constants are PascalCase

Author: dg

readme.md

@@ -305,7 +305,7 @@ $acl->allow('guest', 'poll', 'vote');
 $acl->allow('registered', 'comment', 'add');
 
 // the administrator can view and edit anything
-$acl->allow('administrator', $acl::ALL, ['view', 'edit', 'add']);
+$acl->allow('administrator', $acl::All, ['view', 'edit', 'add']);
 ```
 
 What if we want to **prevent** someone from accessing a resource?

src/Bridges/SecurityHttp/CookieStorage.php

@@ -21,7 +21,7 @@ final class CookieStorage implements Nette\Security\UserStorage
 {
 	use Nette\SmartObject;
 
-	private const MIN_LENGTH = 13;
+	private const MinLength = 13;
 
 	/** @var Http\IRequest */
 	private $request;
@@ -55,7 +55,7 @@ public function __construct(Http\IRequest $request, Http\IResponse $response)
 	public function saveAuthentication(IIdentity $identity): void
 	{
 		$uid = (string) $identity->getId();
-		if (strlen($uid) < self::MIN_LENGTH) {
+		if (strlen($uid) < self::MinLength) {
 			throw new \LogicException('UID is too short.');
 		}
 
@@ -84,7 +84,7 @@ public function getState(): array
 	{
 		if ($this->uid === null) {
 			$uid = $this->request->getCookie($this->cookieName);
-			$this->uid = is_string($uid) && strlen($uid) >= self::MIN_LENGTH ? $uid : '';
+			$this->uid = is_string($uid) && strlen($uid) >= self::MinLength ? $uid : '';
 		}
 
 		return $this->uid

src/Bridges/SecurityHttp/SessionStorage.php

@@ -62,7 +62,7 @@ public function clearAuthentication(bool $clearIdentity): void
 	{
 		$section = $this->getSessionSection();
 		$section->set('authenticated', false);
-		$section->set('reason', self::LOGOUT_MANUAL);
+		$section->set('reason', self::LogoutManual);
 		$section->set('authTime', null);
 		if ($clearIdentity === true) {
 			$section->set('identity', null);
@@ -149,7 +149,7 @@ protected function getSessionSection(): ?SessionSection
 
 		if ($section->get('authenticated') && $section->get('expireDelta') > 0) { // check time expiration
 			if ($section->get('expireTime') < time()) {
-				$section->set('reason', self::LOGOUT_INACTIVITY);
+				$section->set('reason', self::LogoutInactivity);
 				$section->set('authenticated', false);
 				if ($section->get('expireIdentity')) {
 					$section->remove('identity');

src/Security/Authenticator.php

@@ -15,6 +15,13 @@
  */
 interface Authenticator extends IAuthenticator
 {
+	/** Exception error code */
+	public const
+		IdentityNotFound = 1,
+		InvalidCredential = 2,
+		Failure = 3,
+		NotApproved = 4;
+
 	/**
 	 * Performs an authentication.
 	 * @throws AuthenticationException

src/Security/Authorizator.php

@@ -17,13 +17,18 @@
 interface Authorizator
 {
 	/** Set type: all */
-	public const ALL = null;
+	public const All = null;
 
 	/** Permission type: allow */
-	public const ALLOW = true;
+	public const Allow = true;
 
 	/** Permission type: deny */
-	public const DENY = false;
+	public const Deny = false;
+
+	/** Deprecated */
+	public const ALL = self::All;
+	public const ALLOW = self::Allow;
+	public const DENY = self::Deny;
 
 	/**
 	 * Performs a role-based authorization.

src/Security/Permission.php

@@ -32,7 +32,7 @@ class Permission implements Authorizator
 		'allResources' => [
 			'allRoles' => [
 				'allPrivileges' => [
-					'type' => self::DENY,
+					'type' => self::Deny,
 					'assert' => null,
 				],
 				'byPrivilege' => [],
@@ -388,12 +388,12 @@ public function removeAllResources()
 	 * @return static
 	 */
 	public function allow(
-		$roles = self::ALL,
-		$resources = self::ALL,
-		$privileges = self::ALL,
+		$roles = self::All,
+		$resources = self::All,
+		$privileges = self::All,
 		?callable $assertion = null,
 	) {
-		$this->setRule(true, self::ALLOW, $roles, $resources, $privileges, $assertion);
+		$this->setRule(true, self::Allow, $roles, $resources, $privileges, $assertion);
 		return $this;
 	}
 
@@ -408,12 +408,12 @@ public function allow(
 	 * @return static
 	 */
 	public function deny(
-		$roles = self::ALL,
-		$resources = self::ALL,
-		$privileges = self::ALL,
+		$roles = self::All,
+		$resources = self::All,
+		$privileges = self::All,
 		?callable $assertion = null,
 	) {
-		$this->setRule(true, self::DENY, $roles, $resources, $privileges, $assertion);
+		$this->setRule(true, self::Deny, $roles, $resources, $privileges, $assertion);
 		return $this;
 	}
 
@@ -426,9 +426,9 @@ public function deny(
 	 * @param  string|string[]|null  $privileges
 	 * @return static
 	 */
-	public function removeAllow($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL)
+	public function removeAllow($roles = self::All, $resources = self::All, $privileges = self::All)
 	{
-		$this->setRule(false, self::ALLOW, $roles, $resources, $privileges);
+		$this->setRule(false, self::Allow, $roles, $resources, $privileges);
 		return $this;
 	}
 
@@ -441,9 +441,9 @@ public function removeAllow($roles = self::ALL, $resources = self::ALL, $privile
 	 * @param  string|string[]|null  $privileges
 	 * @return static
 	 */
-	public function removeDeny($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL)
+	public function removeDeny($roles = self::All, $resources = self::All, $privileges = self::All)
 	{
-		$this->setRule(false, self::DENY, $roles, $resources, $privileges);
+		$this->setRule(false, self::Deny, $roles, $resources, $privileges);
 		return $this;
 	}
 
@@ -459,8 +459,8 @@ public function removeDeny($roles = self::ALL, $resources = self::ALL, $privileg
 	protected function setRule(bool $toAdd, bool $type, $roles, $resources, $privileges, ?callable $assertion = null)
 	{
 		// ensure that all specified Roles exist; normalize input to array of Roles or null
-		if ($roles === self::ALL) {
-			$roles = [self::ALL];
+		if ($roles === self::All) {
+			$roles = [self::All];
 
 		} else {
 			if (!is_array($roles)) {
@@ -473,8 +473,8 @@ protected function setRule(bool $toAdd, bool $type, $roles, $resources, $privile
 		}
 
 		// ensure that all specified Resources exist; normalize input to array of Resources or null
-		if ($resources === self::ALL) {
-			$resources = [self::ALL];
+		if ($resources === self::All) {
+			$resources = [self::All];
 
 		} else {
 			if (!is_array($resources)) {
@@ -487,7 +487,7 @@ protected function setRule(bool $toAdd, bool $type, $roles, $resources, $privile
 		}
 
 		// normalize privileges to array
-		if ($privileges === self::ALL) {
+		if ($privileges === self::All) {
 			$privileges = [];
 
 		} elseif (!is_array($privileges)) {
@@ -521,11 +521,11 @@ protected function setRule(bool $toAdd, bool $type, $roles, $resources, $privile
 					}
 
 					if (count($privileges) === 0) {
-						if ($resource === self::ALL && $role === self::ALL) {
+						if ($resource === self::All && $role === self::All) {
 							if ($type === $rules['allPrivileges']['type']) {
 								$rules = [
 									'allPrivileges' => [
-										'type' => self::DENY,
+										'type' => self::Deny,
 										'assert' => null,
 									],
 									'byPrivilege' => [],
@@ -571,10 +571,10 @@ protected function setRule(bool $toAdd, bool $type, $roles, $resources, $privile
 	 * @param  string|null  $privilege
 	 * @throws Nette\InvalidStateException
 	 */
-	public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL): bool
+	public function isAllowed($role = self::All, $resource = self::All, $privilege = self::All): bool
 	{
 		$this->queriedRole = $role;
-		if ($role !== self::ALL) {
+		if ($role !== self::All) {
 			if ($role instanceof Role) {
 				$role = $role->getRoleId();
 			}
@@ -583,7 +583,7 @@ public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege =
 		}
 
 		$this->queriedResource = $resource;
-		if ($resource !== self::ALL) {
+		if ($resource !== self::All) {
 			if ($resource instanceof Resource) {
 				$resource = $resource->getResourceId();
 			}
@@ -595,15 +595,15 @@ public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege =
 			// depth-first search on $role if it is not 'allRoles' pseudo-parent
 			if (
 				$role !== null
-				&& ($result = $this->searchRolePrivileges($privilege === self::ALL, $role, $resource, $privilege)) !== null
+				&& ($result = $this->searchRolePrivileges($privilege === self::All, $role, $resource, $privilege)) !== null
 			) {
 				break;
 			}
 
-			if ($privilege === self::ALL) {
-				if ($rules = $this->getRules($resource, self::ALL)) { // look for rule on 'allRoles' psuedo-parent
+			if ($privilege === self::All) {
+				if ($rules = $this->getRules($resource, self::All)) { // look for rule on 'allRoles' psuedo-parent
 					foreach ($rules['byPrivilege'] as $privilege => $rule) {
-						if (($result = $this->getRuleType($resource, null, $privilege)) === self::DENY) {
+						if (($result = $this->getRuleType($resource, null, $privilege)) === self::Deny) {
 							break 2;
 						}
 					}
@@ -670,8 +670,8 @@ private function searchRolePrivileges(bool $all, $role, $resource, $privilege)
 			if ($all) {
 				if ($rules = $this->getRules($resource, $role)) {
 					foreach ($rules['byPrivilege'] as $privilege2 => $rule) {
-						if ($this->getRuleType($resource, $role, $privilege2) === self::DENY) {
-							return self::DENY;
+						if ($this->getRuleType($resource, $role, $privilege2) === self::Deny) {
+							return self::Deny;
 						}
 					}
 
@@ -711,7 +711,7 @@ private function getRuleType($resource, $role, $privilege): ?bool
 			return null;
 		}
 
-		if ($privilege === self::ALL) {
+		if ($privilege === self::All) {
 			if (isset($rules['allPrivileges'])) {
 				$rule = $rules['allPrivileges'];
 			} else {
@@ -727,14 +727,14 @@ private function getRuleType($resource, $role, $privilege): ?bool
 		if ($rule['assert'] === null || $rule['assert']($this, $role, $resource, $privilege)) {
 			return $rule['type'];
 
-		} elseif ($resource !== self::ALL || $role !== self::ALL || $privilege !== self::ALL) {
+		} elseif ($resource !== self::All || $role !== self::All || $privilege !== self::All) {
 			return null;
 
-		} elseif ($rule['type'] === self::ALLOW) {
-			return self::DENY;
+		} elseif ($rule['type'] === self::Allow) {
+			return self::Deny;
 
 		} else {
-			return self::ALLOW;
+			return self::Allow;
 		}
 	}
 
@@ -748,7 +748,7 @@ private function getRuleType($resource, $role, $privilege): ?bool
 	private function &getRules($resource, $role, bool $create = false): ?array
 	{
 		$null = null;
-		if ($resource === self::ALL) {
+		if ($resource === self::All) {
 			$visitor = &$this->rules['allResources'];
 		} else {
 			if (!isset($this->rules['byResource'][$resource])) {
@@ -762,7 +762,7 @@ private function &getRules($resource, $role, bool $create = false): ?array
 			$visitor = &$this->rules['byResource'][$resource];
 		}
 
-		if ($role === self::ALL) {
+		if ($role === self::All) {
 			if (!isset($visitor['allRoles'])) {
 				if (!$create) {
 					return $null;

src/Security/SimpleAuthenticator.php

@@ -54,12 +54,12 @@ public function authenticate(string $username, string $password): IIdentity
 				if ($this->verifyPassword($password, $pass)) {
 					return new SimpleIdentity($name, $this->roles[$name] ?? null, $this->data[$name] ?? []);
 				} else {
-					throw new AuthenticationException('Invalid password.', self::INVALID_CREDENTIAL);
+					throw new AuthenticationException('Invalid password.', self::InvalidCredential);
 				}
 			}
 		}
 
-		throw new AuthenticationException("User '$username' not found.", self::IDENTITY_NOT_FOUND);
+		throw new AuthenticationException("User '$username' not found.", self::IdentityNotFound);
 	}
 
 

src/Security/User.php

@@ -35,8 +35,12 @@ class User
 
 	/** Log-out reason */
 	public const
-		LOGOUT_MANUAL = UserStorage::LOGOUT_MANUAL,
-		LOGOUT_INACTIVITY = UserStorage::LOGOUT_INACTIVITY;
+		LogoutManual = UserStorage::LogoutManual,
+		LogoutInactivity = UserStorage::LogoutInactivity;
+
+	/** Deprecated */
+	public const LOGOUT_MANUAL = self::LogoutManual;
+	public const LOGOUT_INACTIVITY = self::LogoutInactivity;
 
 	/** @var string  default role for unauthenticated user */
 	public $guestRole = 'guest';
@@ -335,7 +339,7 @@ final public function isInRole(string $role): bool
 	 * Has a user effective access to the Resource?
 	 * If $resource is null, then the query applies to all resources.
 	 */
-	public function isAllowed($resource = Authorizator::ALL, $privilege = Authorizator::ALL): bool
+	public function isAllowed($resource = Authorizator::All, $privilege = Authorizator::All): bool
 	{
 		foreach ($this->getRoles() as $role) {
 			if ($this->getAuthorizator()->isAllowed($role, $resource, $privilege)) {

src/Security/UserStorage.php

@@ -17,8 +17,12 @@ interface UserStorage
 {
 	/** Log-out reason */
 	public const
-		LOGOUT_MANUAL = 1,
-		LOGOUT_INACTIVITY = 2;
+		LogoutManual = 1,
+		LogoutInactivity = 2;
+
+	/** Deprecated */
+	public const LOGOUT_MANUAL = self::LogoutManual;
+	public const LOGOUT_INACTIVITY = self::LogoutInactivity;
 
 	/**
 	 * Sets the authenticated state of user.

tests/Security/User.authentication.phpt

@@ -24,10 +24,10 @@ class Authenticator implements Nette\Security\Authenticator
 	public function authenticate(string $username, string $password): IIdentity
 	{
 		if ($username !== 'john') {
-			throw new Nette\Security\AuthenticationException('Unknown user', self::IDENTITY_NOT_FOUND);
+			throw new Nette\Security\AuthenticationException('Unknown user', self::IdentityNotFound);
 
 		} elseif ($password !== 'xxx') {
-			throw new Nette\Security\AuthenticationException('Password not match', self::INVALID_CREDENTIAL);
+			throw new Nette\Security\AuthenticationException('Password not match', self::InvalidCredential);
 
 		} else {
 			return new SimpleIdentity('John Doe', 'admin');