1. sfBasicSecurityFilter.class.php
  2. /**
 * sfBasicSecurityFilter checks security by calling the getCredential() method
 * of the action. Once the credential has been acquired, sfBasicSecurityFilter
 * verifies the user has the same credential by calling the hasCredential()
 * method of SecurityUser.
 *
 * @package    symfony
 * @subpackage filter
 * @author     Sean Kerr 
 * @version    SVN: $Id: sfBasicSecurityFilter.class.php 23810 2009-11-12 11:07:44Z Kris.Wallsmith $
 */
  3. class sfBasicSecurityFilter extends sfFilter
  4. {
  5.   /**
  6.    * Executes this filter.
  7.    *
  8.    * @param sfFilterChain $filterChain A sfFilterChain instance
  9.    */
  10.   public function execute($filterChain)
  11.   {
  12.     // disable security on login and secure actions
  13.     if (
  14.       (sfConfig::get('sf_login_module') == $this->context->getModuleName()) && (sfConfig::get('sf_login_action') == $this->context->getActionName())
  15.       ||
  16.       (sfConfig::get('sf_secure_module') == $this->context->getModuleName()) && (sfConfig::get('sf_secure_action') == $this->context->getActionName())
  17.     )
  18.     {
  19.       $filterChain->execute();
  21.       return;
  22.     }
  24.     // NOTE: the nice thing about the Action class is that getCredential()
  25.     //       is vague enough to describe any level of security and can be
  26.     //       used to retrieve such data and should never have to be altered
  27.     if (!$this->context->getUser()->isAuthenticated())
  28.     {
  29.       if (sfConfig::get('sf_logging_enabled'))
  30.       {
  31.         $this->context->getEventDispatcher()->notify(new sfEvent($this, 'application.log', array(sprintf('Action "%s/%s" requires authentication, forwarding to "%s/%s"', $this->context->getModuleName(), $this->context->getActionName(), sfConfig::get('sf_login_module'), sfConfig::get('sf_login_action')))));
  32.       }
  33.      
  34.       // the user is not authenticated
  35.       $this->forwardToLoginAction();
  36.     }
  38.     // the user is authenticated
  39.     $credential = $this->getUserCredential();
  40.     if (null !== $credential && !$this->context->getUser()->hasCredential($credential))
  41.     { 
  42.       if (sfConfig::get('sf_logging_enabled'))
  43.       {
  44.         $this->context->getEventDispatcher()->notify(new sfEvent($this, 'application.log', array(sprintf('Action "%s/%s" requires credentials "%s", forwarding to "%s/%s"', $this->context->getModuleName(), $this->context->getActionName(), sfYaml::dump($credential, 0), sfConfig::get('sf_secure_module'), sfConfig::get('sf_secure_action')))));
  45.       }
  46.     
  47.       // the user doesn't have access
  48.       $this->forwardToSecureAction();
  49.     }
  51.     // the user has access, continue
  52.     $filterChain->execute();
  53.   }
  55.   /**
  56.    * Forwards the current request to the secure action.
  57.    *
  58.    * @throws sfStopException
  59.    */
  60.   protected function forwardToSecureAction()
  61.   {    
  62.     $this->context->getController()->forward(sfConfig::get('sf_secure_module'), sfConfig::get('sf_secure_action'));
  64.     throw new sfStopException();
  65.   }
  67.   /**
  68.    * Forwards the current request to the login action.
  69.    *
  70.    * @throws sfStopException
  71.    */
  72.   protected function forwardToLoginAction()
  73.   {
  74.     $this->context->getController()->forward(sfConfig::get('sf_login_module'), sfConfig::get('sf_login_action'));
  76.     throw new sfStopException();
  77.   }
  79.   /**
  80.    * Returns the credential required for this action.
  81.    *
  82.    * @return mixed The credential required for this action
  83.    */
  84.   protected function getUserCredential()
  85.   {
  86.     return $this->context->getController()->getActionStack()->getLastEntry()->getActionInstance()->getCredential();
  87.   }
  88. }
Debug toolbar