ZfcRbac assertion example using factories

CanEditContractAssertion.php

<?php

namespace Application\Assertions;

use ZfcRbac\Assertion\AssertionInterface;
use ZfcRbac\Service\AuthorizationService;

class CanEditContractAssertion implements AssertionInterface
{
    /**
     * Check if this assertion is true
     *
     * @param  AuthorizationService $authorization
     * @param  mixed                $contract
     *
     * @return bool
     */
    public function assert(AuthorizationService $authorization, $contract = null)
    {
//     	echo $authorization->getIdentity()->getId();
//     	echo $contract->getProjectManager()->getId();
    	if ($authorization->getIdentity() === $contract->getProjectManager()) {
    		return true;
    	}

    	return $authorization->isGranted('contract.edit.all');
    	#return $authorization->isGranted('contract.edit');
    }
}

ContractController.php

<?php
namespace Application\Controller;

use Zend\Mvc\Controller\AbstractActionController;
use Zend\View\Model\ViewModel;

use Application\Service\ContractService;

class ContractController extends AbstractActionController
{
    protected $contractService;

    public function __construct(ContractService $contractService)
    {
        $this->contractService = $contractService;
    }

    public function editAction()
    {
        $id = (int) $this->params('id');
        if (!$id) {
            return $this->redirect()->toRoute('contract', array('action'=>'list'));
        }

    	$this->contractService->editContract($id);
    }
}

ContractService.php

<?php

namespace Application\Service;

use Doctrine\Common\Persistence\ObjectManager;

use ZfcRbac\Service\AuthorizationService;
use ZfcRbac\Exception\UnauthorizedException;

class ContractService
{
    protected $objectManager;

    protected $authorizationService;

    public function __construct(
        ObjectManager        $objectManager,
        AuthorizationService $autorizationService
    ) {
        $this->objectManager        = $objectManager;
        $this->authorizationService = $autorizationService;
    }

    public function editContract($id)
    {
    	$contract = $this->objectManager->find('Application\Entity\Contract', $id);

	$rbac = $this->authorizationService;

	if (!$this->authorizationService->isGranted('contract.edit', $contract)) {
            throw new UnauthorizedException('You are not allowed !');
        }
    }
}

Module.php

<?php
namespace Application;
 
use Application\Service\ContractService as ContractService;
use Application\Controller\ContractController as ContractController;
 
class Module
{
    public function getServiceConfig()
    {
        return [
            'factories' => [
                 'ContractService' => function($sm) {
                     return new ContractService(
                         $sm->get('doctrine.entitymanager.orm_default'),
                         $sm->get('ZfcRbac\Service\AuthorizationService')
                     );
                 }
            ]
        ];
    }
 
    public function getControllerConfig()
    {
        return [
            'factories' => [
       		'Application\Controller\Contract' => function($cpm) {
                     return new ContractController(
                          $cpm->getServiceLocator()->get('ContractService')
                     );
                 }
            ]
        ];
    }
}

zfc_rbac.global.php

<?php

return [
    'zfc_rbac' => [
        'assertion_map' => [
	    'contract.edit' => 'Application\Assertions\CanEditContractAssertion' // don't use same name es role_provider permission
        ],
        'role_provider' => [
	    'ZfcRbac\Role\InMemoryRoleProvider' => [
	        'admin' => [
		    'children' => ['user'],
		    'permissions' => [
		        'contract.edit.all',
			'admin'
		    ],
		],
		'user' => [
		    'children' => ['guest'], // OPTIONAL
 		    'permissions' => [
			'contract.list',
			'contract.add',
			'contract.edit',
	    	    ]
		]
	    ]
        ],
    ]
];

I didn't find any problem on quick look.