Development

/branches/1.3/lib/filter/sfBasicSecurityFilter.class.php

You must first sign up to be able to contribute.

root/branches/1.3/lib/filter/sfBasicSecurityFilter.class.php

Revision 23810, 3.6 kB (checked in by Kris.Wallsmith, 5 years ago)

[1.3] set svn:eol-style property to native and svn:keywords property to Id on all .php files

  • Property svn:mime-type set to text/x-php
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
Line 
1 <?php
2
3 /*
4  * This file is part of the symfony package.
5  * (c) 2004-2006 Fabien Potencier <fabien.potencier@symfony-project.com>
6  * (c) 2004-2006 Sean Kerr <sean@code-box.org>
7  *
8  * For the full copyright and license information, please view the LICENSE
9  * file that was distributed with this source code.
10  */
11
12 /**
13  * sfBasicSecurityFilter checks security by calling the getCredential() method
14  * of the action. Once the credential has been acquired, sfBasicSecurityFilter
15  * verifies the user has the same credential by calling the hasCredential()
16  * method of SecurityUser.
17  *
18  * @package    symfony
19  * @subpackage filter
20  * @author     Sean Kerr <sean@code-box.org>
21  * @version    SVN: $Id$
22  */
23 class sfBasicSecurityFilter extends sfFilter
24 {
25   /**
26    * Executes this filter.
27    *
28    * @param sfFilterChain $filterChain A sfFilterChain instance
29    */
30   public function execute($filterChain)
31   {
32     // disable security on login and secure actions
33     if (
34       (sfConfig::get('sf_login_module') == $this->context->getModuleName()) && (sfConfig::get('sf_login_action') == $this->context->getActionName())
35       ||
36       (sfConfig::get('sf_secure_module') == $this->context->getModuleName()) && (sfConfig::get('sf_secure_action') == $this->context->getActionName())
37     )
38     {
39       $filterChain->execute();
40
41       return;
42     }
43
44     // NOTE: the nice thing about the Action class is that getCredential()
45     //       is vague enough to describe any level of security and can be
46     //       used to retrieve such data and should never have to be altered
47     if (!$this->context->getUser()->isAuthenticated())
48     {
49       if (sfConfig::get('sf_logging_enabled'))
50       {
51         $this->context->getEventDispatcher()->notify(new sfEvent($this, 'application.log', array(sprintf('Action "%s/%s" requires authentication, forwarding to "%s/%s"', $this->context->getModuleName(), $this->context->getActionName(), sfConfig::get('sf_login_module'), sfConfig::get('sf_login_action')))));
52       }
53     
54       // the user is not authenticated
55       $this->forwardToLoginAction();
56     }
57
58     // the user is authenticated
59     $credential = $this->getUserCredential();
60     if (null !== $credential && !$this->context->getUser()->hasCredential($credential))
61     {
62       if (sfConfig::get('sf_logging_enabled'))
63       {
64         $this->context->getEventDispatcher()->notify(new sfEvent($this, 'application.log', array(sprintf('Action "%s/%s" requires credentials "%s", forwarding to "%s/%s"', $this->context->getModuleName(), $this->context->getActionName(), sfYaml::dump($credential, 0), sfConfig::get('sf_secure_module'), sfConfig::get('sf_secure_action')))));
65       }
66     
67       // the user doesn't have access
68       $this->forwardToSecureAction();
69     }
70
71     // the user has access, continue
72     $filterChain->execute();
73   }
74
75   /**
76    * Forwards the current request to the secure action.
77    *
78    * @throws sfStopException
79    */
80   protected function forwardToSecureAction()
81   {   
82     $this->context->getController()->forward(sfConfig::get('sf_secure_module'), sfConfig::get('sf_secure_action'));
83
84     throw new sfStopException();
85   }
86
87   /**
88    * Forwards the current request to the login action.
89    *
90    * @throws sfStopException
91    */
92   protected function forwardToLoginAction()
93   {
94     $this->context->getController()->forward(sfConfig::get('sf_login_module'), sfConfig::get('sf_login_action'));
95
96     throw new sfStopException();
97   }
98
99   /**
100    * Returns the credential required for this action.
101    *
102    * @return mixed The credential required for this action
103    */
104   protected function getUserCredential()
105   {
106     return $this->context->getController()->getActionStack()->getLastEntry()->getActionInstance()->getCredential();
107   }
108 }
109
Note: See TracBrowser for help on using the browser.