|
@@ 145-148 (lines=4) @@
|
| 142 |
|
$this->dispatchSwitchUserEvent($request, $token); |
| 143 |
|
return $originalToken; |
| 144 |
|
} |
| 145 |
|
} elseif (false === $this->accessDecisionManager->decide($token, [$this->role])) { |
| 146 |
|
$this->log(sprintf('Token has no right to impersonate "%s", access denied: %s', $username, $originalToken)); |
| 147 |
|
throw new AccessDeniedException(sprintf('Token has no right to impersonate "%s", access denied: %s', $username, $originalToken)); |
| 148 |
|
} |
| 149 |
|
|
| 150 |
|
$this->log(sprintf('Attempting to impersonate "%s"', $username)); |
| 151 |
|
|
|
@@ 136-139 (lines=4) @@
|
| 133 |
|
if (false !== $originalToken) { |
| 134 |
|
$this->log(sprintf('Original token found: %s', $originalToken)); |
| 135 |
|
// User is impersonating someone, they are trying to switch directly to another user, make sure original user has access. |
| 136 |
|
if (false === $this->accessDecisionManager->decide($originalToken, [$this->role])) { |
| 137 |
|
$this->log(sprintf('Original token has no right to impersonate "%s", access denied: %s', $username, $originalToken)); |
| 138 |
|
throw new AccessDeniedException(sprintf('Original token has no right to impersonate "%s", access denied: %s', $username, $originalToken)); |
| 139 |
|
} |
| 140 |
|
if ($originalToken->getUsername() === $username) { |
| 141 |
|
$this->log(sprintf('Original token is already for "%s", switching to original token: %s', $username, $originalToken)); |
| 142 |
|
$this->dispatchSwitchUserEvent($request, $token); |
MetalArend /
authentication-bundle
