public function handle(Request $request, AccessDeniedException $accessDeniedException)
{
if ($request->isXmlHttpRequest()) {
return new JsonResponse(array('success' => false, 'message' => $accessDeniedException->getMessage()));
}
return $accessDeniedException;
}
function handle(Request $request, AccessDeniedException $accessDeniedException)
{
// todo: CUSTOM LOG THIS EVENT!
/** @var UsernamePasswordToken $token */
$token = $this->token_storage->getToken();
$anyAdminRoles = false;
foreach ($token->getRoles() as $role) {
/** @var Role $role */
if (stripos($role->getRole(), '_ADMIN') !== false) {
$anyAdminRoles = true;
break;
}
}
if ($accessDeniedException->getCode() == 403 && stripos($request->getPathInfo(), '/admin') !== false) {
if (!$anyAdminRoles) {
$content = $this->twig->render('admin/exception/error403.html.twig', array('accessDeniedMessage' => 'You are not authorized to access the Fraternity of Light Admin'));
} else {
$content = $this->twig->render('admin/adminindex.html.twig', array('accessDeniedMessage' => 'You do not have permission to view the requested resource'));
}
$response = new Response();
$response->setContent($content);
$response->setStatusCode($accessDeniedException->getCode());
return $response;
}
}
/**
* Handles an access denied failure redirecting to home page
*
* @param Request $request
* @param AccessDeniedException $accessDeniedException
*
* @return Response may return null
*/
public function handle(Request $request, AccessDeniedException $accessDeniedException)
{
$this->logger->error('User tried to access: ' . $request->getUri());
if ($request->isXmlHttpRequest()) {
return new JsonResponse(['message' => $accessDeniedException->getMessage(), 'trace' => $accessDeniedException->getTraceAsString(), 'exception' => get_class($accessDeniedException)], Response::HTTP_SERVICE_UNAVAILABLE);
} else {
$url = $request->getBasePath() !== "" ? $request->getBasePath() : "/";
$response = new RedirectResponse($url);
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->prepare($request);
return $response->send();
}
}
/**
* Handles access authorization.
*
* @param GetResponseEvent $event A GetResponseEvent instance
*
* @throws AccessDeniedException
* @throws AuthenticationCredentialsNotFoundException
*/
public function handle(GetResponseEvent $event)
{
if (null === ($token = $this->tokenStorage->getToken())) {
throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');
}
$request = $event->getRequest();
list($attributes) = $this->map->getPatterns($request);
if (null === $attributes) {
return;
}
if (!$token->isAuthenticated()) {
$token = $this->authManager->authenticate($token);
$this->tokenStorage->setToken($token);
}
if (!$this->accessDecisionManager->decide($token, $attributes, $request)) {
$exception = new AccessDeniedException();
$exception->setAttributes($attributes);
$exception->setSubject($request);
throw $exception;
}
}
private function handleAccessDeniedException(GetResponseForExceptionEvent $event, AccessDeniedException $exception)
{
$event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
$token = $this->context->getToken();
if (!$this->authenticationTrustResolver->isFullFledged($token)) {
if (null !== $this->logger) {
$this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine()));
}
try {
$insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception);
$insufficientAuthenticationException->setToken($token);
$event->setResponse($this->startAuthentication($event->getRequest(), $insufficientAuthenticationException));
} catch (\Exception $e) {
$event->setException($e);
}
return;
}
if (null !== $this->logger) {
$this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine()));
}
try {
if (null !== $this->accessDeniedHandler) {
$response = $this->accessDeniedHandler->handle($event->getRequest(), $exception);
if ($response instanceof Response) {
$event->setResponse($response);
}
} elseif (null !== $this->errorPage) {
$subRequest = $this->httpUtils->createRequest($event->getRequest(), $this->errorPage);
$subRequest->attributes->set(Security::ACCESS_DENIED_ERROR, $exception);
$event->setResponse($event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true));
}
} catch (\Exception $e) {
if (null !== $this->logger) {
$this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage()));
}
$event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e));
}
}
public function __construct(SiteAccess $siteAccess, $username, Exception $previous = null)
{
parent::__construct("User '{$username}' doesn't have user/login permission to SiteAccess '{$siteAccess->name}'", $previous);
}
public function handle(Request $request, AccessDeniedException $accessDeniedException)
{
$templateVars = array();
$templateVars['message'] = $accessDeniedException->getMessage();
if ($this->getSecurityContext()->isGranted('ROLE_PREVIOUS_ADMIN')) {
$templateVars['securityExitURL'] = $this->generateUrl('user_home', array('_switch_user' => '_exit'));
}
$template = $this->container->get('templating');
$response = new Response($template->render('BWCMSBundle:Common:access-denied.html.twig', $templateVars));
$response->send();
exit;
}
public function handle(Request $request, AccessDeniedException $accessDeniedException)
{
$response = $this->rf->getErrorResponse();
$response->setErrors(array('message' => $accessDeniedException->getMessage()));
return $response;
}
/**
* Attempts to switch to another user.
*
* @param Request $request A Request instance
*
* @return TokenInterface|null The new TokenInterface if successfully switched, null otherwise
*
* @throws \LogicException
* @throws AccessDeniedException
*/
private function attemptSwitchUser(Request $request)
{
$token = $this->tokenStorage->getToken();
$originalToken = $this->getOriginalToken($token);
if (false !== $originalToken) {
if ($token->getUsername() === $request->get($this->usernameParameter)) {
return $token;
}
throw new \LogicException(sprintf('You are already switched to "%s" user.', $token->getUsername()));
}
if (false === $this->accessDecisionManager->decide($token, array($this->role))) {
$exception = new AccessDeniedException();
$exception->setAttributes($this->role);
throw $exception;
}
$username = $request->get($this->usernameParameter);
if (null !== $this->logger) {
$this->logger->info('Attempting to switch to user.', array('username' => $username));
}
$user = $this->provider->loadUserByUsername($username);
$this->userChecker->checkPostAuth($user);
$roles = $user->getRoles();
$roles[] = new SwitchUserRole('ROLE_PREVIOUS_ADMIN', $this->tokenStorage->getToken());
$token = new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey, $roles);
if (null !== $this->dispatcher) {
$switchEvent = new SwitchUserEvent($request, $token->getUser());
$this->dispatcher->dispatch(SecurityEvents::SWITCH_USER, $switchEvent);
}
return $token;
}
/**
*
*/
public function __construct()
{
parent::__construct("Missing user privilege");
}
