gergely/kekrozsak
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial commit with Symfony 2.1+Vendors

Browse Source 
Signed-off-by: Gergely POLONKAI (W00d5t0ck) <polesz@w00d5t0ck.info>
This commit is contained in:
Polonkai Gergely
2012-07-01 09:52:20 +02:00
commit 082a0130c2
5381 changed files with 416709 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
vendor/jms/security-extra-bundle/JMS/SecurityExtraBundle/Security/Acl/Expression/HasPermissionFunctionCompiler.php vendored Normal file
View File

@@ -0,0 +1,63 @@
<?php
/*
* Copyright 2011 Johannes M. Schmitt <schmittjoh@gmail.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
namespace JMS\SecurityExtraBundle\Security\Acl\Expression;
use JMS\SecurityExtraBundle\Security\Authorization\Expression\Ast\ConstantExpression;
use JMS\SecurityExtraBundle\Security\Authorization\Expression\Ast\VariableExpression;
use JMS\SecurityExtraBundle\Security\Authorization\Expression\Ast\FunctionExpression;
use JMS\SecurityExtraBundle\Security\Authorization\Expression\ExpressionCompiler;
use JMS\SecurityExtraBundle\Security\Authorization\Expression\Compiler\Func\FunctionCompilerInterface;
class HasPermissionFunctionCompiler implements FunctionCompilerInterface
{
public function getName()
{
return 'hasPermission';
}
public function compilePreconditions(ExpressionCompiler $compiler, FunctionExpression $function)
{
$compiler->verifyItem('token', 'Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
}
public function compile(ExpressionCompiler $compiler, FunctionExpression $function)
{
$compiler
->compileInternal(new VariableExpression('permission_evaluator'))
->write('->hasPermission(')
->compileInternal(new VariableExpression('token'))
->write(', ')
->compileInternal($function->args[0])
->write(', ')
;
if ($function->args[1] instanceof ConstantExpression) {
$compiler->write(var_export(strtoupper($function->args[1]->value), true).')');
return;
}
$compiler
->write('strtoupper(')
->compileInternal($function->args[1])
->write('))')
;
}
}

122
vendor/jms/security-extra-bundle/JMS/SecurityExtraBundle/Security/Acl/Expression/PermissionEvaluator.php vendored Normal file
View File

@@ -0,0 +1,122 @@
<?php
/*
* Copyright 2011 Johannes M. Schmitt <schmittjoh@gmail.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
namespace JMS\SecurityExtraBundle\Security\Acl\Expression;
use Symfony\Component\Security\Acl\Exception\NoAceFoundException;
use Symfony\Component\Security\Acl\Exception\AclNotFoundException;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
use Symfony\Component\Security\Acl\Permission\PermissionMapInterface;
use Symfony\Component\Security\Acl\Model\AclProviderInterface;
use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface;
use Symfony\Component\HttpKernel\Log\LoggerInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
class PermissionEvaluator
{
private $aclProvider;
private $oidRetrievalStrategy;
private $sidRetrievalStrategy;
private $permissionMap;
private $allowIfObjectIdentityUnavailable;
private $logger;
public function __construct(AclProviderInterface $aclProvider,
ObjectIdentityRetrievalStrategyInterface $oidRetrievalStrategy,
SecurityIdentityRetrievalStrategyInterface $sidRetrievalStrategy,
PermissionMapInterface $permissionMap,
$allowIfObjectIdentityUnavailable = true,
LoggerInterface $logger = null)
{
$this->aclProvider = $aclProvider;
$this->oidRetrievalStrategy = $oidRetrievalStrategy;
$this->sidRetrievalStrategy = $sidRetrievalStrategy;
$this->permissionMap = $permissionMap;
$this->allowIfObjectIdentityUnavailable = $allowIfObjectIdentityUnavailable;
$this->logger = $logger;
}
public function hasPermission(TokenInterface $token, $object, $permission)
{
if (null === $masks = $this->permissionMap->getMasks($permission, $object)) {
return false;
}
if (null === $object) {
if (null !== $this->logger) {
$this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain'));
}
return $this->allowIfObjectIdentityUnavailable ? true : false;
} else if ($object instanceof FieldVote) {
$field = $object->getField();
$object = $object->getDomainObject();
} else {
$field = null;
}
if ($object instanceof ObjectIdentityInterface) {
$oid = $object;
} else if (null === $oid = $this->oidRetrievalStrategy->getObjectIdentity($object)) {
if (null !== $this->logger) {
$this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain'));
}
return $this->allowIfObjectIdentityUnavailable ? true : false;
}
$sids = $this->sidRetrievalStrategy->getSecurityIdentities($token);
try {
$acl = $this->aclProvider->findAcl($oid, $sids);
if (null === $field && $acl->isGranted($masks, $sids, false)) {
if (null !== $this->logger) {
$this->logger->debug('ACL found, permission granted. Voting to grant access');
}
return true;
} else if (null !== $field && $acl->isFieldGranted($field, $masks, $sids, false)) {
if (null !== $this->logger) {
$this->logger->debug('ACL found, permission granted. Voting to grant access');
}
return true;
}
if (null !== $this->logger) {
$this->logger->debug('ACL found, insufficient permissions. Voting to deny access.');
}
return false;
} catch (AclNotFoundException $noAcl) {
if (null !== $this->logger) {
$this->logger->debug('No ACL found for the object identity. Voting to deny access.');
}
return false;
} catch (NoAceFoundException $noAce) {
if (null !== $this->logger) {
$this->logger->debug('ACL found, no ACE applicable. Voting to deny access.');
}
return false;
}
}
}

136
vendor/jms/security-extra-bundle/JMS/SecurityExtraBundle/Security/Acl/Voter/AclVoter.php vendored Normal file
View File

@@ -0,0 +1,136 @@
<?php
namespace JMS\SecurityExtraBundle\Security\Acl\Voter;
use Symfony\Component\Security\Acl\Voter\FieldVote;
use Symfony\Component\HttpKernel\Log\LoggerInterface;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Symfony\Component\Security\Acl\Exception\NoAceFoundException;
use Symfony\Component\Security\Acl\Exception\AclNotFoundException;
use Symfony\Component\Security\Acl\Model\AclProviderInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
use Symfony\Component\Security\Acl\Permission\PermissionMapInterface;
use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
/**
* This voter can be used as a base class for implementing your own permissions.
*
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
*/
class AclVoter implements VoterInterface
{
private $aclProvider;
private $permissionMap;
private $objectIdentityRetrievalStrategy;
private $securityIdentityRetrievalStrategy;
private $allowIfObjectIdentityUnavailable;
private $logger;
public function __construct(AclProviderInterface $aclProvider, ObjectIdentityRetrievalStrategyInterface $oidRetrievalStrategy, SecurityIdentityRetrievalStrategyInterface $sidRetrievalStrategy, PermissionMapInterface $permissionMap, LoggerInterface $logger = null, $allowIfObjectIdentityUnavailable = true)
{
$this->aclProvider = $aclProvider;
$this->permissionMap = $permissionMap;
$this->objectIdentityRetrievalStrategy = $oidRetrievalStrategy;
$this->securityIdentityRetrievalStrategy = $sidRetrievalStrategy;
$this->logger = $logger;
$this->allowIfObjectIdentityUnavailable = $allowIfObjectIdentityUnavailable;
}
public function supportsAttribute($attribute)
{
return $this->permissionMap->contains($attribute);
}
public function vote(TokenInterface $token, $object, array $attributes)
{
foreach ($attributes as $attribute) {
if (null === $masks = $this->permissionMap->getMasks((string) $attribute, $object)) {
continue;
}
if (null === $object) {
if (null !== $this->logger) {
$this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain'));
}
return $this->allowIfObjectIdentityUnavailable ? self::ACCESS_GRANTED : self::ACCESS_ABSTAIN;
} else if ($object instanceof FieldVote) {
$field = $object->getField();
$object = $object->getDomainObject();
} else {
$field = null;
}
if ($object instanceof ObjectIdentityInterface) {
$oid = $object;
} else if (null === $oid = $this->objectIdentityRetrievalStrategy->getObjectIdentity($object)) {
if (null !== $this->logger) {
$this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain'));
}
return $this->allowIfObjectIdentityUnavailable ? self::ACCESS_GRANTED : self::ACCESS_ABSTAIN;
}
if (!$this->supportsClass($oid->getType())) {
return self::ACCESS_ABSTAIN;
}
$sids = $this->securityIdentityRetrievalStrategy->getSecurityIdentities($token);
try {
$acl = $this->aclProvider->findAcl($oid, $sids);
if (null === $field && $acl->isGranted($masks, $sids, false)) {
if (null !== $this->logger) {
$this->logger->debug('ACL found, permission granted. Voting to grant access');
}
return self::ACCESS_GRANTED;
} else if (null !== $field && $acl->isFieldGranted($field, $masks, $sids, false)) {
if (null !== $this->logger) {
$this->logger->debug('ACL found, permission granted. Voting to grant access');
}
return self::ACCESS_GRANTED;
}
if (null !== $this->logger) {
$this->logger->debug('ACL found, insufficient permissions. Voting to deny access.');
}
return self::ACCESS_DENIED;
} catch (AclNotFoundException $noAcl) {
if (null !== $this->logger) {
$this->logger->debug('No ACL found for the object identity. Voting to deny access.');
}
return self::ACCESS_DENIED;
} catch (NoAceFoundException $noAce) {
if (null !== $this->logger) {
$this->logger->debug('ACL found, no ACE applicable. Voting to deny access.');
}
return self::ACCESS_DENIED;
}
}
// no attribute was supported
return self::ACCESS_ABSTAIN;
}
/**
* You can override this method when writing a voter for a specific domain
* class.
*
* @param string $class The class name
*
* @return Boolean
*/
public function supportsClass($class)
{
return true;
}
}