public function getAclRules(array $roles)
{
$allowedResponse = [];
$deniedResponse = [];
$defaultAllowedRoles = $this->allowedRoles;
$defaultDeniedRoles = $this->deniedRoles;
foreach ($roles as $role) {
/** @var ApiEndpoint $apiEndpoint */
foreach ($this->endpointsByName as $apiEndpoint) {
$rule = null;
if (in_array($role, $defaultAllowedRoles)) {
$rule = true;
}
if (in_array($role, $defaultDeniedRoles)) {
$rule = false;
}
if (in_array($role, $apiEndpoint->getAllowedRoles())) {
$rule = true;
}
if (in_array($role, $apiEndpoint->getDeniedRoles())) {
$rule = false;
}
if ($rule === true) {
$allowedResponse[] = [$role, $this->getIdentifier(), $apiEndpoint->getIdentifier()];
}
if ($rule === false) {
$deniedResponse[] = [$role, $this->getIdentifier(), $apiEndpoint->getIdentifier()];
}
}
}
return [Acl::ALLOW => $allowedResponse, Acl::DENY => $deniedResponse];
}