Merge pull request #14 from joanrodas/dev

Add permission callback + Fix roles and capabilities
joanrodas · May 4, 2022 · cfc1a31 · cfc1a31
2 parents 62e9610 + 332b307
commit cfc1a31
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 5 deletions.
diff --git a/PluboRoutes/Endpoint/Endpoint.php b/PluboRoutes/Endpoint/Endpoint.php
@@ -40,7 +40,7 @@ abstract class Endpoint implements EndpointInterface
      *
      * @var string
      */
-    private $method;
+    protected $method;
 
     /**
      * Constructor.

diff --git a/PluboRoutes/Route/Route.php b/PluboRoutes/Route/Route.php
@@ -144,7 +144,7 @@ public function hasRolesCallback()
      */
     public function getRoles()
     {
-        $roles = $this->config['allowed_roles'] ?? [];
+        $roles = $this->config['allowed_roles'] ?? false;
         return $roles;
     }
 
@@ -166,10 +166,21 @@ public function hasCapabilitiesCallback()
      */
     public function getCapabilities()
     {
-        $capabilities = $this->config['allowed_caps'] ?? [];
+        $capabilities = $this->config['allowed_caps'] ?? false;
         return $capabilities;
     }
 
+    /**
+     * Get the permission callback.
+     *
+     * @return boolean
+     */
+    public function getPermissionCallback()
+    {
+        $permission_callback = $this->config['permission_callback'] ?? false;
+        return $permission_callback;
+    }
+
     /**
      * Check if route has basic auth.
      *

diff --git a/PluboRoutes/RoutesProcessor.php b/PluboRoutes/RoutesProcessor.php
@@ -178,6 +178,7 @@ public function doRouteActions()
 
     private function executeRouteHook()
     {
+        $this->checkPermissionCallback();
         $user = wp_get_current_user();
         if ($this->checkLoggedIn($user)) {
             $this->checkRoles($user);
@@ -187,6 +188,18 @@ private function executeRouteHook()
         do_action($this->matched_route->getAction(), $this->matched_args);
     }
 
+    private function checkPermissionCallback()
+    {
+        $permission_callback = $this->matched_route->getPermissionCallback();
+        if (!$permission_callback || !is_callable($permission_callback)) {
+            return;
+        }
+        $has_access = call_user_func($permission_callback, $this->matched_args);
+        if (!$has_access) {
+            $this->forbidAccess();
+        }
+    }
+
     private function checkLoggedIn($user)
     {
         $is_logged_in = $user->exists();
@@ -203,15 +216,18 @@ private function checkRoles($user)
         if ($this->matched_route->hasRolesCallback()) {
             $allowed_roles = call_user_func($allowed_roles, $this->matched_args);
         }
-        if ($allowed_roles && !array_intersect((array)$user->roles, (array)$allowed_roles)) {
+        if ($allowed_roles !== false && !array_intersect((array)$user->roles, (array)$allowed_roles)) {
             $this->forbidAccess();
         }
     }
 
     private function checkCapabilities($user)
     {
         $allowed_caps = $this->getAllowedCapabilities();
-        $is_allowed = $allowed_caps ? false : true;
+        if($allowed_caps === false) {
+            return;
+        }
+        $is_allowed = false;
         foreach ((array)$allowed_caps as $allowed_cap) {
             if ($user->has_cap($allowed_cap)) {
                 $is_allowed = true;