sfBasicSecurityFilter.class.php 2.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
  1. <?php
  2. /*
  3. * This file is part of the symfony package.
  4. * (c) 2004-2006 Fabien Potencier <fabien.potencier@symfony-project.com>
  5. * (c) 2004-2006 Sean Kerr <sean@code-box.org>
  6. *
  7. * For the full copyright and license information, please view the LICENSE
  8. * file that was distributed with this source code.
  9. */
  10. /**
  11. * sfBasicSecurityFilter checks security by calling the getCredential() method
  12. * of the action. Once the credential has been acquired, sfBasicSecurityFilter
  13. * verifies the user has the same credential by calling the hasCredential()
  14. * method of SecurityUser.
  15. *
  16. * @package symfony
  17. * @subpackage filter
  18. * @author Sean Kerr <sean@code-box.org>
  19. * @version SVN: $Id: sfBasicSecurityFilter.class.php 9087 2008-05-20 02:00:40Z Carl.Vondrick $
  20. */
  21. class sfBasicSecurityFilter extends sfFilter
  22. {
  23. /**
  24. * Executes this filter.
  25. *
  26. * @param sfFilterChain $filterChain A sfFilterChain instance
  27. */
  28. public function execute($filterChain)
  29. {
  30. // disable security on login and secure actions
  31. if (
  32. (sfConfig::get('sf_login_module') == $this->context->getModuleName()) && (sfConfig::get('sf_login_action') == $this->context->getActionName())
  33. ||
  34. (sfConfig::get('sf_secure_module') == $this->context->getModuleName()) && (sfConfig::get('sf_secure_action') == $this->context->getActionName())
  35. )
  36. {
  37. $filterChain->execute();
  38. return;
  39. }
  40. // NOTE: the nice thing about the Action class is that getCredential()
  41. // is vague enough to describe any level of security and can be
  42. // used to retrieve such data and should never have to be altered
  43. if (!$this->context->getUser()->isAuthenticated())
  44. {
  45. // the user is not authenticated
  46. $this->forwardToLoginAction();
  47. }
  48. // the user is authenticated
  49. $credential = $this->getUserCredential();
  50. if (!is_null($credential) && !$this->context->getUser()->hasCredential($credential))
  51. {
  52. // the user doesn't have access
  53. $this->forwardToSecureAction();
  54. }
  55. // the user has access, continue
  56. $filterChain->execute();
  57. }
  58. /**
  59. * Forwards the current request to the secure action.
  60. *
  61. * @throws sfStopException
  62. */
  63. protected function forwardToSecureAction()
  64. {
  65. $this->context->getController()->forward(sfConfig::get('sf_secure_module'), sfConfig::get('sf_secure_action'));
  66. throw new sfStopException();
  67. }
  68. /**
  69. * Forwards the current request to the login action.
  70. *
  71. * @throws sfStopException
  72. */
  73. protected function forwardToLoginAction()
  74. {
  75. $this->context->getController()->forward(sfConfig::get('sf_login_module'), sfConfig::get('sf_login_action'));
  76. throw new sfStopException();
  77. }
  78. /**
  79. * Returns the credential required for this action.
  80. *
  81. * @return mixed The credential required for this action
  82. */
  83. protected function getUserCredential()
  84. {
  85. return $this->context->getController()->getActionStack()->getLastEntry()->getActionInstance()->getCredential();
  86. }
  87. }