Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitdadae1c

Browse files
committed
[FrameworkBundle][Workflow] Add a way to register a guard expression in the configuration
1 parent323529c commitdadae1c

File tree

5 files changed

+144
-0
lines changed

5 files changed

+144
-0
lines changed

‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php‎

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -333,6 +333,11 @@ private function addWorkflowSection(ArrayNodeDefinition $rootNode)
333333
->isRequired()
334334
->cannotBeEmpty()
335335
->end()
336+
->scalarNode('guard')
337+
->cannotBeEmpty()
338+
->info('An expression to block the transition')
339+
->example('is_fully_authenticated() and has_role(\'ROLE_JOURNALIST\') and subject.getTitle() ==\'My first article\'')
340+
->end()
336341
->arrayNode('from')
337342
->beforeNormalization()
338343
->ifString()

‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php‎

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -487,6 +487,30 @@ private function registerWorkflowConfiguration(array $workflows, ContainerBuilde
487487
}elseif (isset($workflow['support_strategy'])) {
488488
$registryDefinition->addMethodCall('add',array(newReference($workflowId),newReference($workflow['support_strategy'])));
489489
}
490+
491+
// Add Guard Listener
492+
$guard =newDefinition(Workflow\EventListener\GuardListener::class);
493+
$configuration = [];
494+
foreach ($workflow['transitions']as$transitionName =>$config) {
495+
if (!isset($config['guard'])) {
496+
continue;
497+
}
498+
$eventName =sprintf('workflow.%s.guard.%s',$name,$transitionName);
499+
$guard->addTag('kernel.event_listener',array('event' =>$eventName,'method' =>'onTransition'));
500+
$configuration[$eventName] =$config['guard'];
501+
}
502+
if ($configuration) {
503+
$guard->setArguments(array(
504+
$configuration,
505+
newReference('workflow.security.expression_language'),
506+
newReference('security.token_storage'),
507+
newReference('security.authorization_checker'),
508+
newReference('security.authentication.trust_resolver'),
509+
newReference('security.role_hierarchy'),
510+
));
511+
512+
$container->setDefinition(sprintf('%s.listener.guard',$workflowId),$guard);
513+
}
490514
}
491515
}
492516

‎src/Symfony/Bundle/FrameworkBundle/Resources/config/workflow.xml‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,5 +27,7 @@
2727
<argumenttype="service"id="workflow.registry" />
2828
<tagname="twig.extension" />
2929
</service>
30+
31+
<serviceid="workflow.security.expression_language"class="Symfony\Component\Workflow\EventListener\ExpressionLanguage"public="false" />
3032
</services>
3133
</container>
Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <fabien@symfony.com>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
namespaceSymfony\Component\Workflow\EventListener;
13+
14+
useSymfony\Component\Security\Core\Authorization\ExpressionLanguageasBaseExpressionLanguage;
15+
16+
/**
17+
* Adds some function to the default Symfony Security ExpressionLanguage.
18+
*
19+
* @author Fabien Potencier <fabien@symfony.com>
20+
*/
21+
class ExpressionLanguageextends BaseExpressionLanguage
22+
{
23+
protectedfunctionregisterFunctions()
24+
{
25+
parent::registerFunctions();
26+
27+
$this->register('is_granted',function ($attributes,$object ='null') {
28+
returnsprintf('$auth_checker->isGranted(%s, %s)',$attributes,$object);
29+
},function (array$variables,$attributes,$object =null) {
30+
return$variables['auth_checker']->isGranted($attributes,$object);
31+
});
32+
}
33+
}
Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,80 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <fabien@symfony.com>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
namespaceSymfony\Component\Workflow\EventListener;
13+
14+
useSymfony\Component\ExpressionLanguage\Expression;
15+
useSymfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
16+
useSymfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
17+
useSymfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
18+
useSymfony\Component\Security\Core\Role\RoleHierarchyInterface;
19+
useSymfony\Component\Workflow\Event\GuardEvent;
20+
21+
/**
22+
* @author Grégoire Pineau <lyrixx@lyrixx.info>
23+
*/
24+
class GuardListener
25+
{
26+
private$configuration;
27+
private$expressionLanguage;
28+
private$tokenStorage;
29+
private$authenticationChecker;
30+
private$trustResolver;
31+
private$roleHierarchy;
32+
33+
publicfunction__construct($configuration,ExpressionLanguage$expressionLanguage,TokenStorageInterface$tokenStorage,AuthorizationCheckerInterface$authenticationChecker,AuthenticationTrustResolverInterface$trustResolver,RoleHierarchyInterface$roleHierarchy =null)
34+
{
35+
$this->configuration =$configuration;
36+
$this->expressionLanguage =$expressionLanguage;
37+
$this->tokenStorage =$tokenStorage;
38+
$this->authenticationChecker =$authenticationChecker;
39+
$this->trustResolver =$trustResolver;
40+
$this->roleHierarchy =$roleHierarchy;
41+
}
42+
43+
publicfunctiononTransition(GuardEvent$event,$eventName)
44+
{
45+
if (!isset($this->configuration[$eventName])) {
46+
return;
47+
}
48+
49+
if (!$this->expressionLanguage->evaluate($this->configuration[$eventName],$this->getVariables($event))) {
50+
$event->setBlocked(true);
51+
}
52+
}
53+
54+
// code should be sync with Symfony\Component\Security\Core\Authorization\Voter\ExpressionVoter
55+
privatefunctiongetVariables(GuardEvent$event)
56+
{
57+
$token =$this->tokenStorage->getToken();
58+
59+
if (null !==$this->roleHierarchy) {
60+
$roles =$this->roleHierarchy->getReachableRoles($token->getRoles());
61+
}else {
62+
$roles =$token->getRoles();
63+
}
64+
65+
$variables =array(
66+
'token' =>$token,
67+
'user' =>$token->getUser(),
68+
'subject' =>$event->getSubject(),
69+
'roles' =>array_map(function ($role) {
70+
return$role->getRole();
71+
},$roles),
72+
// needed for the is_granted expression function
73+
'auth_checker' =>$this->authenticationChecker,
74+
// needed for the is_* expression function
75+
'trust_resolver' =>$this->trustResolver,
76+
);
77+
78+
return$variables;
79+
}
80+
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp