private function validateRule(EventInterface $event, array $rule)
{
$acl = $event->getAccessControl();
$allowedProperties = ['resources', 'group', 'users'];
$unknownProperties = array_diff(array_keys($rule), $allowedProperties);
if (!empty($unknownProperties)) {
throw new RuntimeException('Found unknown properties in rule: [' . implode(', ', $unknownProperties) . ']', 400);
}
if (isset($rule['resources']) && isset($rule['group'])) {
throw new RuntimeException('Both resources and group found in rule', 400);
}
if (!isset($rule['resources']) && !isset($rule['group'])) {
throw new RuntimeException('Neither group nor resources found in rule', 400);
}
if (isset($rule['resources']) && !$this->isStringArray($rule['resources'])) {
throw new RuntimeException('Illegal value in resources array. String array expected', 400);
}
if (isset($rule['group'])) {
if (!is_string($rule['group'])) {
throw new RuntimeException('Group must be specified as a string value', 400);
}
if (!$acl->getGroup($rule['group'])) {
throw new RuntimeException('Group \'' . $rule['group'] . '\' does not exist', 400);
}
}
if (!isset($rule['users'])) {
throw new RuntimeException('Users not specified in rule', 400);
}
if ($rule['users'] !== '*' && !$this->isStringArray($rule['users'])) {
throw new RuntimeException('Illegal value for users property. Allowed: \'*\' or array with users', 400);
}
}