mirror of
https://github.com/alchemy-fr/Phraseanet.git
synced 2025-10-18 07:23:13 +00:00
Avoid exception driven logic
This commit is contained in:
Romain Neutron
@@ -25,6 +25,8 @@ class Collection implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAccessToModule('admin')
|
||||
->requireRightOnBase($app['request']->attributes->get('bas_id'), 'canadmin');
|
||||
|
||||
@@ -23,6 +23,8 @@ class ConnectedUsers implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAccessToModule('Admin');
|
||||
});
|
||||
|
||||
@@ -30,6 +30,8 @@ class Databox implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAccessToModule('admin')
|
||||
->requireAccessToSbas($request->attributes->get('databox_id'));
|
||||
|
||||
@@ -29,6 +29,8 @@ class Databoxes implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAccessToModule('admin');
|
||||
});
|
||||
|
||||
@@ -27,6 +27,8 @@ class Fields implements ControllerProviderInterface
|
||||
|
||||
$app['admin.fields.controller'] = $this;
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']
|
||||
->requireAccessToModule('admin')
|
||||
|
||||
@@ -29,6 +29,8 @@ class Publications implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAccessToModule('admin')
|
||||
->requireRight('bas_chupub');
|
||||
|
||||
@@ -29,6 +29,8 @@ class Root implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAccessToModule('admin');
|
||||
});
|
||||
|
||||
@@ -28,6 +28,8 @@ class Subdefs implements ControllerProviderInterface
|
||||
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAccessToModule('admin')
|
||||
->requireRightOnSbas($request->attributes->get('sbas_id'), 'bas_modify_struct');
|
||||
|
||||
@@ -25,6 +25,8 @@ class TaskManager implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireRight('taskmanager');
|
||||
});
|
||||
|
||||
@@ -31,6 +31,8 @@ class Users implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAccessToModule('admin')
|
||||
->requireRight('manageusers');
|
||||
|
||||
@@ -25,9 +25,7 @@ class Baskets implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
/**
|
||||
* Gets client baskets
|
||||
|
||||
@@ -30,7 +30,9 @@ class Root implements ControllerProviderInterface
|
||||
if (!$app['authentication']->isAuthenticated() && null !== $request->query->get('nolog')) {
|
||||
return $app->redirectPath('login_authenticate_as_guest', array('redirect' => 'client'));
|
||||
}
|
||||
$app['firewall']->requireAuthentication();
|
||||
if (null !== $response = $app['firewall']->requireAuthentication()) {
|
||||
return $response;
|
||||
}
|
||||
});
|
||||
|
||||
/**
|
||||
|
||||
@@ -58,9 +58,7 @@ class Lightbox implements ControllerProviderInterface
|
||||
}
|
||||
});
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->get('/', function (SilexApplication $app) {
|
||||
try {
|
||||
|
||||
@@ -33,9 +33,7 @@ class Basket implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
/**
|
||||
* Get a basket
|
||||
|
||||
@@ -23,6 +23,8 @@ class Bridge implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireRight('bas_chupub');
|
||||
});
|
||||
|
||||
@@ -26,9 +26,7 @@ class Download implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
/**
|
||||
* Download a set of documents
|
||||
|
||||
@@ -30,6 +30,8 @@ class Edit implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']
|
||||
->requireNotGuest()
|
||||
|
||||
@@ -32,6 +32,8 @@ class Export implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireNotGuest();
|
||||
});
|
||||
|
||||
@@ -31,9 +31,7 @@ class Feed implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
/**
|
||||
* I got a selection of docs, which publications are available forthese docs ?
|
||||
|
||||
@@ -42,9 +42,10 @@ class Lazaret implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication()
|
||||
->requireRight('addrecord');
|
||||
$app['firewall']->requireRight('addrecord');
|
||||
});
|
||||
|
||||
/**
|
||||
|
||||
@@ -28,9 +28,10 @@ class MoveCollection implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication()
|
||||
->requireRight('addrecord')
|
||||
$app['firewall']->requireRight('addrecord')
|
||||
->requireRight('deleterecord');
|
||||
});
|
||||
|
||||
|
||||
@@ -35,9 +35,10 @@ class Order implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication()
|
||||
->requireRight('order');
|
||||
$app['firewall']->requireRight('order');
|
||||
});
|
||||
|
||||
/**
|
||||
|
||||
@@ -28,6 +28,8 @@ class Property implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireNotGuest();
|
||||
});
|
||||
|
||||
@@ -99,9 +99,10 @@ class Push implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication()
|
||||
->requireRight('push');
|
||||
$app['firewall']->requireRight('push');
|
||||
});
|
||||
|
||||
$userFormatter = $this->getUserFormatter();
|
||||
|
||||
@@ -30,9 +30,7 @@ class Query implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
/**
|
||||
* Query Phraseanet
|
||||
|
||||
@@ -28,6 +28,8 @@ class Records implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireNotGuest();
|
||||
});
|
||||
|
||||
@@ -36,7 +36,9 @@ class Root implements ControllerProviderInterface
|
||||
return $app->redirectPath('login_authenticate_as_guest');
|
||||
}
|
||||
|
||||
$app['firewall']->requireAuthentication();
|
||||
if (null !== $response = $app['firewall']->requireAuthentication()) {
|
||||
return $response;
|
||||
}
|
||||
});
|
||||
|
||||
$controllers->get('/', function (Application $app) {
|
||||
|
||||
@@ -26,6 +26,8 @@ class Share implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireNotGuest();
|
||||
});
|
||||
|
||||
@@ -31,9 +31,7 @@ class Story implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->get('/create/', function (Application $app) {
|
||||
return $app['twig']->render('prod/Story/Create.html.twig', array());
|
||||
|
||||
@@ -42,11 +42,9 @@ class TOU implements ControllerProviderInterface
|
||||
*
|
||||
* return : JSON Response
|
||||
*/
|
||||
$controllers->post('/deny/{sbas_id}/', $this->call('denyTermsOfUse'))
|
||||
->bind('deny_tou')
|
||||
->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$controller = $controllers->post('/deny/{sbas_id}/', $this->call('denyTermsOfUse'))
|
||||
->bind('deny_tou');
|
||||
$app['firewall']->addMandatoryAuthentication($controller);
|
||||
|
||||
/**
|
||||
* Display Terms of use
|
||||
|
||||
@@ -30,9 +30,10 @@ class Tools implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication()
|
||||
->requireRight('doctools');
|
||||
$app['firewall']->requireRight('doctools');
|
||||
});
|
||||
|
||||
$controllers->get('/', function (Application $app, Request $request) {
|
||||
|
||||
@@ -28,9 +28,7 @@ class Tooltip implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->post('/basket/{basket_id}/', $this->call('displayBasket'))
|
||||
->assert('basket_id', '\d+')
|
||||
|
||||
@@ -45,9 +45,10 @@ class Upload implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication()
|
||||
->requireRight('addrecord');
|
||||
$app['firewall']->requireRight('addrecord');
|
||||
});
|
||||
|
||||
/**
|
||||
|
||||
@@ -33,9 +33,7 @@ class UsrLists implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
/**
|
||||
* Get all lists
|
||||
|
||||
@@ -32,9 +32,7 @@ class WorkZone implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->get('/', $this->call('displayWorkzone'))
|
||||
->bind('prod_workzone_show');
|
||||
|
||||
@@ -23,8 +23,9 @@ class Activity implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
$app['firewall']->requireAccessToModule('report');
|
||||
});
|
||||
|
||||
|
||||
@@ -23,8 +23,9 @@ class Export implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
$app['firewall']->requireAccessToModule('report');
|
||||
});
|
||||
|
||||
|
||||
@@ -22,8 +22,9 @@ class Informations implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
$app['firewall']->requireAccessToModule('report');
|
||||
});
|
||||
|
||||
|
||||
@@ -23,8 +23,9 @@ class Root implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
$app['firewall']->requireAccessToModule('report');
|
||||
});
|
||||
|
||||
|
||||
@@ -33,9 +33,7 @@ class Account implements ControllerProviderInterface
|
||||
|
||||
$app['account.controller'] = $this;
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
// Displays current logged in user account
|
||||
$controllers->get('/', 'account.controller:displayAccount')
|
||||
|
||||
@@ -30,9 +30,7 @@ class Developers implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
/**
|
||||
* List of apps created by the user
|
||||
|
||||
@@ -162,10 +162,10 @@ class Login implements ControllerProviderInterface
|
||||
})->bind('login_authentication_provider_callback');
|
||||
|
||||
// Logout end point
|
||||
$controllers->get('/logout/', 'login.controller:logout')
|
||||
->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
})->bind('logout');
|
||||
$logoutController = $controllers->get('/logout/', 'login.controller:logout')
|
||||
->bind('logout');
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($logoutController);
|
||||
|
||||
// Registration end point ; redirects to classic registration or AuthProvider registration
|
||||
$controllers->get('/register/', 'login.controller:displayRegisterForm')
|
||||
|
||||
@@ -38,12 +38,12 @@ class Session implements ControllerProviderInterface
|
||||
$controllers->post('/update/', $this->call('updateSession'))
|
||||
->bind('update_session');
|
||||
|
||||
$controllers->post('/delete/{id}', $this->call('deleteSession'))
|
||||
->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
})
|
||||
|
||||
$controller = $controllers->post('/delete/{id}', $this->call('deleteSession'))
|
||||
->bind('delete_session');
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controller);
|
||||
|
||||
return $controllers;
|
||||
}
|
||||
|
||||
|
||||
@@ -22,8 +22,9 @@ class Thesaurus implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
$app['firewall']->requireAccessToModule('thesaurus');
|
||||
});
|
||||
|
||||
|
||||
@@ -24,9 +24,7 @@ class Xmlhttp implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function () use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->match('acceptcandidates.j.php', $this->call('AcceptCandidatesJson'))
|
||||
->before(function () use ($app) {
|
||||
|
||||
@@ -26,6 +26,8 @@ class Notifications implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireNotGuest();
|
||||
});
|
||||
|
||||
@@ -26,9 +26,7 @@ class Preferences implements ControllerProviderInterface
|
||||
{
|
||||
$controllers = $app['controllers_factory'];
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
$app['firewall']->requireAuthentication();
|
||||
});
|
||||
$app['firewall']->addMandatoryAuthentication($controllers);
|
||||
|
||||
/**
|
||||
* Save preferences
|
||||
|
||||
@@ -3,7 +3,10 @@
|
||||
namespace Alchemy\Phrasea\Security;
|
||||
|
||||
use Silex\Application;
|
||||
use Silex\Controller;
|
||||
use Silex\ControllerCollection;
|
||||
use Symfony\Component\HttpFoundation\RedirectResponse;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
class Firewall
|
||||
{
|
||||
@@ -38,8 +41,6 @@ class Firewall
|
||||
|
||||
public function requireAccessToModule($module)
|
||||
{
|
||||
$this->requireAuthentication();
|
||||
|
||||
if (!$this->app['authentication']->getUser()->ACL()->has_access_to_module($module)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
@@ -49,8 +50,6 @@ class Firewall
|
||||
|
||||
public function requireAccessToSbas($sbas_id)
|
||||
{
|
||||
$this->requireAuthentication();
|
||||
|
||||
if (!$this->app['authentication']->getUser()->ACL()->has_access_to_sbas($sbas_id)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
@@ -60,8 +59,6 @@ class Firewall
|
||||
|
||||
public function requireAccessToBase($base_id)
|
||||
{
|
||||
$this->requireAuthentication();
|
||||
|
||||
if (!$this->app['authentication']->getUser()->ACL()->has_access_to_base($base_id)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
@@ -71,8 +68,6 @@ class Firewall
|
||||
|
||||
public function requireRight($right)
|
||||
{
|
||||
$this->requireAuthentication();
|
||||
|
||||
if (!$this->app['authentication']->getUser()->ACL()->has_right($right)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
@@ -82,8 +77,6 @@ class Firewall
|
||||
|
||||
public function requireRightOnBase($base_id, $right)
|
||||
{
|
||||
$this->requireAuthentication();
|
||||
|
||||
if (!$this->app['authentication']->getUser()->ACL()->has_right_on_base($base_id, $right)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
@@ -93,8 +86,6 @@ class Firewall
|
||||
|
||||
public function requireRightOnSbas($sbas_id, $right)
|
||||
{
|
||||
$this->requireAuthentication();
|
||||
|
||||
if (!$this->app['authentication']->getUser()->ACL()->has_right_on_sbas($sbas_id, $right)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
@@ -104,8 +95,6 @@ class Firewall
|
||||
|
||||
public function requireNotGuest()
|
||||
{
|
||||
$this->requireAuthentication();
|
||||
|
||||
if ($this->app['authentication']->getUser()->is_guest()) {
|
||||
$this->app->abort(403, 'Guests do not have admin role');
|
||||
}
|
||||
@@ -116,12 +105,23 @@ class Firewall
|
||||
public function requireAuthentication()
|
||||
{
|
||||
if (!$this->app['authentication']->isAuthenticated()) {
|
||||
$this->app->abort(302, 'You are not authenticated', array(
|
||||
'X-Phraseanet-Redirect' => $this->app->path('homepage')
|
||||
));
|
||||
return new RedirectResponse($this->app->path('homepage'));
|
||||
}
|
||||
}
|
||||
|
||||
return $this;
|
||||
public function addMandatoryAuthentication($controllers)
|
||||
{
|
||||
if (!$controllers instanceof ControllerCollection && !$controllers instanceof Controller) {
|
||||
throw new \InvalidArgumentException('Controllers must be either a Controller or a ControllerCollection.');
|
||||
}
|
||||
|
||||
$app = $this->app;
|
||||
|
||||
$controllers->before(function (Request $request) use ($app) {
|
||||
if (null !== $response = $app['firewall']->requireAuthentication()) {
|
||||
return $response;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
public function requireNotAuthenticated()
|
||||
|
||||
@@ -2,24 +2,18 @@
|
||||
|
||||
namespace Alchemy\Tests\Phrasea\Security;
|
||||
|
||||
use Alchemy\Phrasea\Security\Firewall;
|
||||
|
||||
class FirewallTest extends \PhraseanetWebTestCaseAuthenticatedAbstract
|
||||
{
|
||||
protected $client;
|
||||
|
||||
public function testRequiredAuth()
|
||||
{
|
||||
$res = self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']);
|
||||
$this->assertInstanceOf('\\Alchemy\\Phrasea\\Security\\Firewall', $res);
|
||||
$this->assertNull(self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']));
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException Symfony\Component\HttpKernel\Exception\HttpException
|
||||
*/
|
||||
public function testRequiredAuthNotAuthenticated()
|
||||
{
|
||||
$this->logout(self::$DI['app']);
|
||||
self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']);
|
||||
$this->assertInstanceOf('Symfony\Component\HttpFoundation\RedirectResponse', self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']));
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user