107 lines
4.1 KiB
PHP
107 lines
4.1 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Core;
|
|
|
|
use Nette;
|
|
use Nette\Security\Authorizator;
|
|
|
|
/**
|
|
* Tady řešíme oprávnění.
|
|
*/
|
|
final class MujAutorizator implements Authorizator
|
|
{
|
|
// role:
|
|
public const roleAdmin = "roleAdmin"; // ten může vše
|
|
public const roleKlientiZdr = "roleKlientiZdr"; // čtení
|
|
public const roleKlientiZdrZapis = "roleKlientiZdrZapis"; // zápis
|
|
public const roleZaznamyZdr = "roleZaznamyZdr";
|
|
public const roleIndikace = "roleIndikace";
|
|
public const roleNavstevy = "roleNavstevy";
|
|
public const roleKlientiSoc = "roleKlientiSoc"; // čtení
|
|
public const roleKlientiSocZapis = "roleKlientiSocZapis"; // zápis
|
|
public const roleZaznamySoc = "roleZaznamySoc";
|
|
public const roleOsobniUcty = "roleOsobniUcty";
|
|
|
|
// resources (jednotlivé agendy):
|
|
public const resVykazat = "resVykazat";
|
|
public const resIndikace = "resIndikace";
|
|
public const resNavstevy = "resNavstevy";
|
|
public const resNavstevaAdd = "resNavstevaAdd";
|
|
public const resKontakty = "resKontakty";
|
|
public const resFotoZdr = "resFotoZdr";
|
|
public const resFotoZdrAdd = "resFotoZdrAdd";
|
|
public const resFotoSoc = "resFotoSoc";
|
|
public const resFotoSocAdd = "resFotoSocAdd";
|
|
public const resZaznamyZdr = "resZaznamyZdr";
|
|
public const resZaznamySoc = "resZaznamySoc";
|
|
public const resOsobniUcty = "resOsobniUcty";
|
|
public const resPosledniPece = "resPosledniPece";
|
|
|
|
// operace (vytváření, mazání, ...) zatím neřešíme
|
|
|
|
public function isAllowed($role, $resource, $operation): bool
|
|
{
|
|
if ($role == MujAutorizator::roleAdmin)
|
|
return Authorizator::Allow; // může vše
|
|
|
|
switch ($resource) {
|
|
case MujAutorizator::resVykazat:
|
|
return Authorizator::Allow; // vždy povolit
|
|
case MujAutorizator::resIndikace:
|
|
if ($role == MujAutorizator::roleIndikace)
|
|
return Authorizator::Allow;
|
|
break;
|
|
case MujAutorizator::resNavstevy:
|
|
if ($role == MujAutorizator::roleNavstevy)
|
|
return Authorizator::Allow;
|
|
break;
|
|
case MujAutorizator::resNavstevaAdd:
|
|
if ($role == MujAutorizator::roleNavstevy)
|
|
return Authorizator::Allow;
|
|
break;
|
|
case MujAutorizator::resFotoZdr:
|
|
if ($role == MujAutorizator::roleKlientiZdr)
|
|
return Authorizator::Allow;
|
|
break;
|
|
case MujAutorizator::resFotoZdrAdd:
|
|
if ($role == MujAutorizator::roleKlientiZdrZapis)
|
|
return Authorizator::Allow;
|
|
break;
|
|
case MujAutorizator::resFotoSoc:
|
|
if ($role == MujAutorizator::roleKlientiSoc)
|
|
return Authorizator::Allow;
|
|
break;
|
|
case MujAutorizator::resFotoSocAdd:
|
|
if ($role == MujAutorizator::roleKlientiSocZapis)
|
|
return Authorizator::Allow;
|
|
break;
|
|
case MujAutorizator::resKontakty:
|
|
if ($role == MujAutorizator::roleKlientiZdr or $role == MujAutorizator::roleKlientiSoc)
|
|
return Authorizator::Allow;
|
|
break;
|
|
case MujAutorizator::resZaznamyZdr:
|
|
if ($role == MujAutorizator::roleZaznamyZdr)
|
|
return Authorizator::Allow;
|
|
break;
|
|
case MujAutorizator::resZaznamySoc:
|
|
if ($role == MujAutorizator::roleZaznamySoc)
|
|
return Authorizator::Allow;
|
|
break;
|
|
case MujAutorizator::resOsobniUcty:
|
|
if ($role == MujAutorizator::roleOsobniUcty)
|
|
return Authorizator::Allow;
|
|
break;
|
|
case MujAutorizator::resPosledniPece:
|
|
if ($role == MujAutorizator::roleKlientiSoc)
|
|
return Authorizator::Allow;
|
|
break;
|
|
default:
|
|
return Authorizator::Deny;
|
|
}
|
|
|
|
return Authorizator::Deny;
|
|
}
|
|
}
|