[Sommaire] [Imprimer]

   1  <?php
   2  
   3  /*
   4   * This file is part of the symfony package.
   5   * (c) 2004-2006 Fabien Potencier <fabien.potencier@symfony-project.com>
   6   * (c) 2004-2006 Sean Kerr.
   7   * 
   8   * For the full copyright and license information, please view the LICENSE
   9   * file that was distributed with this source code.
  10   */
  11  
  12  /**
  13   * sfBasicSecurityFilter checks security by calling the getCredential() method
  14   * of the action. Once the credential has been acquired, sfBasicSecurityFilter
  15   * verifies the user has the same credential by calling the hasCredential()
  16   * method of SecurityUser.
  17   *
  18   * @package    symfony
  19   * @subpackage filter
  20   * @author     Sean Kerr <skerr@mojavi.org>
  21   * @version    SVN: $Id: sfBasicSecurityFilter.class.php 3244 2007-01-12 14:46:11Z fabien $
  22   */
  23  class sfBasicSecurityFilter extends sfSecurityFilter
  24  {
  25    /**
  26     * Executes this filter.
  27     *
  28     * @param sfFilterChain A sfFilterChain instance
  29     */
  30    public function execute($filterChain)
  31    {
  32      // get the cool stuff
  33      $context    = $this->getContext();
  34      $controller = $context->getController();
  35      $user       = $context->getUser();
  36  
  37      // get the current action instance
  38      $actionEntry    = $controller->getActionStack()->getLastEntry();
  39      $actionInstance = $actionEntry->getActionInstance();
  40  
  41      // disable security on [sf_login_module] / [sf_login_action]
  42      if ((sfConfig::get('sf_login_module') == $context->getModuleName()) && (sfConfig::get('sf_login_action') == $context->getActionName()))
  43      {
  44        $filterChain->execute();
  45  
  46        return;
  47      }
  48  
  49      // get the credential required for this action
  50      $credential = $actionInstance->getCredential();
  51  
  52      // for this filter, the credentials are a simple privilege array
  53      // where the first index is the privilege name and the second index
  54      // is the privilege namespace
  55      //
  56      // NOTE: the nice thing about the Action class is that getCredential()
  57      //       is vague enough to describe any level of security and can be
  58      //       used to retrieve such data and should never have to be altered
  59      if ($user->isAuthenticated())
  60      {
  61        // the user is authenticated
  62        if ($credential === null || $user->hasCredential($credential))
  63        {
  64          // the user has access, continue
  65          $filterChain->execute();
  66        }
  67        else
  68        {
  69          // the user doesn't have access, exit stage left
  70          $controller->forward(sfConfig::get('sf_secure_module'), sfConfig::get('sf_secure_action'));
  71  
  72          throw new sfStopException();
  73        }
  74      }
  75      else
  76      {
  77        // the user is not authenticated
  78        $controller->forward(sfConfig::get('sf_login_module'), sfConfig::get('sf_login_action'));
  79  
  80        throw new sfStopException();
  81      }
  82    }
  83  }