public function createUser(TokenInterface $token)
{
$username = $token->getUser();
$attributes = $token->getAttributes();
if (is_null($token->getRoles())) {
$roles = isset($attributes['roles']) ? $attributes['roles'] : null;
unset($attributes['roles']);
} else {
$roles = $token->getRoles();
}
return new SpawnedUser($username, $attributes, $roles);
}
public function vote(TokenInterface $token, Location $object, array $attributes)
{
if (in_array('ROLE_LOCATION_MODERATOR', $token->getRoles())) {
return VoterInterface::ACCESS_GRANTED;
}
return VoterInterface::ACCESS_ABSTAIN;
}
public function vote(TokenInterface $token, $group, array $attributes)
{
// check if class of this object is supported by this voter
if (!$this->supportsClass(get_class($group))) {
return VoterInterface::ACCESS_ABSTAIN;
}
// check if the given attribute is covered by this voter
if (!$this->supportsAttribute($attributes[0])) {
return VoterInterface::ACCESS_ABSTAIN;
}
// get current logged in user
$user = $token->getUser();
//allow the token to have ROLE_SUPER_ADMIN before we check the user, for testing
if (in_array(new Role("ROLE_SUPER_ADMIN"), $token->getRoles())) {
return VoterInterface::ACCESS_GRANTED;
}
// make sure there is a user object (i.e. that the user is logged in)
if (!$user instanceof User) {
return VoterInterface::ACCESS_DENIED;
}
switch ($attributes[0]) {
case self::VIEW:
if ($user->hasGroup($group->getName())) {
return VoterInterface::ACCESS_GRANTED;
}
break;
case self::EDIT:
if ($user->hasGroup($group->getName()) && $user->hasRole("ROLE_ADMIN")) {
return VoterInterface::ACCESS_GRANTED;
}
break;
}
return VoterInterface::ACCESS_DENIED;
}
/**
* Returns the roles (an array of string) of the $token.
*
* @todo remove this $method
*
* @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token
*
* @return array
*/
public function getRoles(TokenInterface $token)
{
$roles = array();
foreach ($token->getRoles() as $role) {
$roles[] = $role->getRole();
}
return $roles;
}
protected function isAdmin(TokenInterface $token)
{
foreach ($token->getRoles() as $role) {
if (PlatformRoles::ADMIN === $role->getRole()) {
return true;
}
}
return false;
}
private function getVariables(TokenInterface $token, $object)
{
if (null !== $this->roleHierarchy) {
$roles = $this->roleHierarchy->getReachableRoles($token->getRoles());
} else {
$roles = $token->getRoles();
}
$variables = array('token' => $token, 'user' => $token->getUser(), 'object' => $object, 'roles' => array_map(function ($role) {
return $role->getRole();
}, $roles), 'trust_resolver' => $this->trustResolver);
// this is mainly to propose a better experience when the expression is used
// in an access control rule, as the developer does not know that it's going
// to be handled by this voter
if ($object instanceof Request) {
$variables['request'] = $object;
}
return $variables;
}
/**
* @param Request $request
* @param TokenInterface $token
*
* @return RedirectResponse
*/
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
foreach ($token->getRoles() as $role) {
if ('ROLE_ADMIN' == $role->getRole()) {
return new RedirectResponse($this->router->generate('admin_start'));
}
}
return new RedirectResponse($this->router->generate('homepage'));
}
protected function isIddqd(TokenInterface $token)
{
foreach ($token->getRoles() as $role) {
if (in_array($role->getRole(), $this->iddqdAliases, true)) {
return true;
}
}
return false;
}
protected function isIddqd(TokenInterface $token)
{
foreach ($token->getRoles() as $role) {
if ('IS_IDDQD' === $role->getRole()) {
return true;
}
}
return false;
}
public function authenticate(TokenInterface $token)
{
$user = $token->getUser();
if ($user) {
$authenticatedToken = new WordpressUserToken($token->getRoles());
$authenticatedToken->setUser($user);
return $authenticatedToken;
}
throw new AuthenticationException('Wordpress authentication failed.');
}
/**
* Retrieves roles from user and appends SwitchUserRole if original token contained one.
*
* @param UserInterface $user The user
* @param TokenInterface $token The token
*
* @return array The user roles
*/
private function getRoles(UserInterface $user, TokenInterface $token)
{
$roles = $user->getRoles();
foreach ($token->getRoles() as $role) {
if ($role instanceof SwitchUserRole) {
$roles[] = $role;
break;
}
}
return $roles;
}
/**
* Utility function to find role in token
*
* @param TokenInterface $token
* @param $role
* @return bool
*/
public static function hasRole(TokenInterface $token, $role)
{
if (is_string($role)) {
$role = new Role($role);
}
foreach ($token->getRoles() as $tokenRole) {
if ($role->getRole() == $tokenRole->getRole()) {
return true;
}
}
}
/**
*
* @param TokenInterface $token - Array of ACL objects to check
* @param string $inputRole - Requested Role
*
* @return array
*/
public function getObjectIdsForRole(TokenInterface $token, $inputRole)
{
$object_ids = array();
$reachable = $this->getRoleHierarchy()->getReachableRoles($token->getRoles());
foreach ($token->getUser()->getAcls() as $acl) {
// found an object id for this role
if ($acl->getType()->equal($inputRole) || $this->findInMap($acl, $reachable)) {
$object_ids[] = $acl->getObjectId();
}
}
return $object_ids;
}
/**
* Perform a single access check operation on a given attribute, subject and token.
*
* @param string $attribute
* @param mixed $subject
* @param TokenInterface $token
*
* @return bool
*/
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
/* @var $subject SecuredAccessInterface */
if ($subject->isUsernameAllowed($token->getUsername(), $attribute)) {
return true;
}
foreach ($token->getRoles() as $role) {
if ($subject->isRoleAllowed($role->getRole(), $attribute)) {
return true;
}
}
return false;
}
function it_should_log_event(FilterControllerEvent $event, ApiControllerInterface $ctrl, LoggerInterface $logger, SecurityContext $security, Request $request, TokenInterface $token)
{
$logger->info('API call', Argument::type('array'))->shouldBeCalled();
$token->getRoles()->willReturn([]);
$token->getUsername()->willReturn('anon.');
$security->getToken()->willReturn($token);
$this->setContext($security);
$this->setLogger($logger);
$request->getRequestUri()->willReturn('/api/user/1');
$request->getMethod()->willReturn('GET');
$event->getController()->willReturn([$ctrl, 'someAction']);
$event->getRequest()->willReturn($request);
$this->onKernelController($event);
}
private function checkCreation(TokenInterface $token)
{
$tool = $this->om->getRepository('ClarolineCoreBundle:Tool\\AdminTool')->findOneBy(['name' => 'user_management']);
$roles = $tool->getRoles();
$tokenRoles = $token->getRoles();
foreach ($tokenRoles as $tokenRole) {
foreach ($roles as $role) {
if ($role->getRole() === $tokenRole->getRole()) {
return VoterInterface::ACCESS_GRANTED;
}
}
}
return VoterInterface::ACCESS_DENIED;
}
/**
* @param Request $request
* @param TokenInterface $token
* @return RedirectResponse
*/
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
// Get list of roles for current user
$roles = $token->getRoles();
// Tranform this list in array
$rolesTab = array_map(function ($role) {
return $role->getRole();
}, $roles);
// If is a admin or super admin we redirect to the backoffice area
if (in_array('ROLE_ADMIN', $rolesTab, true) || in_array('ROLE_USER', $rolesTab, true)) {
$redirection = new RedirectResponse($this->router->generate('mon_annuaire_homepage'));
}
return $redirection;
}
/**
* {@inheritDoc}
*/
public function buildRunAs(TokenInterface $token, $secureObject, array $attributes)
{
$roles = array();
foreach ($attributes as $attribute) {
if ($this->supportsAttribute($attribute)) {
$roles[] = new Role($attribute);
}
}
if (0 === count($roles)) {
return null;
}
$roles = array_merge($roles, $token->getRoles());
return new RunAsUserToken($this->key, $token->getUser(), $token->getCredentials(), $roles, $token);
}
public function findVisibleFacets(TokenInterface $token)
{
$roleNames = array();
foreach ($token->getRoles() as $role) {
$roleNames[] = $role->getRole();
}
//the mighty admin can do anything in our world
if (in_array('ROLE_ADMIN', $roleNames)) {
return $this->findAll();
}
$dql = "\n SELECT facet FROM Claroline\\CoreBundle\\Entity\\Facet\\Facet facet\n JOIN facet.roles role\n WHERE role.name IN (:rolenames)\n ";
$query = $this->_em->createQuery($dql);
$query->setParameter('rolenames', $roleNames);
return $query->getResult();
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
// Get list of roles for current user
$roles = $token->getRoles();
// Tranform this list in array
$rolesTab = array_map(function ($role) {
return $role->getRole();
}, $roles);
// If is a admin or super admin we redirect to the backoffice area
if (in_array('ROLE_ADMIN', $rolesTab, true) || in_array('ROLE_SUPER_ADMIN', $rolesTab, true)) {
$redirection = new RedirectResponse($this->router->generate('sonata_admin_dashboard'));
} else {
$redirection = new RedirectResponse($this->router->generate('sonata_user_profile_show'));
}
return $redirection;
}
/**
* @param Request $request
* @param TokenInterface $token
* @return RedirectResponse
*/
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
// Get list of roles for current user
$roles = $token->getRoles();
// Tranform this list in array
$rolesTab = array_map(function ($role) {
return $role->getRole();
}, $roles);
// If is a qualité, blanchisserie, RH, admin or super admin we redirect to the admin/dashboard area
if (in_array('ROLE_ADMIN', $rolesTab, true) || in_array('ROLE_SUPER_ADMIN', $rolesTab, true) || in_array('ROLE_RH', $rolesTab, true) || in_array('ROLE_BLANCHISSERIE', $rolesTab, true) || in_array('ROLE_SERVICE_TECHNIC', $rolesTab, true) || in_array('ROLE_QGDR', $rolesTab, true)) {
$redirection = new RedirectResponse($this->router->generate('sonata_admin_dashboard'));
} else {
$redirection = new RedirectResponse($this->router->generate('iuch_homepage'));
}
return $redirection;
}
/**
* @param Request $request
* @param TokenInterface $token
* @return RedirectResponse
*/
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
// On récupère la liste des rôles d'un utilisateur
$roles = $token->getRoles();
// On transforme le tableau d'instance en tableau simple
$rolesTab = array_map(function ($role) {
return $role->getRole();
}, $roles);
// S'il s'agit d'un admin ou d'un super admin on le redirige vers le backoffice
if (in_array('ROLE_ADMIN', $rolesTab, true) || in_array('ROLE_SUPER_ADMIN', $rolesTab, true)) {
$redirection = new RedirectResponse($this->router->generate('ecommerce_ajoutcategorie'));
} elseif (in_array('ROLE_USER', $rolesTab, true)) {
$redirection = new RedirectResponse($this->router->generate('homepage'));
}
return $redirection;
}
public function vote(TokenInterface $token, $object, array $attributes)
{
if ($object instanceof AdminTool) {
$roles = $object->getRoles();
$tokenRoles = $token->getRoles();
foreach ($tokenRoles as $tokenRole) {
foreach ($roles as $role) {
if ($role->getRole() === $tokenRole->getRole()) {
return VoterInterface::ACCESS_GRANTED;
}
}
}
return VoterInterface::ACCESS_DENIED;
}
return VoterInterface::ACCESS_ABSTAIN;
}
/**
* @param Request $request
* @param TokenInterface $token
* @return RedirectResponse
*/
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
// On récupère la liste des rôles d'un utilisateur
$roles = $token->getRoles();
// On transforme le tableau d'instance en tableau simple
$rolesTab = array_map(function ($role) {
return $role->getRole();
}, $roles);
if (in_array('ROLE_TEACHER', $rolesTab, true) || in_array('ROLE_ADMIN', $rolesTab, true)) {
$redirection = new RedirectResponse($this->router->generate('dashboard.default.index'));
} elseif (in_array('ROLE_STUDENT', $rolesTab, true)) {
$redirection = new RedirectResponse($this->router->generate('student.fiches.home'));
} else {
$redirection = new RedirectResponse($this->router->generate('ElyceeBundle.default.index'));
}
return $redirection;
}
/**
* @param Request $request
* @param TokenInterface $token
* @return RedirectResponse
*/
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
// On récupère la liste des rôles d'un utilisateur
$roles = $token->getRoles();
// On transforme le tableau d'instance en tableau simple
$rolesTab = array_map(function ($role) {
return $role->getRole();
}, $roles);
// S'il s'agit d'un admin ou d'un super admin on le redirige vers le backoffice
if (in_array('ROLE_PARTICULIER', $rolesTab, true)) {
if ($this->session->getDesiredDevis() != null) {
return new RedirectResponse($this->router->generate('devis_show', array('id' => $this->session->getDesiredDevis())));
} else {
return $this->httpUtils->createRedirectResponse($request, $this->determineTargetUrl($request));
}
}
}
/**
* @param Request $request
* @param TokenInterface $token
* @return RedirectResponse
*/
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
// On récupère la liste des rôles d'un utilisateur
$roles = $token->getRoles();
// On transforme le tableau d'instance en tableau simple
$rolesTab = array_map(function ($role) {
return $role->getRole();
}, $roles);
// S'il s'agit d'un admin ou d'un super admin on le redirige vers le backoffice
if (in_array('FORMATEUR', $rolesTab, true)) {
$redirection = new RedirectResponse($this->router->generate('user'));
} elseif (in_array('STAGIAIRE', $rolesTab, true)) {
$redirection = new RedirectResponse($this->router->generate('currenttest'));
} else {
$redirection = new RedirectResponse($this->router->generate('login'));
}
return $redirection;
}
/**
* @param Request $request
* @param TokenInterface $token
* @return RedirectResponse
*/
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
// On récupère la liste des rôles d'un utilisateur
$roles = $token->getRoles();
// On transforme le tableau d'instance en tableau simple
$rolesTab = array_map(function ($role) {
return $role->getRole();
}, $roles);
// S'il s'agit d'un admin on le redirige vers l'accueil admin
if (in_array('ROLE_SUPER_ADMIN', $rolesTab, true)) {
$redirection = new RedirectResponse($this->router->generate('btsappli_utilisateurs_accueilAdmin'));
} elseif (in_array('ROLE_ETU', $rolesTab, true)) {
$redirection = new RedirectResponse($this->router->generate('btsappli_utilisateurs_accueilEtu'));
} else {
$redirection = new RedirectResponse($this->router->generate('btsappli_utilisateurs_etudiantNonValide'));
}
return $redirection;
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
$session = $request->getSession();
$session->getFlashBag()->add('notice', 'Vous êtes connecté');
//
$roles = $token->getRoles();
//
$rolesTab = array_map(function ($role) {
return $role->getRole();
}, $roles);
//
if (in_array('ROLE_ADMIN', $rolesTab, true) || in_array('ROLE_AUTEUR', $rolesTab, true)) {
$redirection = new RedirectResponse($this->router->generate('admin_accueil'));
} else {
$redirection = new RedirectResponse($this->router->generate('blog_accueil'));
}
return $redirection;
}
/**
* @param Request $request
* @param TokenInterface $token
* @return RedirectResponse
*/
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
// On récupère la liste des rôles d'un utilisateur
$roles = $token->getRoles();
// On transforme le tableau d'instance en tableau simple
$user = $token->getUser();
$rolesTab = array_map(function ($role) {
return $role->getRole();
}, $roles);
if (in_array('ROLE_TEACHER', $rolesTab, true) || in_array('ROLE_ADMIN', $rolesTab, true)) {
$redirection = new RedirectResponse($this->router->generate('teacher.home', array('id' => $user->getId())));
} elseif (in_array('ROLE_STUDENT', $rolesTab, true)) {
$redirection = new RedirectResponse($this->router->generate('student.home', array('id' => $user->getId())));
} else {
$redirection = new RedirectResponse($this->router->generate('public.home.index'));
}
return $redirection;
}
/**
* @param Request $request
* @param TokenInterface $token
* @return RedirectResponse
*/
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
// Get list of roles for current user
$roles = $token->getRoles();
// Tranform this list in array
$rolesTab = array_map(function ($role) {
return $role->getRole();
}, $roles);
// If is a super admin we redirect to the backoffice area
if (in_array('ROLE_SUPER_ADMIN', $rolesTab, true)) {
$redirection = new RedirectResponse($this->router->generate('userBundle_backoffice'));
} elseif (in_array('ROLE_ADMIN', $rolesTab, true)) {
$redirection = new RedirectResponse($this->router->generate('digital_pilot_choiceApp'));
} else {
$redirection = new RedirectResponse($this->router->generate('digital_pilot_choiceApp'));
}
return $redirection;
}
