getPermissions($nodes); if (is_array($permissions) && array_key_exists('data', $permissions) && is_array($permissions['data'])) { $rules = $permissions['data']; $rights = isset($permissions['supportedRights']) && count($permissions['supportedRights']) ? $permissions['supportedRights'] : false; if ($rights) { $self = $this; $nodes = array_map(static function ($node) use ($rules, $self, $rights) { if (is_array($node)) { if (array_key_exists('children', $node)) { $node['children'] = $self->fillPermissions($node['children']); } if (array_key_exists('uri', $node)) { $node['accessMode'] = $self->getAccessMode($rules, $rights, $node['uri']); } } return $node; }, $nodes); } } return $nodes; } /** * partial|denied|allowed * @param array $rules * @param array $supportedRights * @param string $uri * @return string */ private function getAccessMode(array $rules, array $supportedRights, string $uri): string { $itemRules = array_key_exists($uri, $rules) ? $rules[$uri] : []; if ( count($supportedRights) === 0 || $itemRules == $supportedRights || (in_array('GRANT', $itemRules, true)) ) { return 'allowed'; } if (!count($itemRules)) { return 'denied'; } return 'partial'; } /** * @param array $resources * @return array */ private function getPermissions(array $resources): array { if (!$this->permissions) { //retrieve resources permissions $user = $this->getSession() ? $this->getSession()->getUser() : null; $this->permissions = $user ? $this->getResourceService()->getResourcesPermissions($user, $resources) : []; } return $this->permissions; } /** * @return common_session_AnonymousSession|common_session_Session|null */ private function getSession(): common_session_Session { return $this->getServiceLocator()->get(SessionService::SERVICE_ID)->getCurrentSession(); } /** * @return ResourceService|object */ protected function getResourceService(): ResourceService { return $this->getServiceLocator()->get(ResourceService::SERVICE_ID); } }