vendor/symfony/security-http/Firewall/AccessListener.php line 91

Open in your IDE?
  1. <?php
  2. /*
  3.  * This file is part of the Symfony package.
  4.  *
  5.  * (c) Fabien Potencier <fabien@symfony.com>
  6.  *
  7.  * For the full copyright and license information, please view the LICENSE
  8.  * file that was distributed with this source code.
  9.  */
  10. namespace Symfony\Component\Security\Http\Firewall;
  11. use Symfony\Component\HttpFoundation\Request;
  12. use Symfony\Component\HttpKernel\Event\RequestEvent;
  13. use Symfony\Component\Security\Core\Authentication\Token\NullToken;
  14. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  15. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  16. use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
  17. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  18. use Symfony\Component\Security\Http\AccessMapInterface;
  19. use Symfony\Component\Security\Http\Event\LazyResponseEvent;
  20. /**
  21.  * AccessListener enforces access control rules.
  22.  *
  23.  * @author Fabien Potencier <fabien@symfony.com>
  24.  *
  25.  * @final
  26.  */
  27. class AccessListener extends AbstractListener
  28. {
  29.     private $tokenStorage;
  30.     private $accessDecisionManager;
  31.     private $map;
  32.     public function __construct(TokenStorageInterface $tokenStorageAccessDecisionManagerInterface $accessDecisionManagerAccessMapInterface $mapbool $exceptionOnNoToken false)
  33.     {
  34.         if (false !== $exceptionOnNoToken) {
  35.             throw new \LogicException('Argument $exceptionOnNoToken of "%s()" must be set to "false".'__METHOD__);
  36.         }
  37.         $this->tokenStorage $tokenStorage;
  38.         $this->accessDecisionManager $accessDecisionManager;
  39.         $this->map $map;
  40.     }
  41.     /**
  42.      * {@inheritdoc}
  43.      */
  44.     public function supports(Request $request): ?bool
  45.     {
  46.         [$attributes] = $this->map->getPatterns($request);
  47.         $request->attributes->set('_access_control_attributes'$attributes);
  48.         if ($attributes && (
  49.             (\defined(AuthenticatedVoter::class.'::IS_AUTHENTICATED_ANONYMOUSLY') ? [AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] !== $attributes true)
  50.             && [AuthenticatedVoter::PUBLIC_ACCESS] !== $attributes
  51.         )) {
  52.             return true;
  53.         }
  54.         return null;
  55.     }
  56.     /**
  57.      * Handles access authorization.
  58.      *
  59.      * @throws AccessDeniedException
  60.      */
  61.     public function authenticate(RequestEvent $event)
  62.     {
  63.         $request $event->getRequest();
  64.         $attributes $request->attributes->get('_access_control_attributes');
  65.         $request->attributes->remove('_access_control_attributes');
  66.         if (!$attributes || ((
  67.             (\defined(AuthenticatedVoter::class.'::IS_AUTHENTICATED_ANONYMOUSLY') ? [AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] === $attributes false)
  68.             || [AuthenticatedVoter::PUBLIC_ACCESS] === $attributes
  69.         ) && $event instanceof LazyResponseEvent)) {
  70.             return;
  71.         }
  72.         $token $this->tokenStorage->getToken();
  73.         if (null === $token) {
  74.             $token = new NullToken();
  75.         }
  76.         if (!$this->accessDecisionManager->decide($token$attributes$requesttrue)) {
  77.             throw $this->createAccessDeniedException($request$attributes);
  78.         }
  79.     }
  80.     private function createAccessDeniedException(Request $request, array $attributes)
  81.     {
  82.         $exception = new AccessDeniedException();
  83.         $exception->setAttributes($attributes);
  84.         $exception->setSubject($request);
  85.         return $exception;
  86.     }
  87.     public static function getPriority(): int
  88.     {
  89.         return -255;
  90.     }
  91. }