d261894c6e
The authorization checker has been changed to support any value recently. The naming should reflect that to avoid confusion. Refs https://github.com/sonata-project/SonataAdminBundle/issues/4518
407 lines
14 KiB
PHP
407 lines
14 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of the Symfony package.
|
|
*
|
|
* (c) Fabien Potencier <fabien@symfony.com>
|
|
*
|
|
* For the full copyright and license information, please view the LICENSE
|
|
* file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Symfony\Bundle\FrameworkBundle\Controller;
|
|
|
|
use Psr\Container\ContainerInterface;
|
|
use Symfony\Component\HttpFoundation\BinaryFileResponse;
|
|
use Symfony\Component\HttpFoundation\JsonResponse;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
use Symfony\Component\HttpFoundation\RedirectResponse;
|
|
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
|
|
use Symfony\Component\HttpFoundation\StreamedResponse;
|
|
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
|
use Symfony\Component\HttpKernel\HttpKernelInterface;
|
|
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
|
|
use Symfony\Component\Security\Csrf\CsrfToken;
|
|
use Symfony\Component\Form\Extension\Core\Type\FormType;
|
|
use Symfony\Component\Form\Form;
|
|
use Symfony\Component\Form\FormBuilder;
|
|
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
|
|
use Doctrine\Bundle\DoctrineBundle\Registry;
|
|
|
|
/**
|
|
* Common features needed in controllers.
|
|
*
|
|
* @author Fabien Potencier <fabien@symfony.com>
|
|
*
|
|
* @internal
|
|
*
|
|
* @property ContainerInterface $container
|
|
*/
|
|
trait ControllerTrait
|
|
{
|
|
/**
|
|
* Generates a URL from the given parameters.
|
|
*
|
|
* @param string $route The name of the route
|
|
* @param mixed $parameters An array of parameters
|
|
* @param int $referenceType The type of reference (one of the constants in UrlGeneratorInterface)
|
|
*
|
|
* @return string The generated URL
|
|
*
|
|
* @see UrlGeneratorInterface
|
|
*/
|
|
protected function generateUrl($route, $parameters = array(), $referenceType = UrlGeneratorInterface::ABSOLUTE_PATH)
|
|
{
|
|
return $this->container->get('router')->generate($route, $parameters, $referenceType);
|
|
}
|
|
|
|
/**
|
|
* Forwards the request to another controller.
|
|
*
|
|
* @param string $controller The controller name (a string like BlogBundle:Post:index)
|
|
* @param array $path An array of path parameters
|
|
* @param array $query An array of query parameters
|
|
*
|
|
* @return Response A Response instance
|
|
*/
|
|
protected function forward($controller, array $path = array(), array $query = array())
|
|
{
|
|
$request = $this->container->get('request_stack')->getCurrentRequest();
|
|
$path['_forwarded'] = $request->attributes;
|
|
$path['_controller'] = $controller;
|
|
$subRequest = $request->duplicate($query, null, $path);
|
|
|
|
return $this->container->get('http_kernel')->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
|
|
}
|
|
|
|
/**
|
|
* Returns a RedirectResponse to the given URL.
|
|
*
|
|
* @param string $url The URL to redirect to
|
|
* @param int $status The status code to use for the Response
|
|
*
|
|
* @return RedirectResponse
|
|
*/
|
|
protected function redirect($url, $status = 302)
|
|
{
|
|
return new RedirectResponse($url, $status);
|
|
}
|
|
|
|
/**
|
|
* Returns a RedirectResponse to the given route with the given parameters.
|
|
*
|
|
* @param string $route The name of the route
|
|
* @param array $parameters An array of parameters
|
|
* @param int $status The status code to use for the Response
|
|
*
|
|
* @return RedirectResponse
|
|
*/
|
|
protected function redirectToRoute($route, array $parameters = array(), $status = 302)
|
|
{
|
|
return $this->redirect($this->generateUrl($route, $parameters), $status);
|
|
}
|
|
|
|
/**
|
|
* Returns a JsonResponse that uses the serializer component if enabled, or json_encode.
|
|
*
|
|
* @param mixed $data The response data
|
|
* @param int $status The status code to use for the Response
|
|
* @param array $headers Array of extra headers to add
|
|
* @param array $context Context to pass to serializer when using serializer component
|
|
*
|
|
* @return JsonResponse
|
|
*/
|
|
protected function json($data, $status = 200, $headers = array(), $context = array())
|
|
{
|
|
if ($this->container->has('serializer')) {
|
|
$json = $this->container->get('serializer')->serialize($data, 'json', array_merge(array(
|
|
'json_encode_options' => JsonResponse::DEFAULT_ENCODING_OPTIONS,
|
|
), $context));
|
|
|
|
return new JsonResponse($json, $status, $headers, true);
|
|
}
|
|
|
|
return new JsonResponse($data, $status, $headers);
|
|
}
|
|
|
|
/**
|
|
* Returns a BinaryFileResponse object with original or customized file name and disposition header.
|
|
*
|
|
* @param \SplFileInfo|string $file File object or path to file to be sent as response
|
|
* @param string|null $fileName File name to be sent to response or null (will use original file name)
|
|
* @param string $disposition Disposition of response ("attachment" is default, other type is "inline")
|
|
*
|
|
* @return BinaryFileResponse
|
|
*/
|
|
protected function file($file, $fileName = null, $disposition = ResponseHeaderBag::DISPOSITION_ATTACHMENT)
|
|
{
|
|
$response = new BinaryFileResponse($file);
|
|
$response->setContentDisposition($disposition, $fileName === null ? $response->getFile()->getFilename() : $fileName);
|
|
|
|
return $response;
|
|
}
|
|
|
|
/**
|
|
* Adds a flash message to the current session for type.
|
|
*
|
|
* @param string $type The type
|
|
* @param string $message The message
|
|
*
|
|
* @throws \LogicException
|
|
*/
|
|
protected function addFlash($type, $message)
|
|
{
|
|
if (!$this->container->has('session')) {
|
|
throw new \LogicException('You can not use the addFlash method if sessions are disabled.');
|
|
}
|
|
|
|
$this->container->get('session')->getFlashBag()->add($type, $message);
|
|
}
|
|
|
|
/**
|
|
* Checks if the attributes are granted against the current authentication token and optionally supplied subject.
|
|
*
|
|
* @param mixed $attributes The attributes
|
|
* @param mixed $subject The subject
|
|
*
|
|
* @return bool
|
|
*
|
|
* @throws \LogicException
|
|
*/
|
|
protected function isGranted($attributes, $subject = null)
|
|
{
|
|
if (!$this->container->has('security.authorization_checker')) {
|
|
throw new \LogicException('The SecurityBundle is not registered in your application.');
|
|
}
|
|
|
|
return $this->container->get('security.authorization_checker')->isGranted($attributes, $subject);
|
|
}
|
|
|
|
/**
|
|
* Throws an exception unless the attributes are granted against the current authentication token and optionally
|
|
* supplied subject.
|
|
*
|
|
* @param mixed $attributes The attributes
|
|
* @param mixed $subject The subject
|
|
* @param string $message The message passed to the exception
|
|
*
|
|
* @throws AccessDeniedException
|
|
*/
|
|
protected function denyAccessUnlessGranted($attributes, $subject = null, $message = 'Access Denied.')
|
|
{
|
|
if (!$this->isGranted($attributes, $subject)) {
|
|
$exception = $this->createAccessDeniedException($message);
|
|
$exception->setAttributes($attributes);
|
|
$exception->setSubject($subject);
|
|
|
|
throw $exception;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns a rendered view.
|
|
*
|
|
* @param string $view The view name
|
|
* @param array $parameters An array of parameters to pass to the view
|
|
*
|
|
* @return string The rendered view
|
|
*/
|
|
protected function renderView($view, array $parameters = array())
|
|
{
|
|
if ($this->container->has('templating')) {
|
|
return $this->container->get('templating')->render($view, $parameters);
|
|
}
|
|
|
|
if (!$this->container->has('twig')) {
|
|
throw new \LogicException('You can not use the "renderView" method if the Templating Component or the Twig Bundle are not available.');
|
|
}
|
|
|
|
return $this->container->get('twig')->render($view, $parameters);
|
|
}
|
|
|
|
/**
|
|
* Renders a view.
|
|
*
|
|
* @param string $view The view name
|
|
* @param array $parameters An array of parameters to pass to the view
|
|
* @param Response $response A response instance
|
|
*
|
|
* @return Response A Response instance
|
|
*/
|
|
protected function render($view, array $parameters = array(), Response $response = null)
|
|
{
|
|
if ($this->container->has('templating')) {
|
|
return $this->container->get('templating')->renderResponse($view, $parameters, $response);
|
|
}
|
|
|
|
if (!$this->container->has('twig')) {
|
|
throw new \LogicException('You can not use the "render" method if the Templating Component or the Twig Bundle are not available.');
|
|
}
|
|
|
|
if (null === $response) {
|
|
$response = new Response();
|
|
}
|
|
|
|
$response->setContent($this->container->get('twig')->render($view, $parameters));
|
|
|
|
return $response;
|
|
}
|
|
|
|
/**
|
|
* Streams a view.
|
|
*
|
|
* @param string $view The view name
|
|
* @param array $parameters An array of parameters to pass to the view
|
|
* @param StreamedResponse $response A response instance
|
|
*
|
|
* @return StreamedResponse A StreamedResponse instance
|
|
*/
|
|
protected function stream($view, array $parameters = array(), StreamedResponse $response = null)
|
|
{
|
|
if ($this->container->has('templating')) {
|
|
$templating = $this->container->get('templating');
|
|
|
|
$callback = function () use ($templating, $view, $parameters) {
|
|
$templating->stream($view, $parameters);
|
|
};
|
|
} elseif ($this->container->has('twig')) {
|
|
$twig = $this->container->get('twig');
|
|
|
|
$callback = function () use ($twig, $view, $parameters) {
|
|
$twig->display($view, $parameters);
|
|
};
|
|
} else {
|
|
throw new \LogicException('You can not use the "stream" method if the Templating Component or the Twig Bundle are not available.');
|
|
}
|
|
|
|
if (null === $response) {
|
|
return new StreamedResponse($callback);
|
|
}
|
|
|
|
$response->setCallback($callback);
|
|
|
|
return $response;
|
|
}
|
|
|
|
/**
|
|
* Returns a NotFoundHttpException.
|
|
*
|
|
* This will result in a 404 response code. Usage example:
|
|
*
|
|
* throw $this->createNotFoundException('Page not found!');
|
|
*
|
|
* @param string $message A message
|
|
* @param \Exception|null $previous The previous exception
|
|
*
|
|
* @return NotFoundHttpException
|
|
*/
|
|
protected function createNotFoundException($message = 'Not Found', \Exception $previous = null)
|
|
{
|
|
return new NotFoundHttpException($message, $previous);
|
|
}
|
|
|
|
/**
|
|
* Returns an AccessDeniedException.
|
|
*
|
|
* This will result in a 403 response code. Usage example:
|
|
*
|
|
* throw $this->createAccessDeniedException('Unable to access this page!');
|
|
*
|
|
* @param string $message A message
|
|
* @param \Exception|null $previous The previous exception
|
|
*
|
|
* @return AccessDeniedException
|
|
*/
|
|
protected function createAccessDeniedException($message = 'Access Denied.', \Exception $previous = null)
|
|
{
|
|
return new AccessDeniedException($message, $previous);
|
|
}
|
|
|
|
/**
|
|
* Creates and returns a Form instance from the type of the form.
|
|
*
|
|
* @param string $type The fully qualified class name of the form type
|
|
* @param mixed $data The initial data for the form
|
|
* @param array $options Options for the form
|
|
*
|
|
* @return Form
|
|
*/
|
|
protected function createForm($type, $data = null, array $options = array())
|
|
{
|
|
return $this->container->get('form.factory')->create($type, $data, $options);
|
|
}
|
|
|
|
/**
|
|
* Creates and returns a form builder instance.
|
|
*
|
|
* @param mixed $data The initial data for the form
|
|
* @param array $options Options for the form
|
|
*
|
|
* @return FormBuilder
|
|
*/
|
|
protected function createFormBuilder($data = null, array $options = array())
|
|
{
|
|
return $this->container->get('form.factory')->createBuilder(FormType::class, $data, $options);
|
|
}
|
|
|
|
/**
|
|
* Shortcut to return the Doctrine Registry service.
|
|
*
|
|
* @return Registry
|
|
*
|
|
* @throws \LogicException If DoctrineBundle is not available
|
|
*/
|
|
protected function getDoctrine()
|
|
{
|
|
if (!$this->container->has('doctrine')) {
|
|
throw new \LogicException('The DoctrineBundle is not registered in your application.');
|
|
}
|
|
|
|
return $this->container->get('doctrine');
|
|
}
|
|
|
|
/**
|
|
* Get a user from the Security Token Storage.
|
|
*
|
|
* @return mixed
|
|
*
|
|
* @throws \LogicException If SecurityBundle is not available
|
|
*
|
|
* @see TokenInterface::getUser()
|
|
*/
|
|
protected function getUser()
|
|
{
|
|
if (!$this->container->has('security.token_storage')) {
|
|
throw new \LogicException('The SecurityBundle is not registered in your application.');
|
|
}
|
|
|
|
if (null === $token = $this->container->get('security.token_storage')->getToken()) {
|
|
return;
|
|
}
|
|
|
|
if (!is_object($user = $token->getUser())) {
|
|
// e.g. anonymous authentication
|
|
return;
|
|
}
|
|
|
|
return $user;
|
|
}
|
|
|
|
/**
|
|
* Checks the validity of a CSRF token.
|
|
*
|
|
* @param string $id The id used when generating the token
|
|
* @param string $token The actual token sent with the request that should be validated
|
|
*
|
|
* @return bool
|
|
*/
|
|
protected function isCsrfTokenValid($id, $token)
|
|
{
|
|
if (!$this->container->has('security.csrf.token_manager')) {
|
|
throw new \LogicException('CSRF protection is not enabled in your application.');
|
|
}
|
|
|
|
return $this->container->get('security.csrf.token_manager')->isTokenValid(new CsrfToken($id, $token));
|
|
}
|
|
}
|