Changeset 7105
- Timestamp:
- 01/20/08 08:06:10 (8 months ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
branches/1.1/lib/filter/sfBasicSecurityFilter.class.php
r5002 r7105 30 30 public function execute($filterChain) 31 31 { 32 // get the cool stuff 33 $controller = $this->context->getController(); 34 $user = $this->context->getUser(); 35 36 // get the current action instance 37 $actionEntry = $controller->getActionStack()->getLastEntry(); 38 $actionInstance = $actionEntry->getActionInstance(); 39 40 // disable security on [sf_login_module] / [sf_login_action] 32 // disable security on login and secure actions 41 33 if ( 42 34 (sfConfig::get('sf_login_module') == $this->context->getModuleName()) && (sfConfig::get('sf_login_action') == $this->context->getActionName()) … … 50 42 } 51 43 52 // get the credential required for this action53 $credential = $actionInstance->getCredential();54 55 // for this filter, the credentials are a simple privilege array56 // where the first index is the privilege name and the second index57 // is the privilege namespace58 //59 44 // NOTE: the nice thing about the Action class is that getCredential() 60 45 // is vague enough to describe any level of security and can be 61 46 // used to retrieve such data and should never have to be altered 62 if ($user->isAuthenticated()) 63 { 64 // the user is authenticated 65 if ($credential === null || $user->hasCredential($credential)) 66 { 67 // the user has access, continue 68 $filterChain->execute(); 69 } 70 else 71 { 72 // the user doesn't have access, exit stage left 73 $controller->forward(sfConfig::get('sf_secure_module'), sfConfig::get('sf_secure_action')); 74 75 throw new sfStopException(); 76 } 77 } 78 else 47 if (!$this->context->getUser()->isAuthenticated()) 79 48 { 80 49 // the user is not authenticated 81 $controller->forward(sfConfig::get('sf_login_module'), sfConfig::get('sf_login_action')); 50 $this->forwardToLoginAction(); 51 } 82 52 83 throw new sfStopException(); 53 // the user is authenticated 54 $credential = $this->getUserCredential(); 55 if (!is_null($credential) && !$this->context->getUser()->hasCredential($credential)) 56 { 57 // the user doesn't have access 58 $this->forwardToSecureAction(); 84 59 } 60 61 // the user has access, continue 62 $filterChain->execute(); 63 } 64 65 /** 66 * Forwards the current request to the secure action. 67 * 68 * @throws sfStopException 69 */ 70 protected function forwardToSecureAction() 71 { 72 $this->context->getController()->forward(sfConfig::get('sf_secure_module'), sfConfig::get('sf_secure_action')); 73 74 throw new sfStopException(); 75 } 76 77 /** 78 * Forwards the current request to the login action. 79 * 80 * @throws sfStopException 81 */ 82 protected function forwardToLoginAction() 83 { 84 $this->context->getController()->forward(sfConfig::get('sf_login_module'), sfConfig::get('sf_login_action')); 85 86 throw new sfStopException(); 87 } 88 89 /** 90 * Returns the credential required for this action. 91 * 92 * @return mixed The credential required for this action 93 */ 94 protected function getUserCredential() 95 { 96 return $this->context->getController()->getActionStack()->getLastEntry()->getActionInstance()->getCredential(); 85 97 } 86 98 }
