Symfony2 get to the access_control parameters located in the security.yml

前端未结

关注

 2  1292

北海茫月 2021-01-06 00:32

I\'m trying to get the access_control parameters which are located in my security.yml as an array in my custom service.

Just like with getting the role_hierarchy para

2条回答

情深已故 (楼主)

2021-01-06 01:19

Necro, but still relevant. This is an improvement on Touki's answer above, where we don't reparse the access_control definitions, but rather use the already configured security token, firewall and access map to work out the answer.

.../services.yml

...

My\Application\AuthenticationBundle\Security\AccessControlHelper:
    class: My\Application\AuthenticationBundle\Security\AccessControlHelper
    arguments:
        $securityContext: "@security.context"
        $firewall: '@security.firewall.map'
        $accessDecisionManager: '@security.access.decision_manager'
        $accessMap: '@security.access_map'

...

src/My/Application/AuthenticationBundle/Security/AccessControlHelper.php

declare(strict_types=1);

namespace My\Application\AuthenticationBundle\Security;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Symfony\Component\Security\Core\SecurityContextInterface;
use Symfony\Component\Security\Http\AccessMapInterface;
use Symfony\Component\Security\Http\Firewall\AccessListener;
use Symfony\Component\Security\Http\FirewallMapInterface;

class AccessControlHelper
{
    /**
     * @var SecurityContextInterface
     */
    protected $securityContext;

    /**
     * @var FirewallMapInterface
     */
    protected $firewallMap;

    /**
     * @var AccessDecisionManagerInterface
     */
    protected $accessDecisionManager;

    /**
     * @var AccessMapInterface
     */
    protected $accessMap;

    public function __construct(
        SecurityContextInterface $securityContext,
        FirewallMapInterface $firewallMap,
        AccessDecisionManagerInterface $accessDecisionManager,
        AccessMapInterface $accessMap
    )
    {
        $this->securityContext = $securityContext;
        $this->firewallMap = $firewallMap;
        $this->accessDecisionManager = $accessDecisionManager;
        $this->accessMap = $accessMap;
    }

    public function isRequestAccessible(Request $request): bool
    {
        $token = $this->securityContext->getToken();
        if (!$token || false == $token->isAuthenticated()) {
            return false;
        }

        list($listeners) = $this->firewallMap->getListeners($request);
        if ($listeners) {
            foreach ($listeners as $listener) {
                if ($listener instanceof AccessListener) {
                    /**
                     * Logic here is much inspired by the AccessListener->handle(...) method.
                     */
                    list($attributes) = $this->accessMap->getPatterns($request);

                    if (null === $attributes) {
                        continue;
                    }

                    return boolval($this->accessDecisionManager->decide($token, $attributes, $request));
                }
            }
        }
        return true;
    }

    public function isUriAccessible(string $uri)
    {
        return $this->isRequestAccessible(Request::create($uri));
    }
}

Sample usage:

use My\Application\AuthenticationBundle\Security\AccessControlHelper;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\Request;

$container = ...; // @var ContainerInterface

$accessControlHelper = $container->get(AccessControlHelper::class);
$accessControlHelper->isRequestAccessible(new Request("/foo"));
$accessControlHelper->isUriAccessible("/foo");

0 讨论(0)

查看其它2个回答