public function hasAccess($publicKey, $resource, $user = null)
{
$accessList = $this->getAccessListForPublicKey($publicKey) ?: [];
foreach ($accessList as $acl) {
// If the group specified has not been defined, throw an exception to help the user
if (!isset($acl['users'])) {
throw new InvalidArgumentException('Missing property "users" in access rule', 500);
}
// If a user is specified, ensure the public key has access to the user
$userAccess = !$user || $acl['users'] === '*' || in_array($user, $acl['users']);
if (!$userAccess) {
continue;
}
// Figure out which resources the public key has access to, based on group or
// explicit definition
$resources = isset($acl['resources']) ? $acl['resources'] : [];
$group = isset($acl['group']) ? $acl['group'] : false;
// If we the rule contains a group, get resource from it
if ($group) {
$resources = $this->getGroup($group);
// If the group has not been defined, throw an exception to help debug the problem
if ($resources === false) {
throw new InvalidArgumentException('Group "' . $group . '" is not defined', 500);
}
}
if (in_array($resource, $resources)) {
return true;
}
}
return false;
}