Exemple #1
0
 /**
  * Asserts annotations of a controller
  * @param Controller $controller: the controller instance
  * @param string $methodName: the name of the method to inspect
  * @param array $annotations: an array with expected annotations
  */
 protected function assertAnnotations($controller, $methodName, $annotations = array())
 {
     $reader = new MethodAnnotationReader($controller, $methodName);
     $possibleAnnotations = array('Ajax', 'CSRFExcemption', 'IsAdminExcemption', 'IsSubAdminExcemption', 'IsLoggedInExcemption');
     // check for valid annotations parameters
     foreach ($annotations as $annotation) {
         $isPossible = in_array($annotation, $possibleAnnotations);
         if (!$isPossible) {
             throw new \Exception('Annotation "' . $annotation . '" does not exist');
         }
         $this->assertTrue($isPossible);
     }
     // check if annotations exist in the controller
     foreach ($possibleAnnotations as $possible) {
         if (in_array($possible, $annotations)) {
             if (!$reader->hasAnnotation($possible)) {
                 throw new \Exception('Annotation "' . $possible . '" does not appear in the controllermethod ' . $methodName);
             }
         } else {
             if ($reader->hasAnnotation($possible)) {
                 throw new \Exception('Unexcpected annotation "' . $possible . '" in the controllermethod ' . $methodName);
             }
         }
     }
 }
Exemple #2
0
/**
 * Runs the security checks and exits on error
 * @param Controller $controller: an instance of the controller to be checked
 * @param string $methodName: the name of the controller method that will be called
 * @param Pimple $container: an instance of the container for the security object
 */
function handleAnnotations($controller, $methodName, $container)
{
    // get annotations from comments
    $annotationReader = new MethodAnnotationReader($controller, $methodName);
    // this will set the current navigation entry of the app, use this only
    // for normal HTML requests and not for AJAX requests
    if (!$annotationReader->hasAnnotation('Ajax')) {
        $container['API']->activateNavigationEntry();
    }
    // security checks
    $security = $container['Security'];
    if ($annotationReader->hasAnnotation('CSRFExcemption')) {
        $security->setCSRFCheck(false);
    }
    if ($annotationReader->hasAnnotation('IsAdminExcemption')) {
        $security->setIsAdminCheck(false);
    }
    if ($annotationReader->hasAnnotation('AppEnabledExcemption')) {
        $security->setAppEnabledCheck(false);
    }
    if ($annotationReader->hasAnnotation('IsLoggedInExcemption')) {
        $security->setLoggedInCheck(false);
    }
    if ($annotationReader->hasAnnotation('IsSubAdminExcemption')) {
        $security->setIsSubAdminCheck(false);
    }
    $security->runChecks();
}