Basic functionality

app/model/Security/Authenticator/UserAuthenticator.php

@@ -0,0 +1,57 @@
+<?php declare(strict_types = 1);
+
+namespace App\Model\Security\Authenticator;
+
+use App\Model\Database\Entity\User;
+use App\Model\Database\EntityManager;
+use App\Model\Exception\Runtime\AuthenticationException;
+use App\Model\Security\Passwords;
+use Nette\Security\Authenticator;
+use Nette\Security\IIdentity;
+
+final class UserAuthenticator implements Authenticator
+{
+
+	/** @var EntityManager */
+	private $em;
+
+	/** @var Passwords */
+	private $passwords;
+
+	public function __construct(EntityManager $em, Passwords $passwords)
+	{
+		$this->em = $em;
+		$this->passwords = $passwords;
+	}
+
+	/**
+	 * @param string $username
+	 * @param string $password
+	 * @throws AuthenticationException
+	 */
+	public function authenticate(string $username, string $password): IIdentity
+	{
+		$user = $this->em->getUserRepository()->findOneBy(['email' => $username]);
+
+		if (!$user) {
+			throw new AuthenticationException('The username is incorrect.', self::IDENTITY_NOT_FOUND);
+		} elseif (!$user->isActivated()) {
+			throw new AuthenticationException('The user is not active.', self::INVALID_CREDENTIAL);
+		} elseif (!$this->passwords->verify($password, $user->getPasswordHash())) {
+			throw new AuthenticationException('The password is incorrect.', self::INVALID_CREDENTIAL);
+		}
+
+		$user->changeLoggedAt();
+		$this->em->flush();
+
+		return $this->createIdentity($user);
+	}
+
+	protected function createIdentity(User $user): IIdentity
+	{
+		$this->em->flush();
+
+		return $user->toIdentity();
+	}
+
+}

app/model/Security/Authorizator/StaticAuthorizator.php

@@ -0,0 +1,47 @@
+<?php declare(strict_types = 1);
+
+namespace App\Model\Security\Authorizator;
+
+use App\Model\Database\Entity\User;
+use Nette\Security\Permission;
+
+final class StaticAuthorizator extends Permission
+{
+
+	/**
+	 * Create ACL
+	 */
+	public function __construct()
+	{
+		$this->addRoles();
+		$this->addResources();
+		$this->addPermissions();
+	}
+
+	/**
+	 * Setup roles
+	 */
+	protected function addRoles(): void
+	{
+		$this->addRole(User::ROLE_ADMIN);
+	}
+
+	/**
+	 * Setup resources
+	 */
+	protected function addResources(): void
+	{
+		$this->addResource('Admin:Home');
+	}
+
+	/**
+	 * Setup ACL
+	 */
+	protected function addPermissions(): void
+	{
+		$this->allow(User::ROLE_ADMIN, [
+			'Admin:Home',
+		]);
+	}
+
+}

app/model/Security/Identity.php

@@ -0,0 +1,15 @@
+<?php declare(strict_types = 1);
+
+namespace App\Model\Security;
+
+use Nette\Security\SimpleIdentity as NetteIdentity;
+
+class Identity extends NetteIdentity
+{
+
+	public function getFullname(): string
+	{
+		return sprintf('%s %s', $this->data['name'] ?? '', $this->data['surname'] ?? '');
+	}
+
+}

app/model/Security/Passwords.php

@@ -0,0 +1,15 @@
+<?php declare(strict_types = 1);
+
+namespace App\Model\Security;
+
+use Nette\Security\Passwords as NettePasswords;
+
+final class Passwords extends NettePasswords
+{
+
+	public static function create(): Passwords
+	{
+		return new Passwords();
+	}
+
+}

app/model/Security/SecurityUser.php

@@ -0,0 +1,19 @@
+<?php declare(strict_types = 1);
+
+namespace App\Model\Security;
+
+use App\Model\Database\Entity\User;
+use Nette\Security\User as NetteUser;
+
+/**
+ * @method Identity getIdentity()
+ */
+final class SecurityUser extends NetteUser
+{
+
+	public function isAdmin(): bool
+	{
+		return $this->isInRole(User::ROLE_ADMIN);
+	}
+
+}