Development

/branches/1.2/lib/filter/sfBasicSecurityFilter.class.php

You must first sign up to be able to contribute.

root/branches/1.2/lib/filter/sfBasicSecurityFilter.class.php

Revision 9087, 2.9 kB (checked in by Carl.Vondrick, 7 years ago)

1.1: fixed phpdoc to fit specs in filter (refs #2991)

  • Property svn:mime-type set to text/x-php
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id Rev Date
Line 
1 <?php
2
3 /*
4  * This file is part of the symfony package.
5  * (c) 2004-2006 Fabien Potencier <fabien.potencier@symfony-project.com>
6  * (c) 2004-2006 Sean Kerr <sean@code-box.org>
7  *
8  * For the full copyright and license information, please view the LICENSE
9  * file that was distributed with this source code.
10  */
11
12 /**
13  * sfBasicSecurityFilter checks security by calling the getCredential() method
14  * of the action. Once the credential has been acquired, sfBasicSecurityFilter
15  * verifies the user has the same credential by calling the hasCredential()
16  * method of SecurityUser.
17  *
18  * @package    symfony
19  * @subpackage filter
20  * @author     Sean Kerr <sean@code-box.org>
21  * @version    SVN: $Id$
22  */
23 class sfBasicSecurityFilter extends sfFilter
24 {
25   /**
26    * Executes this filter.
27    *
28    * @param sfFilterChain $filterChain A sfFilterChain instance
29    */
30   public function execute($filterChain)
31   {
32     // disable security on login and secure actions
33     if (
34       (sfConfig::get('sf_login_module') == $this->context->getModuleName()) && (sfConfig::get('sf_login_action') == $this->context->getActionName())
35       ||
36       (sfConfig::get('sf_secure_module') == $this->context->getModuleName()) && (sfConfig::get('sf_secure_action') == $this->context->getActionName())
37     )
38     {
39       $filterChain->execute();
40
41       return;
42     }
43
44     // NOTE: the nice thing about the Action class is that getCredential()
45     //       is vague enough to describe any level of security and can be
46     //       used to retrieve such data and should never have to be altered
47     if (!$this->context->getUser()->isAuthenticated())
48     {
49       // the user is not authenticated
50       $this->forwardToLoginAction();
51     }
52
53     // the user is authenticated
54     $credential = $this->getUserCredential();
55     if (!is_null($credential) && !$this->context->getUser()->hasCredential($credential))
56     {
57       // the user doesn't have access
58       $this->forwardToSecureAction();
59     }
60
61     // the user has access, continue
62     $filterChain->execute();
63   }
64
65   /**
66    * Forwards the current request to the secure action.
67    *
68    * @throws sfStopException
69    */
70   protected function forwardToSecureAction()
71   {
72     $this->context->getController()->forward(sfConfig::get('sf_secure_module'), sfConfig::get('sf_secure_action'));
73
74     throw new sfStopException();
75   }
76
77   /**
78    * Forwards the current request to the login action.
79    *
80    * @throws sfStopException
81    */
82   protected function forwardToLoginAction()
83   {
84     $this->context->getController()->forward(sfConfig::get('sf_login_module'), sfConfig::get('sf_login_action'));
85
86     throw new sfStopException();
87   }
88
89   /**
90    * Returns the credential required for this action.
91    *
92    * @return mixed The credential required for this action
93    */
94   protected function getUserCredential()
95   {
96     return $this->context->getController()->getActionStack()->getLastEntry()->getActionInstance()->getCredential();
97   }
98 }
99
Note: See TracBrowser for help on using the browser.