public function createUser(TokenInterface $token)
 {
     $username = $token->getUser();
     $attributes = $token->getAttributes();
     if (is_null($token->getRoles())) {
         $roles = isset($attributes['roles']) ? $attributes['roles'] : null;
         unset($attributes['roles']);
     } else {
         $roles = $token->getRoles();
     }
     return new SpawnedUser($username, $attributes, $roles);
 }
Example #2
0
 public function vote(TokenInterface $token, Location $object, array $attributes)
 {
     if (in_array('ROLE_LOCATION_MODERATOR', $token->getRoles())) {
         return VoterInterface::ACCESS_GRANTED;
     }
     return VoterInterface::ACCESS_ABSTAIN;
 }
Example #3
0
 public function vote(TokenInterface $token, $group, array $attributes)
 {
     // check if class of this object is supported by this voter
     if (!$this->supportsClass(get_class($group))) {
         return VoterInterface::ACCESS_ABSTAIN;
     }
     // check if the given attribute is covered by this voter
     if (!$this->supportsAttribute($attributes[0])) {
         return VoterInterface::ACCESS_ABSTAIN;
     }
     // get current logged in user
     $user = $token->getUser();
     //allow the token to have ROLE_SUPER_ADMIN before we check the user, for testing
     if (in_array(new Role("ROLE_SUPER_ADMIN"), $token->getRoles())) {
         return VoterInterface::ACCESS_GRANTED;
     }
     // make sure there is a user object (i.e. that the user is logged in)
     if (!$user instanceof User) {
         return VoterInterface::ACCESS_DENIED;
     }
     switch ($attributes[0]) {
         case self::VIEW:
             if ($user->hasGroup($group->getName())) {
                 return VoterInterface::ACCESS_GRANTED;
             }
             break;
         case self::EDIT:
             if ($user->hasGroup($group->getName()) && $user->hasRole("ROLE_ADMIN")) {
                 return VoterInterface::ACCESS_GRANTED;
             }
             break;
     }
     return VoterInterface::ACCESS_DENIED;
 }
Example #4
0
 /**
  * Returns the roles (an array of string) of the $token.
  *
  * @todo remove this $method
  *
  * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token
  *
  * @return array
  */
 public function getRoles(TokenInterface $token)
 {
     $roles = array();
     foreach ($token->getRoles() as $role) {
         $roles[] = $role->getRole();
     }
     return $roles;
 }
Example #5
0
 protected function isAdmin(TokenInterface $token)
 {
     foreach ($token->getRoles() as $role) {
         if (PlatformRoles::ADMIN === $role->getRole()) {
             return true;
         }
     }
     return false;
 }
 private function getVariables(TokenInterface $token, $object)
 {
     if (null !== $this->roleHierarchy) {
         $roles = $this->roleHierarchy->getReachableRoles($token->getRoles());
     } else {
         $roles = $token->getRoles();
     }
     $variables = array('token' => $token, 'user' => $token->getUser(), 'object' => $object, 'roles' => array_map(function ($role) {
         return $role->getRole();
     }, $roles), 'trust_resolver' => $this->trustResolver);
     // this is mainly to propose a better experience when the expression is used
     // in an access control rule, as the developer does not know that it's going
     // to be handled by this voter
     if ($object instanceof Request) {
         $variables['request'] = $object;
     }
     return $variables;
 }
Example #7
0
 /**
  * @param Request        $request
  * @param TokenInterface $token
  *
  * @return RedirectResponse
  */
 public function onAuthenticationSuccess(Request $request, TokenInterface $token)
 {
     foreach ($token->getRoles() as $role) {
         if ('ROLE_ADMIN' == $role->getRole()) {
             return new RedirectResponse($this->router->generate('admin_start'));
         }
     }
     return new RedirectResponse($this->router->generate('homepage'));
 }
 protected function isIddqd(TokenInterface $token)
 {
     foreach ($token->getRoles() as $role) {
         if (in_array($role->getRole(), $this->iddqdAliases, true)) {
             return true;
         }
     }
     return false;
 }
Example #9
0
 protected function isIddqd(TokenInterface $token)
 {
     foreach ($token->getRoles() as $role) {
         if ('IS_IDDQD' === $role->getRole()) {
             return true;
         }
     }
     return false;
 }
 public function authenticate(TokenInterface $token)
 {
     $user = $token->getUser();
     if ($user) {
         $authenticatedToken = new WordpressUserToken($token->getRoles());
         $authenticatedToken->setUser($user);
         return $authenticatedToken;
     }
     throw new AuthenticationException('Wordpress authentication failed.');
 }
 /**
  * Retrieves roles from user and appends SwitchUserRole if original token contained one.
  *
  * @param UserInterface  $user  The user
  * @param TokenInterface $token The token
  *
  * @return array The user roles
  */
 private function getRoles(UserInterface $user, TokenInterface $token)
 {
     $roles = $user->getRoles();
     foreach ($token->getRoles() as $role) {
         if ($role instanceof SwitchUserRole) {
             $roles[] = $role;
             break;
         }
     }
     return $roles;
 }
Example #12
0
 /**
  * Utility function to find role in token
  *
  * @param TokenInterface $token
  * @param $role
  * @return bool
  */
 public static function hasRole(TokenInterface $token, $role)
 {
     if (is_string($role)) {
         $role = new Role($role);
     }
     foreach ($token->getRoles() as $tokenRole) {
         if ($role->getRole() == $tokenRole->getRole()) {
             return true;
         }
     }
 }
 /**
  *
  * @param TokenInterface $token - Array of ACL objects to check
  * @param string $inputRole     - Requested Role
  * 
  * @return array
  */
 public function getObjectIdsForRole(TokenInterface $token, $inputRole)
 {
     $object_ids = array();
     $reachable = $this->getRoleHierarchy()->getReachableRoles($token->getRoles());
     foreach ($token->getUser()->getAcls() as $acl) {
         // found an object id for this role
         if ($acl->getType()->equal($inputRole) || $this->findInMap($acl, $reachable)) {
             $object_ids[] = $acl->getObjectId();
         }
     }
     return $object_ids;
 }
Example #14
0
 /**
  * Perform a single access check operation on a given attribute, subject and token.
  *
  * @param string         $attribute
  * @param mixed          $subject
  * @param TokenInterface $token
  *
  * @return bool
  */
 protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
 {
     /* @var $subject SecuredAccessInterface */
     if ($subject->isUsernameAllowed($token->getUsername(), $attribute)) {
         return true;
     }
     foreach ($token->getRoles() as $role) {
         if ($subject->isRoleAllowed($role->getRole(), $attribute)) {
             return true;
         }
     }
     return false;
 }
 function it_should_log_event(FilterControllerEvent $event, ApiControllerInterface $ctrl, LoggerInterface $logger, SecurityContext $security, Request $request, TokenInterface $token)
 {
     $logger->info('API call', Argument::type('array'))->shouldBeCalled();
     $token->getRoles()->willReturn([]);
     $token->getUsername()->willReturn('anon.');
     $security->getToken()->willReturn($token);
     $this->setContext($security);
     $this->setLogger($logger);
     $request->getRequestUri()->willReturn('/api/user/1');
     $request->getMethod()->willReturn('GET');
     $event->getController()->willReturn([$ctrl, 'someAction']);
     $event->getRequest()->willReturn($request);
     $this->onKernelController($event);
 }
Example #16
0
 private function checkCreation(TokenInterface $token)
 {
     $tool = $this->om->getRepository('ClarolineCoreBundle:Tool\\AdminTool')->findOneBy(['name' => 'user_management']);
     $roles = $tool->getRoles();
     $tokenRoles = $token->getRoles();
     foreach ($tokenRoles as $tokenRole) {
         foreach ($roles as $role) {
             if ($role->getRole() === $tokenRole->getRole()) {
                 return VoterInterface::ACCESS_GRANTED;
             }
         }
     }
     return VoterInterface::ACCESS_DENIED;
 }
 /**
  * @param Request $request
  * @param TokenInterface $token
  * @return RedirectResponse
  */
 public function onAuthenticationSuccess(Request $request, TokenInterface $token)
 {
     // Get list of roles for current user
     $roles = $token->getRoles();
     // Tranform this list in array
     $rolesTab = array_map(function ($role) {
         return $role->getRole();
     }, $roles);
     // If is a admin or super admin we redirect to the backoffice area
     if (in_array('ROLE_ADMIN', $rolesTab, true) || in_array('ROLE_USER', $rolesTab, true)) {
         $redirection = new RedirectResponse($this->router->generate('mon_annuaire_homepage'));
     }
     return $redirection;
 }
 /**
  * {@inheritDoc}
  */
 public function buildRunAs(TokenInterface $token, $secureObject, array $attributes)
 {
     $roles = array();
     foreach ($attributes as $attribute) {
         if ($this->supportsAttribute($attribute)) {
             $roles[] = new Role($attribute);
         }
     }
     if (0 === count($roles)) {
         return null;
     }
     $roles = array_merge($roles, $token->getRoles());
     return new RunAsUserToken($this->key, $token->getUser(), $token->getCredentials(), $roles, $token);
 }
Example #19
0
 public function findVisibleFacets(TokenInterface $token)
 {
     $roleNames = array();
     foreach ($token->getRoles() as $role) {
         $roleNames[] = $role->getRole();
     }
     //the mighty admin can do anything in our world
     if (in_array('ROLE_ADMIN', $roleNames)) {
         return $this->findAll();
     }
     $dql = "\n            SELECT facet FROM Claroline\\CoreBundle\\Entity\\Facet\\Facet facet\n            JOIN facet.roles role\n            WHERE role.name IN (:rolenames)\n        ";
     $query = $this->_em->createQuery($dql);
     $query->setParameter('rolenames', $roleNames);
     return $query->getResult();
 }
 public function onAuthenticationSuccess(Request $request, TokenInterface $token)
 {
     // Get list of roles for current user
     $roles = $token->getRoles();
     // Tranform this list in array
     $rolesTab = array_map(function ($role) {
         return $role->getRole();
     }, $roles);
     // If is a admin or super admin we redirect to the backoffice area
     if (in_array('ROLE_ADMIN', $rolesTab, true) || in_array('ROLE_SUPER_ADMIN', $rolesTab, true)) {
         $redirection = new RedirectResponse($this->router->generate('sonata_admin_dashboard'));
     } else {
         $redirection = new RedirectResponse($this->router->generate('sonata_user_profile_show'));
     }
     return $redirection;
 }
 /**
  * @param Request $request
  * @param TokenInterface $token
  * @return RedirectResponse
  */
 public function onAuthenticationSuccess(Request $request, TokenInterface $token)
 {
     // Get list of roles for current user
     $roles = $token->getRoles();
     // Tranform this list in array
     $rolesTab = array_map(function ($role) {
         return $role->getRole();
     }, $roles);
     // If is a qualité, blanchisserie, RH, admin or super admin we redirect to the admin/dashboard area
     if (in_array('ROLE_ADMIN', $rolesTab, true) || in_array('ROLE_SUPER_ADMIN', $rolesTab, true) || in_array('ROLE_RH', $rolesTab, true) || in_array('ROLE_BLANCHISSERIE', $rolesTab, true) || in_array('ROLE_SERVICE_TECHNIC', $rolesTab, true) || in_array('ROLE_QGDR', $rolesTab, true)) {
         $redirection = new RedirectResponse($this->router->generate('sonata_admin_dashboard'));
     } else {
         $redirection = new RedirectResponse($this->router->generate('iuch_homepage'));
     }
     return $redirection;
 }
 /**
  * @param Request $request
  * @param TokenInterface $token
  * @return RedirectResponse
  */
 public function onAuthenticationSuccess(Request $request, TokenInterface $token)
 {
     // On récupère la liste des rôles d'un utilisateur
     $roles = $token->getRoles();
     // On transforme le tableau d'instance en tableau simple
     $rolesTab = array_map(function ($role) {
         return $role->getRole();
     }, $roles);
     // S'il s'agit d'un admin ou d'un super admin on le redirige vers le backoffice
     if (in_array('ROLE_ADMIN', $rolesTab, true) || in_array('ROLE_SUPER_ADMIN', $rolesTab, true)) {
         $redirection = new RedirectResponse($this->router->generate('ecommerce_ajoutcategorie'));
     } elseif (in_array('ROLE_USER', $rolesTab, true)) {
         $redirection = new RedirectResponse($this->router->generate('homepage'));
     }
     return $redirection;
 }
 public function vote(TokenInterface $token, $object, array $attributes)
 {
     if ($object instanceof AdminTool) {
         $roles = $object->getRoles();
         $tokenRoles = $token->getRoles();
         foreach ($tokenRoles as $tokenRole) {
             foreach ($roles as $role) {
                 if ($role->getRole() === $tokenRole->getRole()) {
                     return VoterInterface::ACCESS_GRANTED;
                 }
             }
         }
         return VoterInterface::ACCESS_DENIED;
     }
     return VoterInterface::ACCESS_ABSTAIN;
 }
Example #24
0
 /**
  * @param Request $request
  * @param TokenInterface $token
  * @return RedirectResponse
  */
 public function onAuthenticationSuccess(Request $request, TokenInterface $token)
 {
     // On récupère la liste des rôles d'un utilisateur
     $roles = $token->getRoles();
     // On transforme le tableau d'instance en tableau simple
     $rolesTab = array_map(function ($role) {
         return $role->getRole();
     }, $roles);
     if (in_array('ROLE_TEACHER', $rolesTab, true) || in_array('ROLE_ADMIN', $rolesTab, true)) {
         $redirection = new RedirectResponse($this->router->generate('dashboard.default.index'));
     } elseif (in_array('ROLE_STUDENT', $rolesTab, true)) {
         $redirection = new RedirectResponse($this->router->generate('student.fiches.home'));
     } else {
         $redirection = new RedirectResponse($this->router->generate('ElyceeBundle.default.index'));
     }
     return $redirection;
 }
 /**
  * @param Request $request
  * @param TokenInterface $token
  * @return RedirectResponse
  */
 public function onAuthenticationSuccess(Request $request, TokenInterface $token)
 {
     // On récupère la liste des rôles d'un utilisateur
     $roles = $token->getRoles();
     // On transforme le tableau d'instance en tableau simple
     $rolesTab = array_map(function ($role) {
         return $role->getRole();
     }, $roles);
     // S'il s'agit d'un admin ou d'un super admin on le redirige vers le backoffice
     if (in_array('ROLE_PARTICULIER', $rolesTab, true)) {
         if ($this->session->getDesiredDevis() != null) {
             return new RedirectResponse($this->router->generate('devis_show', array('id' => $this->session->getDesiredDevis())));
         } else {
             return $this->httpUtils->createRedirectResponse($request, $this->determineTargetUrl($request));
         }
     }
 }
 /**
  * @param Request $request
  * @param TokenInterface $token
  * @return RedirectResponse
  */
 public function onAuthenticationSuccess(Request $request, TokenInterface $token)
 {
     // On récupère la liste des rôles d'un utilisateur
     $roles = $token->getRoles();
     // On transforme le tableau d'instance en tableau simple
     $rolesTab = array_map(function ($role) {
         return $role->getRole();
     }, $roles);
     // S'il s'agit d'un admin ou d'un super admin on le redirige vers le backoffice
     if (in_array('FORMATEUR', $rolesTab, true)) {
         $redirection = new RedirectResponse($this->router->generate('user'));
     } elseif (in_array('STAGIAIRE', $rolesTab, true)) {
         $redirection = new RedirectResponse($this->router->generate('currenttest'));
     } else {
         $redirection = new RedirectResponse($this->router->generate('login'));
     }
     return $redirection;
 }
 /**
  * @param Request $request
  * @param TokenInterface $token
  * @return RedirectResponse
  */
 public function onAuthenticationSuccess(Request $request, TokenInterface $token)
 {
     // On récupère la liste des rôles d'un utilisateur
     $roles = $token->getRoles();
     // On transforme le tableau d'instance en tableau simple
     $rolesTab = array_map(function ($role) {
         return $role->getRole();
     }, $roles);
     // S'il s'agit d'un admin on le redirige vers l'accueil admin
     if (in_array('ROLE_SUPER_ADMIN', $rolesTab, true)) {
         $redirection = new RedirectResponse($this->router->generate('btsappli_utilisateurs_accueilAdmin'));
     } elseif (in_array('ROLE_ETU', $rolesTab, true)) {
         $redirection = new RedirectResponse($this->router->generate('btsappli_utilisateurs_accueilEtu'));
     } else {
         $redirection = new RedirectResponse($this->router->generate('btsappli_utilisateurs_etudiantNonValide'));
     }
     return $redirection;
 }
 public function onAuthenticationSuccess(Request $request, TokenInterface $token)
 {
     $session = $request->getSession();
     $session->getFlashBag()->add('notice', 'Vous êtes connecté');
     //
     $roles = $token->getRoles();
     //
     $rolesTab = array_map(function ($role) {
         return $role->getRole();
     }, $roles);
     //
     if (in_array('ROLE_ADMIN', $rolesTab, true) || in_array('ROLE_AUTEUR', $rolesTab, true)) {
         $redirection = new RedirectResponse($this->router->generate('admin_accueil'));
     } else {
         $redirection = new RedirectResponse($this->router->generate('blog_accueil'));
     }
     return $redirection;
 }
 /**
  * @param Request $request
  * @param TokenInterface $token
  * @return RedirectResponse
  */
 public function onAuthenticationSuccess(Request $request, TokenInterface $token)
 {
     // On récupère la liste des rôles d'un utilisateur
     $roles = $token->getRoles();
     // On transforme le tableau d'instance en tableau simple
     $user = $token->getUser();
     $rolesTab = array_map(function ($role) {
         return $role->getRole();
     }, $roles);
     if (in_array('ROLE_TEACHER', $rolesTab, true) || in_array('ROLE_ADMIN', $rolesTab, true)) {
         $redirection = new RedirectResponse($this->router->generate('teacher.home', array('id' => $user->getId())));
     } elseif (in_array('ROLE_STUDENT', $rolesTab, true)) {
         $redirection = new RedirectResponse($this->router->generate('student.home', array('id' => $user->getId())));
     } else {
         $redirection = new RedirectResponse($this->router->generate('public.home.index'));
     }
     return $redirection;
 }
 /**
  * @param Request $request
  * @param TokenInterface $token
  * @return RedirectResponse
  */
 public function onAuthenticationSuccess(Request $request, TokenInterface $token)
 {
     // Get list of roles for current user
     $roles = $token->getRoles();
     // Tranform this list in array
     $rolesTab = array_map(function ($role) {
         return $role->getRole();
     }, $roles);
     // If is a super admin we redirect to the backoffice area
     if (in_array('ROLE_SUPER_ADMIN', $rolesTab, true)) {
         $redirection = new RedirectResponse($this->router->generate('userBundle_backoffice'));
     } elseif (in_array('ROLE_ADMIN', $rolesTab, true)) {
         $redirection = new RedirectResponse($this->router->generate('digital_pilot_choiceApp'));
     } else {
         $redirection = new RedirectResponse($this->router->generate('digital_pilot_choiceApp'));
     }
     return $redirection;
 }