Removed AuthenticationIdentityProvider to make LmcRbac unopiniated on…

… how identities are provided. Roll back isGranted methods to use identities

Signed-off-by: Eric Richer [email protected] <[email protected]>

composer.json

@@ -40,7 +40,6 @@
   ],
   "require": {
     "php": "^8.1 || ^8.2 || ^8.3",
-    "laminas/laminas-authentication": "^2.0",
     "laminas/laminas-servicemanager": "^3.3",
     "laminas/laminas-stdlib": "^3.1",
     "doctrine/persistence": "^2.0 || ^3.0"

src/ConfigProvider.php

@@ -47,7 +47,6 @@ public function getDependencyConfig(): array
                 \LmcRbac\Options\ModuleOptions::class => \LmcRbac\Options\ModuleOptionsFactory::class,
                 \LmcRbac\Role\InMemoryRoleProvider::class => \LmcRbac\Role\InMemoryRoleProviderFactory::class,
                 \LmcRbac\Role\ObjectRepositoryRoleProvider::class => \LmcRbac\Role\ObjectRepositoryRoleProviderFactory::class,
-                \LmcRbac\Identity\AuthenticationIdentityProvider::class => \LmcRbac\Identity\AuthenticationIdentityProviderFactory::class,
                 \LmcRbac\Service\AuthorizationServiceInterface::class => \LmcRbac\Service\AuthorizationServiceFactory::class,
                 \LmcRbac\Service\RoleServiceInterface::class => \LmcRbac\Service\RoleServiceFactory::class,
                 \LmcRbac\Rbac::class => \Laminas\ServiceManager\Factory\InvokableFactory::class,

src/Service/AuthorizationService.php

@@ -23,6 +23,7 @@
 
 use LmcRbac\Assertion\AssertionPluginManagerInterface;
 use LmcRbac\Assertion\AssertionSet;
+use LmcRbac\Identity\IdentityInterface;
 use LmcRbac\Permission\PermissionInterface;
 use LmcRbac\RbacInterface;
 
@@ -58,9 +59,9 @@ public function __construct(
         $this->assertions = $assertions;
     }
 
-    public function isGranted(string|PermissionInterface $permission, mixed $context = null): bool
+    public function isGranted(IdentityInterface|null $identity, string|PermissionInterface $permission, mixed $context = null): bool
     {
-        $roles = $this->roleService->getIdentityRoles(null, $context);
+        $roles = $this->roleService->getIdentityRoles($identity, $context);
 
         if (empty($roles)) {
             return false;
@@ -82,6 +83,6 @@ public function isGranted(string|PermissionInterface $permission, mixed $context
 
         $assertionSet = new AssertionSet($this->assertionPluginManager, $permissionAssertions);
 
-        return $assertionSet->assert($permission, $this->roleService->getIdentity(), $context);
+        return $assertionSet->assert($permission, $identity, $context);
     }
 }

src/Service/AuthorizationServiceInterface.php

@@ -21,6 +21,7 @@
 
 namespace LmcRbac\Service;
 
+use LmcRbac\Identity\IdentityInterface;
 use LmcRbac\Permission\PermissionInterface;
 
 /**
@@ -34,9 +35,10 @@ interface AuthorizationServiceInterface
     /**
      * Check if the permission is granted to the current identity
      *
+     * @param IdentityInterface|null $identity
      * @param PermissionInterface|string $permission
      * @param mixed|null $context
      * @return bool
      */
-    public function isGranted(PermissionInterface|string $permission, mixed $context = null): bool;
+    public function isGranted(?IdentityInterface $identity, PermissionInterface|string $permission, mixed $context = null): bool;
 }

src/Service/RoleService.php

@@ -35,32 +35,18 @@
  */
 class RoleService implements RoleServiceInterface
 {
-    protected IdentityProviderInterface $identityProvider;
-
     protected RoleProviderInterface $roleProvider;
 
     protected string $guestRole = '';
 
     public function __construct(
-        IdentityProviderInterface $identityProvider,
         RoleProviderInterface $roleProvider,
         string $guestRole
     ) {
-        $this->identityProvider = $identityProvider;
         $this->roleProvider = $roleProvider;
         $this->guestRole = $guestRole;
     }
 
-    /**
-     * Get the current identity from the identity provider
-     *
-     * @return IdentityInterface|null
-     */
-    public function getIdentity(): ?IdentityInterface
-    {
-        return $this->identityProvider->getIdentity();
-    }
-
     /**
      * Get the identity roles from the current identity, applying some more logic
      *
@@ -70,47 +56,14 @@ public function getIdentity(): ?IdentityInterface
      */
     public function getIdentityRoles(IdentityInterface $identity = null, mixed $context = null): iterable
     {
-        // If no identity is provided, get it from the identity provider
+        // If no identity is provided, get the guest role
         if (null === $identity) {
-            $identity = $this->identityProvider->getIdentity();
-            if (null === $identity) {
-                return $this->convertRoles([$this->guestRole]);
-            }
+            return $this->convertRoles([$this->guestRole]);
         }
 
         return $this->convertRoles($identity->getRoles());
     }
 
-    /**
-     * Check if the given roles match one of the identity's roles
-     * @param string[]|RoleInterface[] $roles
-     * @param IdentityInterface|null $identity
-     * @return bool
-     */
-    public function matchIdentityRoles(array $roles, IdentityInterface $identity = null): bool
-    {
-        // Get the roles for the identity
-        $identityRoles = $this->getIdentityRoles($identity);
-
-        // No roles
-        if (empty($identityRoles)) {
-            return false;
-        }
-
-        $roleNames = [];
-
-        foreach ($roles as $role) {
-            $roleNames[] = $role instanceof RoleInterface ? $role->getName() : $role;
-        }
-
-        foreach ($this->flattenRoles($identityRoles) as $role) {
-            $a[] = $role->getName();
-        }
-        $identityRoles = $a;
-
-        return count(array_intersect($roleNames, $identityRoles)) > 0;
-    }
-
     /**
      * Convert the roles (potentially strings) to concrete RoleInterface objects using role provider
      *
@@ -140,19 +93,4 @@ private function convertRoles(iterable $roles): iterable
 
         return array_merge($collectedRoles, $this->roleProvider->getRoles($toCollect));
     }
-
-    /**
-     * @param RoleInterface[] $roles
-     * @return \Generator
-     */
-    private function flattenRoles(array $roles): \Generator
-    {
-        foreach ($roles as $role) {
-            yield $role;
-
-            if ($role->hasChildren()) {
-                yield from $this->flattenRoles($role->getChildren());
-            }
-        }
-    }
 }

src/Service/RoleServiceFactory.php

@@ -22,9 +22,7 @@
 namespace LmcRbac\Service;
 
 use Laminas\ServiceManager\Exception\ServiceNotCreatedException;
-use LmcRbac\Identity\IdentityProviderInterface;
 use LmcRbac\Options\ModuleOptions;
-use LmcRbac\Service\RoleService;
 use Psr\Container\ContainerInterface;
 
 /**
@@ -48,8 +46,8 @@ public function __invoke(ContainerInterface $container): RoleService
         $roleProviderName = key($roleProvider);
 
         return new RoleService(
-            $container->get($moduleOptions->getIdentityProvider()),
             $container->get($roleProviderName),
-            $moduleOptions->getGuestRole());
+            $moduleOptions->getGuestRole()
+        );
     }
 }

src/Service/RoleServiceInterface.php

@@ -41,19 +41,4 @@ interface RoleServiceInterface
      */
     public function getIdentityRoles(IdentityInterface $identity = null, mixed $context = null): iterable;
 
-    /**
-     * Get the current identity from the identity provider
-     *
-     * @return IdentityInterface|null
-     */
-    public function getIdentity(): ?IdentityInterface;
-
-    /**
-     * Check if the given roles match one of the identity's roles
-     * @param RoleInterface[] $roles
-     * @param IdentityInterface|null $identity
-     * @return bool
-     */
-    public function matchIdentityRoles(array $roles, IdentityInterface $identity = null): bool;
-
 }

test/ConfigProviderTest.php

@@ -38,7 +38,6 @@ public function testProvidesExpectedConfiguration()
                 \LmcRbac\Options\ModuleOptions::class => \LmcRbac\Options\ModuleOptionsFactory::class,
                 \LmcRbac\Role\InMemoryRoleProvider::class => \LmcRbac\Role\InMemoryRoleProviderFactory::class,
                 \LmcRbac\Role\ObjectRepositoryRoleProvider::class => \LmcRbac\Role\ObjectRepositoryRoleProviderFactory::class,
-                \LmcRbac\Identity\AuthenticationIdentityProvider::class => \LmcRbac\Identity\AuthenticationIdentityProviderFactory::class,
                 \LmcRbac\Service\AuthorizationServiceInterface::class => \LmcRbac\Service\AuthorizationServiceFactory::class,
                 \LmcRbac\Service\RoleServiceInterface::class => \LmcRbac\Service\RoleServiceFactory::class,
                 \LmcRbac\Rbac::class => \Laminas\ServiceManager\Factory\InvokableFactory::class,

test/Container/RoleServiceFactoryTest.php

@@ -50,7 +50,7 @@ public function testCanCreateRoleService(): void
             'services' => [
                 ModuleOptions::class => $options,
                 InMemoryRoleProvider::class => new InMemoryRoleProvider([]),
-                \LmcRbac\Identity\AuthenticationIdentityProvider::class => $this->createMock(IdentityProviderInterface::class),
+//                \LmcRbac\Identity\AuthenticationIdentityProvider::class => $this->createMock(IdentityProviderInterface::class),
                 IdentityProviderInterface::class => $this->createMock(IdentityProviderInterface::class),
             ],
         ]);