}
|
|
@@ -838,7 +877,12 @@ final class Bootstrap extends RuntimeException
|
|
|
838
877
|
try {
|
|
839
878
|
$ref = new ReflectionMethod($class, $method);
|
|
840
879
|
$attrs = $ref->getAttributes(Exposed::class);
|
|
841
|
-
|
|
880
|
+
|
|
881
|
+
if (empty($attrs)) {
|
|
882
|
+
return false;
|
|
883
|
+
}
|
|
884
|
+
|
|
885
|
+
return self::validateAccess($attrs[0]->newInstance());
|
|
842
886
|
} catch (Throwable) {
|
|
843
887
|
return false;
|
|
844
888
|
}
|