vendor/symfony/security-core/Authorization/Voter/ExpressionVoter.php line 27

Open in your IDE?
  1. <?php
  2. /*
  3.  * This file is part of the Symfony package.
  4.  *
  5.  * (c) Fabien Potencier <fabien@symfony.com>
  6.  *
  7.  * For the full copyright and license information, please view the LICENSE
  8.  * file that was distributed with this source code.
  9.  */
  10. namespace Symfony\Component\Security\Core\Authorization\Voter;
  11. use Symfony\Component\ExpressionLanguage\Expression;
  12. use Symfony\Component\HttpFoundation\Request;
  13. use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
  14. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  15. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  16. use Symfony\Component\Security\Core\Authorization\ExpressionLanguage;
  17. use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
  18. /**
  19.  * ExpressionVoter votes based on the evaluation of an expression.
  20.  *
  21.  * @author Fabien Potencier <fabien@symfony.com>
  22.  */
  23. class ExpressionVoter implements CacheableVoterInterface
  24. {
  25.     private ExpressionLanguage $expressionLanguage;
  26.     private AuthenticationTrustResolverInterface $trustResolver;
  27.     private AuthorizationCheckerInterface $authChecker;
  28.     private ?RoleHierarchyInterface $roleHierarchy;
  29.     public function __construct(ExpressionLanguage $expressionLanguageAuthenticationTrustResolverInterface $trustResolverAuthorizationCheckerInterface $authCheckerRoleHierarchyInterface $roleHierarchy null)
  30.     {
  31.         $this->expressionLanguage $expressionLanguage;
  32.         $this->trustResolver $trustResolver;
  33.         $this->authChecker $authChecker;
  34.         $this->roleHierarchy $roleHierarchy;
  35.     }
  36.     public function supportsAttribute(string $attribute): bool
  37.     {
  38.         return false;
  39.     }
  40.     public function supportsType(string $subjectType): bool
  41.     {
  42.         return true;
  43.     }
  44.     /**
  45.      * {@inheritdoc}
  46.      */
  47.     public function vote(TokenInterface $tokenmixed $subject, array $attributes): int
  48.     {
  49.         $result VoterInterface::ACCESS_ABSTAIN;
  50.         $variables null;
  51.         foreach ($attributes as $attribute) {
  52.             if (!$attribute instanceof Expression) {
  53.                 continue;
  54.             }
  55.             if (null === $variables) {
  56.                 $variables $this->getVariables($token$subject);
  57.             }
  58.             $result VoterInterface::ACCESS_DENIED;
  59.             if ($this->expressionLanguage->evaluate($attribute$variables)) {
  60.                 return VoterInterface::ACCESS_GRANTED;
  61.             }
  62.         }
  63.         return $result;
  64.     }
  65.     private function getVariables(TokenInterface $tokenmixed $subject): array
  66.     {
  67.         $roleNames $token->getRoleNames();
  68.         if (null !== $this->roleHierarchy) {
  69.             $roleNames $this->roleHierarchy->getReachableRoleNames($roleNames);
  70.         }
  71.         $variables = [
  72.             'token' => $token,
  73.             'user' => $token->getUser(),
  74.             'object' => $subject,
  75.             'subject' => $subject,
  76.             'role_names' => $roleNames,
  77.             'trust_resolver' => $this->trustResolver,
  78.             'auth_checker' => $this->authChecker,
  79.         ];
  80.         // this is mainly to propose a better experience when the expression is used
  81.         // in an access control rule, as the developer does not know that it's going
  82.         // to be handled by this voter
  83.         if ($subject instanceof Request) {
  84.             $variables['request'] = $subject;
  85.         }
  86.         return $variables;
  87.     }
  88. }