67 lines
1.7 KiB
PHP
67 lines
1.7 KiB
PHP
<?php
|
|
|
|
namespace Trinity\Bundle\SecurityBundle\AccessControl;
|
|
|
|
use Symfony\Component\Security\Core\SecurityContextInterface;
|
|
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
|
|
use Symfony\Component\HttpFoundation\Request;
|
|
use Symfony\Component\Security\Http\AccessMap;
|
|
use Symfony\Component\Routing\RouterInterface;
|
|
|
|
class RouteAccessControl implements AccessControlInterface
|
|
{
|
|
private $context;
|
|
private $accessDecisionManager;
|
|
private $map;
|
|
|
|
public function __construct(SecurityContextInterface $context, AccessDecisionManagerInterface $accessDecisionManager, AccessMap $map, RouterInterface $router)
|
|
{
|
|
$this->context = $context;
|
|
$this->accessDecisionManager = $accessDecisionManager;
|
|
$this->map = $map;
|
|
$this->router = $router;
|
|
}
|
|
|
|
public function setRoute($route)
|
|
{
|
|
$this->route = $route;
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function isGranted(array $restrictedRoles = array())
|
|
{
|
|
if (null === $token = $this->context->getToken()) {
|
|
return true;
|
|
}
|
|
|
|
$request = Request::create($this->route);
|
|
|
|
list($attributes) = $this->map->getPatterns($request);
|
|
|
|
if (null === $attributes) {
|
|
return true;
|
|
}
|
|
|
|
if (!$token->isAuthenticated()) {
|
|
return false;
|
|
}
|
|
|
|
$access = $this->accessDecisionManager->decide($token, $attributes, $request);
|
|
|
|
if (!$access) {
|
|
return false;
|
|
}
|
|
|
|
if (!empty($restrictedRoles)) {
|
|
foreach ($restrictedRoles as $k => $v) {
|
|
if (!$this->context->isGranted($v)) {
|
|
return false;
|
|
}
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|
|
}
|