Development

/branches/1.0/lib/filter/sfBasicSecurityFilter.class.php

You must first sign up to be able to contribute.

root/branches/1.0/lib/filter/sfBasicSecurityFilter.class.php

Revision 7791, 2.7 kB (checked in by fabien, 7 years ago)

updated Sean Kerr email address

  • Property svn:mime-type set to text/x-php
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id Rev Date
Line 
1 <?php
2
3 /*
4  * This file is part of the symfony package.
5  * (c) 2004-2006 Fabien Potencier <fabien.potencier@symfony-project.com>
6  * (c) 2004-2006 Sean Kerr <sean@code-box.org>
7  *
8  * For the full copyright and license information, please view the LICENSE
9  * file that was distributed with this source code.
10  */
11
12 /**
13  * sfBasicSecurityFilter checks security by calling the getCredential() method
14  * of the action. Once the credential has been acquired, sfBasicSecurityFilter
15  * verifies the user has the same credential by calling the hasCredential()
16  * method of SecurityUser.
17  *
18  * @package    symfony
19  * @subpackage filter
20  * @author     Sean Kerr <sean@code-box.org>
21  * @version    SVN: $Id$
22  */
23 class sfBasicSecurityFilter extends sfSecurityFilter
24 {
25   /**
26    * Executes this filter.
27    *
28    * @param sfFilterChain A sfFilterChain instance
29    */
30   public function execute($filterChain)
31   {
32     // get the cool stuff
33     $context    = $this->getContext();
34     $controller = $context->getController();
35     $user       = $context->getUser();
36
37     // get the current action instance
38     $actionEntry    = $controller->getActionStack()->getLastEntry();
39     $actionInstance = $actionEntry->getActionInstance();
40
41     // disable security on [sf_login_module] / [sf_login_action]
42     if (
43       (sfConfig::get('sf_login_module') == $context->getModuleName()) && (sfConfig::get('sf_login_action') == $context->getActionName())
44       ||
45       (sfConfig::get('sf_secure_module') == $context->getModuleName()) && (sfConfig::get('sf_secure_action') == $context->getActionName())
46     )
47     {
48       $filterChain->execute();
49
50       return;
51     }
52
53     // get the credential required for this action
54     $credential = $actionInstance->getCredential();
55
56     // for this filter, the credentials are a simple privilege array
57     // where the first index is the privilege name and the second index
58     // is the privilege namespace
59     //
60     // NOTE: the nice thing about the Action class is that getCredential()
61     //       is vague enough to describe any level of security and can be
62     //       used to retrieve such data and should never have to be altered
63     if ($user->isAuthenticated())
64     {
65       // the user is authenticated
66       if ($credential === null || $user->hasCredential($credential))
67       {
68         // the user has access, continue
69         $filterChain->execute();
70       }
71       else
72       {
73         // the user doesn't have access, exit stage left
74         $controller->forward(sfConfig::get('sf_secure_module'), sfConfig::get('sf_secure_action'));
75
76         throw new sfStopException();
77       }
78     }
79     else
80     {
81       // the user is not authenticated
82       $controller->forward(sfConfig::get('sf_login_module'), sfConfig::get('sf_login_action'));
83
84       throw new sfStopException();
85     }
86   }
87 }
88
Note: See TracBrowser for help on using the browser.