Created
March 14, 2012 14:28
-
-
Save fprochazka/2036843 to your computer and use it in GitHub Desktop.
Security annotace nad presentery v #nettefw
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace AdminModule; | |
| use Nette; | |
| /** | |
| */ | |
| abstract class BasePresenter extends \BasePresenter | |
| { | |
| /** | |
| * @param \Reflector $element | |
| */ | |
| public function checkRequirements($element) | |
| { | |
| try { | |
| $this->getUser()->protectElement($element); | |
| } catch (Nette\Application\ForbiddenRequestException $e) { | |
| $this->redirect('SignIn:'); | |
| } | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace AdminModule; | |
| /** | |
| * @User(role="admin") | |
| */ | |
| class NewsPresenter extends BasePresenter | |
| { | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * @property User $user | |
| * @method User getUser() | |
| */ | |
| abstract class BasePresenter extends Nette\Application\UI\Presenter | |
| { | |
| /** | |
| * @param \Reflector $element | |
| */ | |
| public function checkRequirements($element) | |
| { | |
| $this->getUser()->protectElement($element); | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| common: | |
| services: | |
| user: User |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| use Nette\Application\ForbiddenRequestException; | |
| use Nette\Security; | |
| use Nette\Reflection; | |
| /** | |
| * @author Filip Procházka <[email protected]> | |
| */ | |
| class User extends Nette\Security\User | |
| { | |
| /** | |
| * @param string $resource | |
| * @param string $privilege | |
| * @param string $message | |
| * | |
| * @throws \Nette\Application\ForbiddenRequestException | |
| */ | |
| public function needAllowed($resource = Security\IAuthorizator::ALL, $privilege = Security\IAuthorizator::ALL, $message = NULL) | |
| { | |
| if (!$this->isAllowed($resource, $privilege)) { | |
| throw new ForbiddenRequestException($message ? : "User is not allowed to " . ($privilege ? $privilege : "access") . " the resource" . ($resource ? " '$resource'" : NULL) . "."); | |
| } | |
| } | |
| /** | |
| * @param \Reflector|\Nette\Reflection\ClassType|\Nette\Reflection\Method $element | |
| * @param string $message | |
| * | |
| * @throws Nette\Application\ForbiddenRequestException | |
| * @throws Nette\UnexpectedValueException | |
| * | |
| * @return bool | |
| */ | |
| public function protectElement(\Reflector $element, $message = NULL) | |
| { | |
| if (!$element instanceof Reflection\Method && !$element instanceof Reflection\ClassType) { | |
| return FALSE; | |
| } | |
| $user = (array)$element->getAnnotation('User'); | |
| $message = isset($user['message']) ? $user['message'] : $message; | |
| if (in_array('loggedIn', $user) && !$this->isLoggedIn()) { | |
| throw new ForbiddenRequestException($message ? : "User " . $this->getId() . " is not logged in."); | |
| } elseif (isset($user['role']) && !$this->isInRole($user['role'])) { | |
| throw new ForbiddenRequestException($message ? : "User " . $this->getId() . " is not in role '" . $user['role'] . "'."); | |
| } elseif ($element->getAnnotation('user')) { | |
| throw new Nette\UnexpectedValueException("Annotation 'user' in $element should have been 'User'."); | |
| } | |
| $allowed = (array)$element->getAnnotation('Allowed'); | |
| $message = isset($allowed['message']) ? $allowed['message'] : $message; | |
| if ($allowed) { | |
| $resource = isset($allowed[0]) ? $allowed[0] : Security\IAuthorizator::ALL; | |
| $privilege = isset($allowed[1]) ? $allowed[1] : Security\IAuthorizator::ALL; | |
| $this->needAllowed($resource, $privilege, $message); | |
| } elseif ($element->getAnnotation('allowed')) { | |
| throw new Nette\UnexpectedValueException("Annotation 'allowed' in $element should have been 'Allowed'."); | |
| } | |
| return TRUE; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment