Home Explore Help
Sign In
bux
/
muzich
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
9 Commits
1 Branches
Tree: 3bd9b0a1af
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3bd9b0a1af'
${ noResults }
muzich/vendor/bundles/JMS/SecurityExtraBundle/Annotation/SatisfiesParentSecurityPoli...

SatisfiesParentSecurityPolicy.php 2.3KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 
  1. <?php

  2. 

  3. /*

  4.  * Copyright 2010 Johannes M. Schmitt <schmittjoh@gmail.com>

  5.  *

  6.  * Licensed under the Apache License, Version 2.0 (the "License");

  7.  * you may not use this file except in compliance with the License.

  8.  * You may obtain a copy of the License at

  9.  *

  10.  * http://www.apache.org/licenses/LICENSE-2.0

  11.  *

  12.  * Unless required by applicable law or agreed to in writing, software

  13.  * distributed under the License is distributed on an "AS IS" BASIS,

  14.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  15.  * See the License for the specific language governing permissions and

  16.  * limitations under the License.

  17.  */

  18. 

  19. namespace JMS\SecurityExtraBundle\Annotation;

  20. 

  21. /**

  22.  * This must be declared on classes which inherit from classes that have

  23.  * requested method invocation securing capabilities.

  24.  *

  25.  * It indicates to the analyzer that the developer is aware of these security

  26.  * restrictions, and has applied them to the root class in an appropriate

  27.  * fashion.

  28.  *

  29.  * We cannot do this automatically without properly analyzing the control flow,

  30.  * and in some cases it is not possible at all. See the following example:

  31.  *

  32.  * <code>

  33.  *     // child class

  34.  *     public function editComment($commentId)

  35.  *     {

  36.  *         // retrieve comment from database

  37.  *         $comment = $this->entityManager->find($commentId);

  38.  *

  39.  *         return parent::editComment($comment);

  40.  *     }

  41.  *

  42.  *     // base class which is inherited from

  43.  *     /**

  44.  *      * @SecureParam(name="comment", permissions="EDIT")

  45.  *      *\/

  46.  *     public function editComment(Comment $comment)

  47.  *     {

  48.  *        // do some supposedly secure action

  49.  *     }

  50.  * <code>

  51.  *

  52.  * The above example can be rewritten so that we can apply security checks

  53.  * automatically:

  54.  *

  55.  * <code>

  56.  * 		 // child class

  57.  *     public function editComment($commentId)

  58.  *     {

  59.  *         // retrieve comment from database

  60.  *         $comment = $this->entityManager->find($commentId);

  61.  *

  62.  *         return $this->doEditComment($comment);

  63.  *     }

  64.  *

  65.  *     // base class which is inherited from

  66.  *     /**

  67.  *      * @SecureParam(name="comment", permissions="EDIT")

  68.  *      *\/

  69.  *     protected function doEditComment(Comment $comment)

  70.  *     {

  71.  *        // do some secure action

  72.  *     }

  73.  * </code>

  74.  *

  75.  * @Annotation

  76.  * @Target("METHOD")

  77.  * @author Johannes M. Schmitt <schmittjoh@gmail.com>

  78.  */

  79. final class SatisfiesParentSecurityPolicy

  80. {

  81. }