1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
declare(strict_types=1); |
4
|
|
|
|
5
|
|
|
/* |
6
|
|
|
* This file is part of Symplify |
7
|
|
|
* Copyright (c) 2016 Tomas Votruba (http://tomasvotruba.cz). |
8
|
|
|
*/ |
9
|
|
|
|
10
|
|
|
namespace Symplify\ControllerAutowire\Controller\Security; |
11
|
|
|
|
12
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; |
13
|
|
|
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface; |
14
|
|
|
use Symfony\Component\Security\Core\Exception\AccessDeniedException; |
15
|
|
|
use Symfony\Component\Security\Core\User\UserInterface; |
16
|
|
|
use Symfony\Component\Security\Csrf\CsrfToken; |
17
|
|
|
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; |
18
|
|
|
|
19
|
|
|
trait ControllerSecurityTrait |
20
|
|
|
{ |
21
|
|
|
/** |
22
|
|
|
* @var AuthorizationCheckerInterface |
23
|
|
|
*/ |
24
|
|
|
private $authorizationChecker; |
25
|
|
|
|
26
|
|
|
/** |
27
|
|
|
* @var TokenStorageInterface |
28
|
|
|
*/ |
29
|
|
|
private $tokenStorage; |
30
|
|
|
|
31
|
|
|
/** |
32
|
|
|
* @var CsrfTokenManagerInterface |
33
|
|
|
*/ |
34
|
|
|
private $csrfTokenManager; |
35
|
|
|
|
36
|
|
|
public function setAuthorizationChecker(AuthorizationCheckerInterface $authorizationChecker) |
37
|
|
|
{ |
38
|
|
|
$this->authorizationChecker = $authorizationChecker; |
39
|
|
|
} |
40
|
|
|
|
41
|
|
|
public function setTokenStorage(TokenStorageInterface $tokenStorage) |
42
|
|
|
{ |
43
|
|
|
$this->tokenStorage = $tokenStorage; |
44
|
|
|
} |
45
|
|
|
|
46
|
|
|
public function setCsrfTokenManager(CsrfTokenManagerInterface $csrfTokenManager) |
47
|
|
|
{ |
48
|
|
|
$this->csrfTokenManager = $csrfTokenManager; |
49
|
|
|
} |
50
|
|
|
|
51
|
|
|
/** |
52
|
|
|
* @param mixed $attributes |
53
|
|
|
* @param mixed $object |
54
|
|
|
*/ |
55
|
|
|
protected function isGranted($attributes, $object = null) : bool |
56
|
|
|
{ |
57
|
|
|
return $this->authorizationChecker->isGranted($attributes, $object); |
58
|
|
|
} |
59
|
|
|
|
60
|
|
|
/** |
61
|
|
|
* @param mixed $attributes |
62
|
|
|
* @param mixed $object |
63
|
|
|
* @param string $message |
64
|
|
|
*/ |
65
|
|
|
protected function denyAccessUnlessGranted($attributes, $object = null, string $message = 'Access Denied.') |
66
|
|
|
{ |
67
|
|
|
if (! $this->isGranted($attributes, $object)) { |
68
|
|
|
throw new AccessDeniedException($message); |
69
|
|
|
} |
70
|
|
|
} |
71
|
|
|
|
72
|
|
|
/** |
73
|
|
|
* @return object|void|UserInterface |
74
|
|
|
*/ |
75
|
|
|
protected function getUser() |
76
|
|
|
{ |
77
|
|
|
if ($this->tokenStorage->getToken() === null) { |
78
|
|
|
return; |
79
|
|
|
} |
80
|
|
|
|
81
|
|
|
$token = $this->tokenStorage->getToken(); |
82
|
|
|
if ($token === null) { |
83
|
|
|
return; |
84
|
|
|
} |
85
|
|
|
|
86
|
|
|
$user = $token->getUser(); |
87
|
|
|
if (is_object($user)) { |
88
|
|
|
return $user; |
89
|
|
|
} |
90
|
|
|
} |
91
|
|
|
|
92
|
|
|
protected function isCsrfTokenValid(string $id, string $token) : bool |
93
|
|
|
{ |
94
|
|
|
return $this->csrfTokenManager->isTokenValid(new CsrfToken($id, $token)); |
95
|
|
|
} |
96
|
|
|
} |
97
|
|
|
|