public function handle(Request $request, AccessDeniedException $accessDeniedException) { if ($request->isXmlHttpRequest()) { return new JsonResponse(array('success' => false, 'message' => $accessDeniedException->getMessage())); } return $accessDeniedException; }
function handle(Request $request, AccessDeniedException $accessDeniedException) { // todo: CUSTOM LOG THIS EVENT! /** @var UsernamePasswordToken $token */ $token = $this->token_storage->getToken(); $anyAdminRoles = false; foreach ($token->getRoles() as $role) { /** @var Role $role */ if (stripos($role->getRole(), '_ADMIN') !== false) { $anyAdminRoles = true; break; } } if ($accessDeniedException->getCode() == 403 && stripos($request->getPathInfo(), '/admin') !== false) { if (!$anyAdminRoles) { $content = $this->twig->render('admin/exception/error403.html.twig', array('accessDeniedMessage' => 'You are not authorized to access the Fraternity of Light Admin')); } else { $content = $this->twig->render('admin/adminindex.html.twig', array('accessDeniedMessage' => 'You do not have permission to view the requested resource')); } $response = new Response(); $response->setContent($content); $response->setStatusCode($accessDeniedException->getCode()); return $response; } }
/** * Handles an access denied failure redirecting to home page * * @param Request $request * @param AccessDeniedException $accessDeniedException * * @return Response may return null */ public function handle(Request $request, AccessDeniedException $accessDeniedException) { $this->logger->error('User tried to access: ' . $request->getUri()); if ($request->isXmlHttpRequest()) { return new JsonResponse(['message' => $accessDeniedException->getMessage(), 'trace' => $accessDeniedException->getTraceAsString(), 'exception' => get_class($accessDeniedException)], Response::HTTP_SERVICE_UNAVAILABLE); } else { $url = $request->getBasePath() !== "" ? $request->getBasePath() : "/"; $response = new RedirectResponse($url); $response->setStatusCode(Response::HTTP_FORBIDDEN); $response->prepare($request); return $response->send(); } }
/** * Handles access authorization. * * @param GetResponseEvent $event A GetResponseEvent instance * * @throws AccessDeniedException * @throws AuthenticationCredentialsNotFoundException */ public function handle(GetResponseEvent $event) { if (null === ($token = $this->tokenStorage->getToken())) { throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.'); } $request = $event->getRequest(); list($attributes) = $this->map->getPatterns($request); if (null === $attributes) { return; } if (!$token->isAuthenticated()) { $token = $this->authManager->authenticate($token); $this->tokenStorage->setToken($token); } if (!$this->accessDecisionManager->decide($token, $attributes, $request)) { $exception = new AccessDeniedException(); $exception->setAttributes($attributes); $exception->setSubject($request); throw $exception; } }
private function handleAccessDeniedException(GetResponseForExceptionEvent $event, AccessDeniedException $exception) { $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception)); $token = $this->context->getToken(); if (!$this->authenticationTrustResolver->isFullFledged($token)) { if (null !== $this->logger) { $this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine())); } try { $insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception); $insufficientAuthenticationException->setToken($token); $event->setResponse($this->startAuthentication($event->getRequest(), $insufficientAuthenticationException)); } catch (\Exception $e) { $event->setException($e); } return; } if (null !== $this->logger) { $this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine())); } try { if (null !== $this->accessDeniedHandler) { $response = $this->accessDeniedHandler->handle($event->getRequest(), $exception); if ($response instanceof Response) { $event->setResponse($response); } } elseif (null !== $this->errorPage) { $subRequest = $this->httpUtils->createRequest($event->getRequest(), $this->errorPage); $subRequest->attributes->set(Security::ACCESS_DENIED_ERROR, $exception); $event->setResponse($event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true)); } } catch (\Exception $e) { if (null !== $this->logger) { $this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage())); } $event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e)); } }
public function __construct(SiteAccess $siteAccess, $username, Exception $previous = null) { parent::__construct("User '{$username}' doesn't have user/login permission to SiteAccess '{$siteAccess->name}'", $previous); }
public function handle(Request $request, AccessDeniedException $accessDeniedException) { $templateVars = array(); $templateVars['message'] = $accessDeniedException->getMessage(); if ($this->getSecurityContext()->isGranted('ROLE_PREVIOUS_ADMIN')) { $templateVars['securityExitURL'] = $this->generateUrl('user_home', array('_switch_user' => '_exit')); } $template = $this->container->get('templating'); $response = new Response($template->render('BWCMSBundle:Common:access-denied.html.twig', $templateVars)); $response->send(); exit; }
public function handle(Request $request, AccessDeniedException $accessDeniedException) { $response = $this->rf->getErrorResponse(); $response->setErrors(array('message' => $accessDeniedException->getMessage())); return $response; }
/** * Attempts to switch to another user. * * @param Request $request A Request instance * * @return TokenInterface|null The new TokenInterface if successfully switched, null otherwise * * @throws \LogicException * @throws AccessDeniedException */ private function attemptSwitchUser(Request $request) { $token = $this->tokenStorage->getToken(); $originalToken = $this->getOriginalToken($token); if (false !== $originalToken) { if ($token->getUsername() === $request->get($this->usernameParameter)) { return $token; } throw new \LogicException(sprintf('You are already switched to "%s" user.', $token->getUsername())); } if (false === $this->accessDecisionManager->decide($token, array($this->role))) { $exception = new AccessDeniedException(); $exception->setAttributes($this->role); throw $exception; } $username = $request->get($this->usernameParameter); if (null !== $this->logger) { $this->logger->info('Attempting to switch to user.', array('username' => $username)); } $user = $this->provider->loadUserByUsername($username); $this->userChecker->checkPostAuth($user); $roles = $user->getRoles(); $roles[] = new SwitchUserRole('ROLE_PREVIOUS_ADMIN', $this->tokenStorage->getToken()); $token = new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey, $roles); if (null !== $this->dispatcher) { $switchEvent = new SwitchUserEvent($request, $token->getUser()); $this->dispatcher->dispatch(SecurityEvents::SWITCH_USER, $switchEvent); } return $token; }
/** * */ public function __construct() { parent::__construct("Missing user privilege"); }