public function matches(Request $request)
{
if (!$this->language) {
throw new \LogicException('Unable to match the request as the expression language is not available.');
}
return $this->language->evaluate($this->expression, array('request' => $request, 'method' => $request->getMethod(), 'path' => rawurldecode($request->getPathInfo()), 'host' => $request->getHost(), 'ip' => $request->getClientIp(), 'attributes' => $request->attributes->all())) && parent::matches($request);
}
public function testPath()
{
$matcher = new RequestMatcher();
$matcher->matchPath('#^/admin#');
$request = Request::create('/admin/foo');
$this->assertTrue($matcher->matches($request));
$matcher->matchMethod('#^/blog#i');
$this->assertFalse($matcher->matches($request));
}
/**
* @param FilterControllerEvent $event
*/
public function onKernelRequest(GetResponseEvent $event)
{
$request = $event->getRequest();
$requestMatcher = new RequestMatcher('^/admin');
$currentRoute = $request->attributes->get('_route');
$user = $this->container->get('session')->get('admin/user');
if ($requestMatcher->matches($request) && !$user) {
if ($currentRoute != self::LOGIN_ROUTE) {
$event->setResponse(new RedirectResponse($this->container->get('router')->generate(self::LOGIN_ROUTE)));
}
}
}
/**
* Configure the firewall based on config mapped to route patterns. Call handlers
* to register firewall listeners if the patterns have any rules associated.
*
* @param ConfigureFirewallEvent $e
*/
public function onFirewallConfigure(ConfigureFirewallEvent $e)
{
$request = $e->getRequest();
//loop through rules, call config handlers if any rules match
foreach ($this->rules as $pattern => $handlers) {
$matcher = new RequestMatcher($pattern);
if ($matcher->matches($request)) {
foreach ($handlers as $handlerKey => $handlerConfig) {
$this->processHandlerConfig($e, $handlerKey, $handlerConfig);
}
}
}
}
public function testAttributes()
{
$matcher = new RequestMatcher();
$request = Request::create('/admin/foo');
$request->attributes->set('foo', 'foo_bar');
$matcher->matchAttribute('foo', 'foo_.*');
$this->assertTrue($matcher->matches($request));
$matcher->matchAttribute('foo', 'foo');
$this->assertTrue($matcher->matches($request));
$matcher->matchAttribute('foo', '^foo_bar$');
$this->assertTrue($matcher->matches($request));
$matcher->matchAttribute('foo', 'babar');
$this->assertFalse($matcher->matches($request));
}
/**
* {@inheritdoc}
*/
public function matches(Request $request)
{
foreach ($this->headers as $header) {
if (!$request->headers->has($header)) {
return false;
}
}
return parent::matches($request);
}
public function matches(Request $request)
{
foreach ($this->_headers as $key => $pattern) {
if (!preg_match('#' . str_replace('#', '\\#', $pattern) . '#', $request->headers->get($key))) {
return false;
}
}
return parent::matches($request);
}
public function onKernelRequest(GetResponseEvent $event)
{
// Si no es una peticion maestra ignora el evento
if (!$event->isMasterRequest()) {
return;
}
$request = $event->getRequest();
$rules = $this->Config->get('security', 'access_control');
foreach ($rules as $rule) {
$requestMatcher = new RequestMatcher($rule['pattern']);
// Si es verdadero es una area restringida
if ($requestMatcher->matches($request)) {
// Busca en la session si existe una tarjeta del usuario
// La tajeta debe ser un objecto de serializado que implemente la interfaz CardInterface
$user_card = $this->CardManager->getCard('user_card');
// Si la tarjeta existe
if ($user_card) {
$role = $user_card->getRole();
// Si no tiene el rol correcto retorna una respuesta para redireccionar
if ($role == null || strtoupper($role) != strtoupper($rule['role'])) {
// Detiene la propagacion del evento
$event->stopPropagation();
if ($request->isXmlHttpRequest()) {
$event->setResponse(new JsonResponse(array('status' => 'forbidden')), Response::HTTP_FORBIDDEN);
} else {
$event->setResponse(new redirectResponse(Util::buildUrl($rule['forbidden_route'])));
}
return;
}
} else {
$event->stopPropagation();
if ($request->isXmlHttpRequest()) {
$event->setResponse(new JsonResponse(array('status' => 'forbidden')), Response::HTTP_FORBIDDEN);
} else {
$event->setResponse(new redirectResponse(Util::buildUrl($rule['login_route'])));
}
return;
}
}
}
}
/**
* Check whether the request is allowed.
*
* @param Request $request The request to check.
*
* @return boolean Whether access is granted.
*/
protected function isRequestAllowed(Request $request)
{
return $this->requestMatcher->matches($request);
}
