Added IS_ANONYMOUS, IS_REMEMBERED, IS_IMPERSONATOR

This commit is contained in:
Jules Pietri 2019-03-21 20:52:38 +01:00 committed by Wouter de Jong
parent f01bbc789c
commit 6c522a7d98
3 changed files with 32 additions and 1 deletions

View File

@ -5,6 +5,7 @@ CHANGELOG
-----
* Added access decision strategy to override access decisions by voter service priority
* Added `IS_ANONYMOUS`, `IS_REMEMBERED`, `IS_IMPERSONATOR`
5.0.0
-----

View File

@ -12,6 +12,7 @@
namespace Symfony\Component\Security\Core\Authorization\Voter;
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
/**
@ -28,6 +29,9 @@ class AuthenticatedVoter implements VoterInterface
const IS_AUTHENTICATED_FULLY = 'IS_AUTHENTICATED_FULLY';
const IS_AUTHENTICATED_REMEMBERED = 'IS_AUTHENTICATED_REMEMBERED';
const IS_AUTHENTICATED_ANONYMOUSLY = 'IS_AUTHENTICATED_ANONYMOUSLY';
const IS_ANONYMOUS = 'IS_ANONYMOUS';
const IS_IMPERSONATOR = 'IS_IMPERSONATOR';
const IS_REMEMBERED = 'IS_REMEMBERED';
private $authenticationTrustResolver;
@ -45,7 +49,10 @@ class AuthenticatedVoter implements VoterInterface
foreach ($attributes as $attribute) {
if (null === $attribute || (self::IS_AUTHENTICATED_FULLY !== $attribute
&& self::IS_AUTHENTICATED_REMEMBERED !== $attribute
&& self::IS_AUTHENTICATED_ANONYMOUSLY !== $attribute)) {
&& self::IS_AUTHENTICATED_ANONYMOUSLY !== $attribute
&& self::IS_ANONYMOUS !== $attribute
&& self::IS_IMPERSONATOR !== $attribute
&& self::IS_REMEMBERED !== $attribute)) {
continue;
}
@ -68,6 +75,18 @@ class AuthenticatedVoter implements VoterInterface
|| $this->authenticationTrustResolver->isFullFledged($token))) {
return VoterInterface::ACCESS_GRANTED;
}
if (self::IS_REMEMBERED === $attribute && $this->authenticationTrustResolver->isRememberMe($token)) {
return VoterInterface::ACCESS_GRANTED;
}
if (self::IS_ANONYMOUS === $attribute && $this->authenticationTrustResolver->isAnonymous($token)) {
return VoterInterface::ACCESS_GRANTED;
}
if (self::IS_IMPERSONATOR === $attribute && $token instanceof SwitchUserToken) {
return VoterInterface::ACCESS_GRANTED;
}
}
return $result;

View File

@ -49,6 +49,15 @@ class AuthenticatedVoterTest extends TestCase
['fully', ['IS_AUTHENTICATED_FULLY'], VoterInterface::ACCESS_GRANTED],
['remembered', ['IS_AUTHENTICATED_FULLY'], VoterInterface::ACCESS_DENIED],
['anonymously', ['IS_AUTHENTICATED_FULLY'], VoterInterface::ACCESS_DENIED],
['fully', ['IS_ANONYMOUS'], VoterInterface::ACCESS_DENIED],
['remembered', ['IS_ANONYMOUS'], VoterInterface::ACCESS_DENIED],
['anonymously', ['IS_ANONYMOUS'], VoterInterface::ACCESS_GRANTED],
['fully', ['IS_IMPERSONATOR'], VoterInterface::ACCESS_DENIED],
['remembered', ['IS_IMPERSONATOR'], VoterInterface::ACCESS_DENIED],
['anonymously', ['IS_IMPERSONATOR'], VoterInterface::ACCESS_DENIED],
['impersonated', ['IS_IMPERSONATOR'], VoterInterface::ACCESS_GRANTED],
];
}
@ -58,6 +67,8 @@ class AuthenticatedVoterTest extends TestCase
return $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
} elseif ('remembered' === $authenticated) {
return $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\RememberMeToken')->setMethods(['setPersistent'])->disableOriginalConstructor()->getMock();
} elseif ('impersonated' === $authenticated) {
return $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken')->disableOriginalConstructor()->getMock();
} else {
return $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\AnonymousToken')->setConstructorArgs(['', ''])->getMock();
}