/** * Asserts annotations of a controller * @param Controller $controller: the controller instance * @param string $methodName: the name of the method to inspect * @param array $annotations: an array with expected annotations */ protected function assertAnnotations($controller, $methodName, $annotations = array()) { $reader = new MethodAnnotationReader($controller, $methodName); $possibleAnnotations = array('Ajax', 'CSRFExcemption', 'IsAdminExcemption', 'IsSubAdminExcemption', 'IsLoggedInExcemption'); // check for valid annotations parameters foreach ($annotations as $annotation) { $isPossible = in_array($annotation, $possibleAnnotations); if (!$isPossible) { throw new \Exception('Annotation "' . $annotation . '" does not exist'); } $this->assertTrue($isPossible); } // check if annotations exist in the controller foreach ($possibleAnnotations as $possible) { if (in_array($possible, $annotations)) { if (!$reader->hasAnnotation($possible)) { throw new \Exception('Annotation "' . $possible . '" does not appear in the controllermethod ' . $methodName); } } else { if ($reader->hasAnnotation($possible)) { throw new \Exception('Unexcpected annotation "' . $possible . '" in the controllermethod ' . $methodName); } } } }
/** * Runs the security checks and exits on error * @param Controller $controller: an instance of the controller to be checked * @param string $methodName: the name of the controller method that will be called * @param Pimple $container: an instance of the container for the security object */ function handleAnnotations($controller, $methodName, $container) { // get annotations from comments $annotationReader = new MethodAnnotationReader($controller, $methodName); // this will set the current navigation entry of the app, use this only // for normal HTML requests and not for AJAX requests if (!$annotationReader->hasAnnotation('Ajax')) { $container['API']->activateNavigationEntry(); } // security checks $security = $container['Security']; if ($annotationReader->hasAnnotation('CSRFExcemption')) { $security->setCSRFCheck(false); } if ($annotationReader->hasAnnotation('IsAdminExcemption')) { $security->setIsAdminCheck(false); } if ($annotationReader->hasAnnotation('AppEnabledExcemption')) { $security->setAppEnabledCheck(false); } if ($annotationReader->hasAnnotation('IsLoggedInExcemption')) { $security->setLoggedInCheck(false); } if ($annotationReader->hasAnnotation('IsSubAdminExcemption')) { $security->setIsSubAdminCheck(false); } $security->runChecks(); }