Initial commit with Symfony 2.1+Vendors

Signed-off-by: Gergely POLONKAI (W00d5t0ck) <polesz@w00d5t0ck.info>
2012-07-01 09:52:20 +02:00
commit 082a0130c2
5381 changed files with 416709 additions and 0 deletions
--- a/vendor/jms/security-extra-bundle/JMS/SecurityExtraBundle/Security/Acl/Expression/HasPermissionFunctionCompiler.php
+++ b/vendor/jms/security-extra-bundle/JMS/SecurityExtraBundle/Security/Acl/Expression/HasPermissionFunctionCompiler.php
@@ -0,0 +1,63 @@
+<?php
+
+/*
+ * Copyright 2011 Johannes M. Schmitt <schmittjoh@gmail.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace JMS\SecurityExtraBundle\Security\Acl\Expression;
+
+use JMS\SecurityExtraBundle\Security\Authorization\Expression\Ast\ConstantExpression;
+
+use JMS\SecurityExtraBundle\Security\Authorization\Expression\Ast\VariableExpression;
+use JMS\SecurityExtraBundle\Security\Authorization\Expression\Ast\FunctionExpression;
+use JMS\SecurityExtraBundle\Security\Authorization\Expression\ExpressionCompiler;
+use JMS\SecurityExtraBundle\Security\Authorization\Expression\Compiler\Func\FunctionCompilerInterface;
+
+class HasPermissionFunctionCompiler implements FunctionCompilerInterface
+{
+    public function getName()
+    {
+        return 'hasPermission';
+    }
+
+    public function compilePreconditions(ExpressionCompiler $compiler, FunctionExpression $function)
+    {
+        $compiler->verifyItem('token', 'Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
+    }
+
+    public function compile(ExpressionCompiler $compiler, FunctionExpression $function)
+    {
+        $compiler
+            ->compileInternal(new VariableExpression('permission_evaluator'))
+            ->write('->hasPermission(')
+            ->compileInternal(new VariableExpression('token'))
+            ->write(', ')
+            ->compileInternal($function->args[0])
+            ->write(', ')
+        ;
+
+        if ($function->args[1] instanceof ConstantExpression) {
+            $compiler->write(var_export(strtoupper($function->args[1]->value), true).')');
+
+            return;
+        }
+
+        $compiler
+            ->write('strtoupper(')
+            ->compileInternal($function->args[1])
+            ->write('))')
+        ;
+    }
+}
--- a/vendor/jms/security-extra-bundle/JMS/SecurityExtraBundle/Security/Acl/Expression/PermissionEvaluator.php
+++ b/vendor/jms/security-extra-bundle/JMS/SecurityExtraBundle/Security/Acl/Expression/PermissionEvaluator.php
@@ -0,0 +1,122 @@
+<?php
+
+/*
+ * Copyright 2011 Johannes M. Schmitt <schmittjoh@gmail.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace JMS\SecurityExtraBundle\Security\Acl\Expression;
+
+use Symfony\Component\Security\Acl\Exception\NoAceFoundException;
+use Symfony\Component\Security\Acl\Exception\AclNotFoundException;
+use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
+use Symfony\Component\Security\Acl\Permission\PermissionMapInterface;
+use Symfony\Component\Security\Acl\Model\AclProviderInterface;
+use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface;
+use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface;
+use Symfony\Component\HttpKernel\Log\LoggerInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+
+class PermissionEvaluator
+{
+    private $aclProvider;
+    private $oidRetrievalStrategy;
+    private $sidRetrievalStrategy;
+    private $permissionMap;
+    private $allowIfObjectIdentityUnavailable;
+    private $logger;
+
+    public function __construct(AclProviderInterface $aclProvider,
+        ObjectIdentityRetrievalStrategyInterface $oidRetrievalStrategy,
+        SecurityIdentityRetrievalStrategyInterface $sidRetrievalStrategy,
+        PermissionMapInterface $permissionMap,
+        $allowIfObjectIdentityUnavailable = true,
+        LoggerInterface $logger = null)
+    {
+        $this->aclProvider = $aclProvider;
+        $this->oidRetrievalStrategy = $oidRetrievalStrategy;
+        $this->sidRetrievalStrategy = $sidRetrievalStrategy;
+        $this->permissionMap = $permissionMap;
+        $this->allowIfObjectIdentityUnavailable = $allowIfObjectIdentityUnavailable;
+        $this->logger = $logger;
+    }
+
+    public function hasPermission(TokenInterface $token, $object, $permission)
+    {
+        if (null === $masks = $this->permissionMap->getMasks($permission, $object)) {
+            return false;
+        }
+
+        if (null === $object) {
+            if (null !== $this->logger) {
+                $this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain'));
+            }
+
+            return $this->allowIfObjectIdentityUnavailable ? true : false;
+        } else if ($object instanceof FieldVote) {
+            $field = $object->getField();
+            $object = $object->getDomainObject();
+        } else {
+            $field = null;
+        }
+
+        if ($object instanceof ObjectIdentityInterface) {
+            $oid = $object;
+        } else if (null === $oid = $this->oidRetrievalStrategy->getObjectIdentity($object)) {
+            if (null !== $this->logger) {
+                $this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain'));
+            }
+
+            return $this->allowIfObjectIdentityUnavailable ? true : false;
+        }
+
+        $sids = $this->sidRetrievalStrategy->getSecurityIdentities($token);
+
+        try {
+            $acl = $this->aclProvider->findAcl($oid, $sids);
+
+            if (null === $field && $acl->isGranted($masks, $sids, false)) {
+                if (null !== $this->logger) {
+                    $this->logger->debug('ACL found, permission granted. Voting to grant access');
+                }
+
+                return true;
+            } else if (null !== $field && $acl->isFieldGranted($field, $masks, $sids, false)) {
+                if (null !== $this->logger) {
+                    $this->logger->debug('ACL found, permission granted. Voting to grant access');
+                }
+
+                return true;
+            }
+
+            if (null !== $this->logger) {
+                $this->logger->debug('ACL found, insufficient permissions. Voting to deny access.');
+            }
+
+            return false;
+        } catch (AclNotFoundException $noAcl) {
+            if (null !== $this->logger) {
+                $this->logger->debug('No ACL found for the object identity. Voting to deny access.');
+            }
+
+            return false;
+        } catch (NoAceFoundException $noAce) {
+            if (null !== $this->logger) {
+                $this->logger->debug('ACL found, no ACE applicable. Voting to deny access.');
+            }
+
+            return false;
+        }
+    }
+}