Home Explore Help
Sign In
bux
/
muzich
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
791 Commits
1 Branches
Tree: 380e82457b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '380e82457b'
${ noResults }
muzich/vendor/jms/security-extra-bundle/JMS/SecurityExtraBundle/Metadata/Driver/AnnotationDriver.php

AnnotationDriver.php 5.3KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128 
  1. <?php

  2. 

  3. /*

  4.  * Copyright 2011 Johannes M. Schmitt <schmittjoh@gmail.com>

  5.  *

  6.  * Licensed under the Apache License, Version 2.0 (the "License");

  7.  * you may not use this file except in compliance with the License.

  8.  * You may obtain a copy of the License at

  9.  *

  10.  * http://www.apache.org/licenses/LICENSE-2.0

  11.  *

  12.  * Unless required by applicable law or agreed to in writing, software

  13.  * distributed under the License is distributed on an "AS IS" BASIS,

  14.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  15.  * See the License for the specific language governing permissions and

  16.  * limitations under the License.

  17.  */

  18. 

  19. namespace JMS\SecurityExtraBundle\Metadata\Driver;

  20. 

  21. use JMS\SecurityExtraBundle\Exception\InvalidArgumentException;

  22. use Doctrine\Common\Annotations\Reader;

  23. use JMS\SecurityExtraBundle\Annotation\PreAuthorize;

  24. use JMS\SecurityExtraBundle\Annotation\RunAs;

  25. use JMS\SecurityExtraBundle\Annotation\SatisfiesParentSecurityPolicy;

  26. use JMS\SecurityExtraBundle\Annotation\Secure;

  27. use JMS\SecurityExtraBundle\Annotation\SecureParam;

  28. use JMS\SecurityExtraBundle\Annotation\SecureReturn;

  29. use JMS\SecurityExtraBundle\Metadata\ClassMetadata;

  30. use JMS\SecurityExtraBundle\Metadata\MethodMetadata;

  31. use Metadata\Driver\DriverInterface;

  32. use \ReflectionClass;

  33. use \ReflectionMethod;

  34. use JMS\SecurityExtraBundle\Security\Authorization\Expression\Expression;

  35. 

  36. /**

  37.  * Loads security annotations and converts them to metadata

  38.  *

  39.  * @author Johannes M. Schmitt <schmittjoh@gmail.com>

  40.  */

  41. class AnnotationDriver implements DriverInterface

  42. {

  43.     private $reader;

  44. 

  45.     public function __construct(Reader $reader)

  46.     {

  47.         $this->reader = $reader;

  48.     }

  49. 

  50.     public function loadMetadataForClass(ReflectionClass $reflection)

  51.     {

  52.         $metadata = new ClassMetadata($reflection->name);

  53. 

  54.         $classPreAuthorize = $this->reader->getClassAnnotation($reflection, 'JMS\SecurityExtraBundle\Annotation\PreAuthorize');

  55.         foreach ($reflection->getMethods(ReflectionMethod::IS_PUBLIC | ReflectionMethod::IS_PROTECTED) as $method) {

  56.             // check if the method was defined on this class

  57.             if ($method->getDeclaringClass()->name !== $reflection->name) {

  58.                 continue;

  59.             }

  60. 

  61.             $annotations = $this->reader->getMethodAnnotations($method);

  62. 

  63.             if (! $annotations && ! $classPreAuthorize) {

  64.                 continue;

  65.             }

  66. 

  67.             if (null !== $methodMetadata = $this->convertMethodAnnotations($method, $annotations, $classPreAuthorize)) {

  68.                 $metadata->addMethodMetadata($methodMetadata);

  69.             }

  70.         }

  71. 

  72.         return $metadata;

  73.     }

  74. 

  75.     private function convertMethodAnnotations(\ReflectionMethod $method, array $annotations, PreAuthorize $classPreAuthorize = null)

  76.     {

  77.         $parameters = array();

  78.         foreach ($method->getParameters() as $index => $parameter) {

  79.             $parameters[$parameter->getName()] = $index;

  80.         }

  81. 

  82.         $methodMetadata = new MethodMetadata($method->class, $method->name);

  83.         $hasSecurityMetadata = $hasPreRestrictions = false;

  84.         foreach ($annotations as $annotation) {

  85.             if ($annotation instanceof Secure) {

  86.                 $methodMetadata->roles = $annotation->roles;

  87.                 $hasSecurityMetadata = $hasPreRestrictions = true;

  88.             } elseif ($annotation instanceof PreAuthorize) {

  89.                 $methodMetadata->roles = array(new Expression($annotation->expr));

  90.                 $hasSecurityMetadata = $hasPreRestrictions = true;

  91.             } elseif ($annotation instanceof SecureParam) {

  92.                 if (!isset($parameters[$annotation->name])) {

  93.                     throw new InvalidArgumentException(sprintf('The parameter "%s" does not exist for method "%s".', $annotation->name, $method->name));

  94.                 }

  95. 

  96.                 $methodMetadata->addParamPermissions($parameters[$annotation->name], $annotation->permissions);

  97.                 $hasSecurityMetadata = $hasPreRestrictions = true;

  98.             } elseif ($annotation instanceof SecureReturn) {

  99.                 $methodMetadata->returnPermissions = $annotation->permissions;

  100.                 $hasSecurityMetadata = true;

  101.             } elseif ($annotation instanceof SatisfiesParentSecurityPolicy) {

  102.                 $methodMetadata->satisfiesParentSecurityPolicy = true;

  103.                 $hasSecurityMetadata = true;

  104.             } elseif ($annotation instanceof RunAs) {

  105.                 $methodMetadata->runAsRoles = $annotation->roles;

  106.                 $hasSecurityMetadata = true;

  107.             }

  108.         }

  109. 

  110.         // We use the following conditions to determine whether we should apply

  111.         // a class-level @PreAuthorize annotation:

  112.         //

  113.         //    - No other authorization that runs before the method invocation

  114.         //      must be configured. @Secure, @SecureParam, @PreAuthorize must

  115.         //      not be present; @SecureReturn would be fine though.

  116.         //

  117.         //    - The method must be public, or alternatively publicOnly on

  118.         //      @PreAuthorize must be set to false.

  119.         if ( ! $hasPreRestrictions && $classPreAuthorize

  120.                 && (!$classPreAuthorize->publicOnly || !$method->isProtected())) {

  121.             $methodMetadata->roles = array(new Expression($classPreAuthorize->expr));

  122.             $hasSecurityMetadata = true;

  123.         }

  124. 

  125.         return $hasSecurityMetadata ? $methodMetadata : null;

  126.     }

  127. }