/**
* {@inheritdoc}
*
* @throws ForbiddenRequestException
*/
public function checkRequirements($element)
{
parent::checkRequirements($element);
if ($element instanceof ClassType) {
return;
}
//not checking class access, only method access
$user = $this->getUser();
// Allowing for both method level and class level annotations
$class = $element instanceof Method ? $element->getDeclaringClass() : $element;
$secured = $element->getAnnotation('Secured') || $class->getAnnotation('Secured');
if ($secured) {
if (!$user->isLoggedIn()) {
throw new ForbiddenRequestException("User has to be logged in to access secured presenter.");
} else {
//check existence of resource
if (!($element->hasAnnotation('Resource') || $class->hasAnnotation('Resource'))) {
throw new InvalidStateException('Secured method is missing a resource.');
}
$resource = $element->hasAnnotation('Resource') ? $element->getAnnotation('Resource') : $class->getAnnotation('Resource');
$privileges = array_merge((array) $class->getAnnotation('Privilege'), (array) $element->getAnnotation('Privilege'));
foreach ($privileges as $privilege) {
if ($user->isAllowed($resource, $privilege)) {
return;
}
}
throw new ForbiddenRequestException("User is not allowed to access resource '{$resource}'");
}
}
}
/**
* Check presenter requirements
* @param $element
* @throws ForbiddenRequestException
*/
public function checkRequirements($element)
{
parent::checkRequirements($element);
$accessToken = $this->input->getAuthorization();
if (!$accessToken) {
throw new ForbiddenRequestException('Access token not provided');
}
$this->checkAccessToken($accessToken);
}
public function checkRequirements($element)
{
if ($this->securityToken !== null && $element instanceof Application\UI\PresenterComponentReflection) {
if ($this->getParameter('token') != $this->securityToken->getSecurityToken()) {
throw new Application\ForbiddenRequestException('Security token does not match!');
}
}
parent::checkRequirements($element);
}
/**
* @param \Nette\Reflection\Method $element
* @throws \Nette\Application\ForbiddenRequestException
*/
public function checkRequirements($element)
{
parent::checkRequirements($element);
if ($element instanceof \Nette\Reflection\Method) {
$method = $element->getName();
if (Strings::match($method, '/^createComponent|handle/') !== NULL && $element->hasAnnotation('action')) {
$action = (array) $element->getAnnotation('action');
if (!in_array($this->getAction(), $action, TRUE)) {
throw new \Nette\Application\ForbiddenRequestException();
}
}
}
}
/**
* Check permissions for action
* @param $element
*/
public function checkRequirements($element)
{
parent::checkRequirements($element);
$permission = (array) $element->getAnnotation('permission');
if ($permission) {
if (count($permission) === 1) {
$resource = $permission[0];
$privilege = Permission::ALL;
} else {
list($resource, $privilege) = array_values($permission);
}
if (!$this->getUser()->isAllowed($resource, $privilege)) {
$this->redirectToHomepage($this->translate("admin.permission.error"), 'error');
}
}
}
/**
* Checks authorization.
*
* @param string $element
* @return void
* @throws Application\ForbiddenRequestException
*/
public function checkRequirements($element)
{
try {
parent::checkRequirements($element);
if (!$this->requirementsChecker->isAllowed($element)) {
throw new Application\ForbiddenRequestException();
}
} catch (Application\ForbiddenRequestException $e) {
$this->flashMessage('Pro vstup do požadované sekce musíte být přihlášen/a s příslušným oprávněním.');
if (!$this->user->isLoggedIn()) {
$this->redirect('Sign:in', ['backSignInUrl' => $this->getHttpRequest()->url->path]);
} elseif (!$this->isLinkCurrent('Homepage:')) {
$this->redirect('Homepage:');
} else {
$this->redirect('Sign:in');
}
}
}
/**
* Check permissions by annotations
* {@inheritdoc}
*/
public function checkRequirements($element)
{
parent::checkRequirements($element);
if ($element instanceof \Nette\Reflection\ClassType) {
return;
}
//not checking class access, only method access
$user = $this->user;
// Allowing for both method level and class level annotations
$class = $element instanceof \Nette\Reflection\Method ? $element->getDeclaringClass() : $element;
$secured = $element->getAnnotation('Secured') || $class->getAnnotation('Secured');
if ($secured) {
if (!$user->isLoggedIn()) {
if ($user->getLogoutReason() === IUserStorage::INACTIVITY) {
$this->flashMessage("Byl jsi odhlášen, protože jsi nebyl po dlouhou dobu aktivní.");
} else {
$this->flashMessage("Pro vstup do této části webu se musíš přihlásit.");
}
$this->redirect(":Front:Default:Sign:in", array("backlink" => $this->storeRequest()));
} else {
//check existence of resource
if (!($element->hasAnnotation('Resource') || $class->hasAnnotation('Resource'))) {
throw new \Nette\InvalidStateException('Secured method is missing a resource.');
}
$resource = $element->hasAnnotation('Resource') ? $element->getAnnotation('Resource') : $class->getAnnotation('Resource');
$privileges = array_merge((array) $class->getAnnotation('Privilege'), (array) $element->getAnnotation('Privilege'));
$allowed = FALSE;
foreach ($privileges as $privilege) {
if ($user->isAllowed($resource, $privilege)) {
$allowed = TRUE;
}
}
if (!$allowed) {
throw new \Nette\Application\ForbiddenRequestException("Pro vstup do této části webu nemáte dostatečná oprávnění", 403);
}
}
}
}
/**
* Check security and other presenter requirements
* @param $element
*/
public function checkRequirements($element)
{
try {
parent::checkRequirements($element);
} catch (Application\ForbiddenRequestException $e) {
$this->sendErrorResource($e);
}
// Try to authenticate client
try {
$this->authentication->authenticate($this->getInput());
} catch (SecurityException $e) {
$this->sendErrorResource($e);
}
}
