1 | <?php |
||
2 | /** |
||
3 | * User: Simon Libaud |
||
4 | * Date: 19/03/2017 |
||
5 | * Email: [email protected] |
||
6 | */ |
||
7 | |||
8 | namespace Sil\RouteSecurityBundle\Security; |
||
9 | |||
10 | use Sil\RouteSecurityBundle\Interfaces\NamingStrategyInterface; |
||
11 | use Symfony\Component\Routing\RouterInterface; |
||
12 | use Symfony\Component\Security\Core\User\UserInterface; |
||
13 | |||
14 | /** |
||
15 | * Class AccessControl |
||
16 | * @package Sil\RouteSecurityBundl\Security |
||
17 | */ |
||
18 | class AccessControl |
||
19 | { |
||
20 | |||
21 | private $router; |
||
22 | private $routeToRoleConverter; |
||
23 | private $is_access_control_enable; |
||
24 | private $secured_routes; |
||
25 | private $secured_routes_format; |
||
26 | private $ignored_routes; |
||
27 | private $ignored_routes_format; |
||
28 | |||
29 | public function __construct(RouterInterface $router, NamingStrategyInterface $routeToRoleConverter, $configuration) |
||
30 | { |
||
31 | $this->router = $router; |
||
32 | $this->routeToRoleConverter = $routeToRoleConverter; |
||
33 | |||
34 | $this->is_access_control_enable = $configuration['enable_access_control']; |
||
35 | $this->secured_routes = $configuration['secured_routes']; |
||
36 | $this->secured_routes_format = $configuration['secured_routes_format']; |
||
37 | $this->ignored_routes = $configuration['ignored_routes']; |
||
38 | $this->ignored_routes_format = $configuration['ignored_routes_format']; |
||
39 | } |
||
40 | |||
41 | /** |
||
42 | * Verify if user has access to a specific route |
||
43 | * |
||
44 | * @param UserInterface $user |
||
45 | * @param string $route |
||
46 | * @return bool |
||
47 | */ |
||
48 | public function hasUserAccessToRoute(UserInterface $user, $route) |
||
49 | { |
||
50 | if (false === $this->is_access_control_enable || false === $this->isRouteSecure($route)) { |
||
51 | return true; |
||
52 | } |
||
53 | |||
54 | $role = $this->routeToRoleConverter->generateRoleForRoute($route); |
||
55 | return in_array($role, $user->getRoles()); |
||
56 | } |
||
57 | |||
58 | /** |
||
59 | * Verify if user has access to all routes |
||
60 | * |
||
61 | * @param UserInterface $user |
||
62 | * @param array $routes |
||
63 | * @return bool |
||
64 | */ |
||
65 | View Code Duplication | public function hasUserAccessToRoutes(UserInterface $user, $routes) |
|
66 | { |
||
67 | foreach ($routes as $route) { |
||
68 | if (false === $this->hasUserAccessToRoute($user, $route)) { |
||
69 | return false; |
||
70 | } |
||
71 | } |
||
72 | |||
73 | return true; |
||
74 | } |
||
75 | |||
76 | /** |
||
77 | * Verify if user has access to one of routes |
||
78 | * |
||
79 | * @param UserInterface $user |
||
80 | * @param $routes |
||
81 | * @return bool |
||
82 | */ |
||
83 | View Code Duplication | public function hasUserAccessAtLeastOneRoute(UserInterface $user, $routes) |
|
84 | { |
||
85 | foreach ($routes as $route) { |
||
86 | if (true === $this->hasUserAccessToRoute($user, $route)) { |
||
87 | return true; |
||
88 | } |
||
89 | } |
||
90 | |||
91 | return false; |
||
92 | } |
||
93 | |||
94 | |||
95 | /** |
||
96 | * Check if the given route is manage by the bundle depending of the configuration |
||
97 | * |
||
98 | * @param string $route |
||
99 | * @return bool |
||
100 | */ |
||
101 | public function isRouteSecure($route) |
||
102 | { |
||
103 | return in_array($route, $this->getSecuredRoutes()); |
||
104 | } |
||
105 | |||
106 | /** |
||
107 | * Return the secured routes depending of the bundle configuration |
||
108 | * |
||
109 | * @return array $secured_routes |
||
110 | */ |
||
111 | public function getSecuredRoutes() |
||
112 | { |
||
113 | $configured_routes = array_keys($this->router->getRouteCollection()->all()); |
||
114 | $secured_routes = []; |
||
115 | |||
116 | foreach ($configured_routes as $route) { |
||
117 | |||
118 | // Ignored routes |
||
119 | if (in_array($route, $this->ignored_routes)) { |
||
120 | continue; |
||
121 | } |
||
122 | |||
123 | // Ignored routes format |
||
124 | if (null !== $this->ignored_routes_format && true == preg_match($this->ignored_routes_format, $route)) { |
||
0 ignored issues
–
show
Bug
Best Practice
introduced
by
Loading history...
|
|||
125 | continue; |
||
126 | } |
||
127 | |||
128 | // Secured routes |
||
129 | if (true === in_array($route, $this->secured_routes)) { |
||
130 | $secured_routes[] = $route; |
||
131 | continue; |
||
132 | } |
||
133 | |||
134 | // Secured routes format |
||
135 | if (null !== $this->secured_routes_format && true == preg_match($this->secured_routes_format, $route)) { |
||
0 ignored issues
–
show
|
|||
136 | $secured_routes[] = $route; |
||
137 | continue; |
||
138 | } |
||
139 | } |
||
140 | |||
141 | return $secured_routes; |
||
142 | } |
||
143 | |||
144 | /** |
||
145 | * @return bool |
||
146 | */ |
||
147 | public function isEnable() |
||
148 | { |
||
149 | return $this->is_access_control_enable; |
||
150 | } |
||
151 | |||
152 | } |