|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* User: Simon Libaud |
|
4
|
|
|
* Date: 19/03/2017 |
|
5
|
|
|
* Email: [email protected]. |
|
6
|
|
|
*/ |
|
7
|
|
|
namespace Sil\RouteSecurityBundle\Security; |
|
8
|
|
|
|
|
9
|
|
|
use Sil\RouteSecurityBundle\Exception\LogicException; |
|
10
|
|
|
use Sil\RouteSecurityBundle\Interfaces\NamingStrategyInterface; |
|
11
|
|
|
use Symfony\Component\Routing\RouterInterface; |
|
12
|
|
|
use Symfony\Component\Security\Core\User\UserInterface; |
|
13
|
|
|
|
|
14
|
|
|
/** |
|
15
|
|
|
* Class AccessControl. |
|
16
|
|
|
*/ |
|
17
|
|
|
class AccessControl |
|
18
|
|
|
{ |
|
19
|
|
|
private $router; |
|
20
|
|
|
private $routeToRoleConverter; |
|
21
|
|
|
private $is_access_control_enable; |
|
22
|
|
|
private $secured_routes; |
|
23
|
|
|
private $secured_routes_format; |
|
24
|
|
|
private $ignored_routes; |
|
25
|
|
|
private $ignored_routes_format; |
|
26
|
|
|
|
|
27
|
5 |
|
public function __construct(RouterInterface $router, NamingStrategyInterface $routeToRoleConverter, $configuration) |
|
28
|
|
|
{ |
|
29
|
5 |
|
$this->router = $router; |
|
30
|
5 |
|
$this->routeToRoleConverter = $routeToRoleConverter; |
|
31
|
|
|
|
|
32
|
5 |
|
$this->is_access_control_enable = $configuration['enable_access_control']; |
|
33
|
5 |
|
$this->secured_routes = $configuration['secured_routes']; |
|
34
|
5 |
|
$this->secured_routes_format = $configuration['secured_routes_format']; |
|
35
|
5 |
|
$this->ignored_routes = $configuration['ignored_routes']; |
|
36
|
5 |
|
$this->ignored_routes_format = $configuration['ignored_routes_format']; |
|
37
|
5 |
|
} |
|
38
|
|
|
|
|
39
|
|
|
/** |
|
40
|
|
|
* Verify if user has access to a specific route. |
|
41
|
|
|
* |
|
42
|
|
|
* @param UserInterface $user |
|
43
|
|
|
* @param string $route |
|
44
|
|
|
* |
|
45
|
|
|
* @return bool |
|
46
|
|
|
*/ |
|
47
|
3 |
|
public function hasUserAccessToRoute(UserInterface $user, $route) |
|
48
|
|
|
{ |
|
49
|
3 |
|
if (false === $this->is_access_control_enable || false === $this->isRouteSecure($route)) { |
|
50
|
3 |
|
return true; |
|
51
|
|
|
} |
|
52
|
|
|
|
|
53
|
3 |
|
$role = $this->routeToRoleConverter->generateRoleForRoute($route); |
|
54
|
|
|
|
|
55
|
3 |
|
return in_array($role, $user->getRoles()); |
|
56
|
|
|
} |
|
57
|
|
|
|
|
58
|
|
|
/** |
|
59
|
|
|
* Verify if user has access to all routes. |
|
60
|
|
|
* |
|
61
|
|
|
* @param UserInterface $user |
|
62
|
|
|
* @param array $routes |
|
63
|
|
|
* |
|
64
|
|
|
* @return bool |
|
65
|
|
|
*/ |
|
66
|
1 |
View Code Duplication |
public function hasUserAccessToRoutes(UserInterface $user, $routes) |
|
|
|
|
|
|
67
|
|
|
{ |
|
68
|
1 |
|
foreach ($routes as $route) { |
|
69
|
1 |
|
if (false === $this->hasUserAccessToRoute($user, $route)) { |
|
70
|
1 |
|
return false; |
|
71
|
|
|
} |
|
72
|
1 |
|
} |
|
73
|
|
|
|
|
74
|
1 |
|
return true; |
|
75
|
|
|
} |
|
76
|
|
|
|
|
77
|
|
|
/** |
|
78
|
|
|
* Verify if user has access to one of routes. |
|
79
|
|
|
* |
|
80
|
|
|
* @param UserInterface $user |
|
81
|
|
|
* @param $routes |
|
82
|
|
|
* |
|
83
|
|
|
* @return bool |
|
84
|
|
|
*/ |
|
85
|
1 |
View Code Duplication |
public function hasUserAccessAtLeastOneRoute(UserInterface $user, $routes) |
|
|
|
|
|
|
86
|
|
|
{ |
|
87
|
1 |
|
foreach ($routes as $route) { |
|
88
|
1 |
|
if (true === $this->hasUserAccessToRoute($user, $route)) { |
|
89
|
1 |
|
return true; |
|
90
|
|
|
} |
|
91
|
1 |
|
} |
|
92
|
|
|
|
|
93
|
1 |
|
return false; |
|
94
|
|
|
} |
|
95
|
|
|
|
|
96
|
|
|
/** |
|
97
|
|
|
* Check if the given route is manage by the bundle depending of the configuration. |
|
98
|
|
|
* |
|
99
|
|
|
* @param string $route |
|
100
|
|
|
* |
|
101
|
|
|
* @return bool |
|
102
|
|
|
*/ |
|
103
|
4 |
|
public function isRouteSecure($route) |
|
104
|
|
|
{ |
|
105
|
4 |
|
$all_secured_routes = []; |
|
106
|
4 |
|
$configured_routes = array_keys($this->router->getRouteCollection()->all()); |
|
107
|
|
|
|
|
108
|
4 |
|
if (false === in_array($route, $configured_routes)) { |
|
109
|
1 |
|
throw new LogicException(sprintf('The route %s is not defined in your routing.', $route)); |
|
110
|
|
|
} |
|
111
|
|
|
|
|
112
|
4 |
|
foreach ($configured_routes as $configured_route) { |
|
113
|
|
|
|
|
114
|
|
|
// Ignored routes |
|
115
|
4 |
|
if (in_array($configured_route, $this->ignored_routes)) { |
|
116
|
4 |
|
continue; |
|
117
|
|
|
} |
|
118
|
|
|
|
|
119
|
|
|
// Ignored routes format |
|
120
|
4 |
|
if (null !== $this->ignored_routes_format && 1 === preg_match($this->ignored_routes_format, $configured_route)) { |
|
121
|
4 |
|
continue; |
|
122
|
|
|
} |
|
123
|
|
|
|
|
124
|
|
|
// Secured routes |
|
125
|
4 |
|
if (true === in_array($configured_route, $this->secured_routes)) { |
|
126
|
4 |
|
$all_secured_routes[] = $configured_route; |
|
127
|
4 |
|
continue; |
|
128
|
|
|
} |
|
129
|
|
|
|
|
130
|
|
|
// Secured routes format |
|
131
|
4 |
|
if (null !== $this->secured_routes_format && 1 === preg_match($this->secured_routes_format, $configured_route)) { |
|
132
|
4 |
|
$all_secured_routes[] = $configured_route; |
|
133
|
4 |
|
continue; |
|
134
|
|
|
} |
|
135
|
4 |
|
} |
|
136
|
|
|
|
|
137
|
4 |
|
return in_array($route, $all_secured_routes); |
|
138
|
|
|
} |
|
139
|
|
|
|
|
140
|
|
|
/** |
|
141
|
|
|
* @return bool |
|
142
|
|
|
*/ |
|
143
|
1 |
|
public function isEnable() |
|
144
|
|
|
{ |
|
145
|
1 |
|
return $this->is_access_control_enable; |
|
146
|
|
|
} |
|
147
|
|
|
} |
|
148
|
|
|
|
SimLibaud /
SilRouteSecurityBundle
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.