public function isGranted($route = "ibrows_simple_cms_content", $parameters=array()) {
try {
if (false === $this->securityContext->isGranted($this->globalRole)) {
return false;
}
} catch (AuthenticationCredentialsNotFoundException $e){
return true;
}
if(isset($parameters['type']) && key_exists($parameters['type'], $this->securityMap)){
$roles = $this->securityMap[$parameters['type']];
foreach($roles as $roletype => $role){
if(stripos($route, $roletype) !== false || $roletype == 'general') {
if(false === $this->securityContext->isGranted($role)){
return false;
}
}
}
}
return true;
}
public function onKernelRequest(GetResponseEvent $event)
{
if (HttpKernel::MASTER_REQUEST != $event->getRequestType()) {
// don't do anything if it's not the master request
return;
}
$token = $this->context->getToken();
if (is_null($token)) {
return;
}
$_route = $event->getRequest()->attributes->get('_route');
if ($this->context->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
if (!$token->getUser() instanceof PersonInterface) {
// We don't have a PersonInterface... Nothing to do here.
return;
}
if ($_route == 'lc_home' || $_route == 'fos_user_security_login') {
$key = '_security.main.target_path';
#where "main" is your firewall name
//check if the referer session key has been set
if ($this->session->has($key)) {
//set the url based on the link they were trying to access before being authenticated
$url = $this->session->get($key);
//remove the session key
$this->session->remove($key);
} else {
$url = $this->router->generate('lc_dashboard');
}
$event->setResponse(new RedirectResponse($url));
} else {
$this->checkUnconfirmedEmail();
}
}
}
/**
* Assigns the Security token's user to the vote.
*
* @param VoteEvent $vote
* @return void
*/
public function blame(VoteEvent $event)
{
$vote = $event->getVote();
if (null === $this->securityContext) {
if ($this->logger) {
$this->logger->debug("Vote Blamer did not receive the security.context service.");
}
return;
}
if (!$vote instanceof SignedVoteInterface) {
if ($this->logger) {
$this->logger->debug("Vote does not implement SignedVoteInterface, skipping");
}
return;
}
if (null === $this->securityContext->getToken()) {
if ($this->logger) {
$this->logger->debug("There is no firewall configured. We cant get a user.");
}
return;
}
if ($this->securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
$vote->setVoter($this->securityContext->getToken()->getUser());
}
}
/**
* {@inheritdoc}
*/
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder->add('gridName', 'hidden', ['required' => false])->add('entityClass', 'hidden', ['required' => false])->add('entityId', 'hidden', ['required' => false])->add('from', 'oro_email_email_address_from', ['required' => true, 'label' => 'oro.email.from_email_address.label', 'attr' => ['class' => 'from taggable-field']])->add('to', 'oro_email_email_address_recipients', ['required' => false, 'attr' => ['class' => 'taggable-field forged-required']])->add('cc', 'oro_email_email_address_recipients', ['required' => false, 'attr' => ['class' => 'taggable-field']])->add('bcc', 'oro_email_email_address_recipients', ['required' => false, 'attr' => ['class' => 'taggable-field']])->add('subject', 'text', ['required' => true, 'label' => 'oro.email.subject.label'])->add('body', 'oro_resizeable_rich_text', ['required' => false, 'label' => 'oro.email.email_body.label'])->add('template', 'oro_email_template_list', ['label' => 'oro.email.template.label', 'required' => false, 'depends_on_parent_field' => 'entityClass', 'configs' => ['allowClear' => true]])->add('type', 'choice', ['label' => 'oro.email.type.label', 'required' => true, 'data' => 'html', 'choices' => ['html' => 'oro.email.datagrid.emailtemplate.filter.type.html', 'txt' => 'oro.email.datagrid.emailtemplate.filter.type.txt'], 'expanded' => true])->add('attachments', 'oro_email_attachments', ['type' => 'oro_email_attachment', 'required' => false, 'allow_add' => true, 'prototype' => false, 'options' => ['required' => false]])->add('bodyFooter', 'hidden')->add('parentEmailId', 'hidden')->add('signature', 'hidden')->add('contexts', 'oro_activity_contexts_select', ['tooltip' => 'oro.email.contexts.tooltip', 'read_only' => !$this->securityContext->isGranted('EDIT', 'entity:Oro\\Bundle\\EmailBundle\\Entity\\EmailUser'), 'configs' => ['containerCssClass' => 'taggable-email', 'route_name' => 'oro_activity_form_autocomplete_search', 'route_parameters' => ['activity' => 'emails', 'name' => 'emails']]]);
$builder->addEventListener(FormEvents::PRE_SET_DATA, [$this, 'initChoicesByEntityName']);
$builder->addEventListener(FormEvents::PRE_SET_DATA, [$this, 'fillFormByTemplate']);
$builder->addEventListener(FormEvents::PRE_SUBMIT, [$this, 'initChoicesByEntityName']);
}
/**
* Render js inclusion for create.js and dependencies and bootstrap code.
*
* THe hallo editor is bundled with create.js and available automatically.
* To use aloha, you need to download the zip, as explained in step 8 of
* the README.
*
* @param string $editor the name of the editor to load, currently hallo and aloha are supported
*/
public function includeJSFilesAction($editor = 'hallo')
{
if ($this->securityContext && false === $this->securityContext->isGranted($this->requiredRole)) {
return new Response('');
}
// We could inject a list of names to template mapping for this
// to allow adding other editors without changing this bundle
$view = new View();
switch ($editor) {
case 'hallo':
if ($this->coffee) {
$view->setTemplate('SymfonyCmfCreateBundle::includecoffeefiles-hallo.html.twig');
} else {
$view->setTemplate('SymfonyCmfCreateBundle::includejsfiles-hallo.html.twig');
}
break;
case 'aloha':
$view->setTemplate('SymfonyCmfCreateBundle::includejsfiles-aloha.html.twig');
break;
default:
throw new \InvalidArgumentException("Unknown editor '{$editor}' requested");
}
$view->setData(array('cmfCreateStanbolUrl' => $this->stanbolUrl, 'cmfCreateImageUploadEnabled' => (bool) $this->imageClass));
return $this->viewHandler->handle($view);
}
/**
* Get the customer.
*
* @throws \RuntimeException
*
* @return \Sonata\Component\Customer\CustomerInterface
*/
public function get()
{
$customer = null;
$user = null;
if (true === $this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')) {
// user is authenticated
$user = $this->securityContext->getToken()->getUser();
if (!$user instanceof UserInterface) {
throw new \RuntimeException('User must be an instance of FOS\\UserBundle\\Model\\UserInterface');
}
$customer = $this->customerManager->findOneBy(array('user' => $user->getId()));
}
if (!$customer) {
$basket = $this->getBasket();
if ($basket && $basket->getCustomer()) {
$customer = $basket->getCustomer();
}
}
if (!$customer) {
$customer = $this->customerManager->create();
}
if (!$customer->getLocale()) {
$customer->setLocale($this->locale);
}
if ($user && $customer) {
$customer->setUser($user);
}
return $customer;
}
public function previewContentAction( $contentId, $versionNo, $language, $siteAccessName = null )
{
try
{
$content = $this->contentService->loadContent( $contentId, array( $language ), $versionNo );
$location = $this->previewHelper->getPreviewLocation( $contentId );
}
catch ( UnauthorizedException $e )
{
throw new AccessDeniedException();
}
if ( !$this->securityContext->isGranted( new AuthorizationAttribute( 'content', 'versionread', array( 'valueObject' => $content ) ) ) )
{
throw new AccessDeniedException();
}
$siteAccess = $this->previewHelper->getOriginalSiteAccess();
// Only switch if $siteAccessName is set and different from original
if ( $siteAccessName !== null && $siteAccessName !== $siteAccess->name )
{
$siteAccess = $this->previewHelper->changeConfigScope( $siteAccessName );
}
$response = $this->kernel->handle(
$this->getForwardRequest( $location, $content, $siteAccess ),
HttpKernelInterface::SUB_REQUEST
);
$response->headers->remove( 'cache-control' );
$response->headers->remove( 'expires' );
$this->previewHelper->restoreConfigScope();
return $response;
}
/**
* Check if the node on the event is published, otherwise skip it.
*
* @param CreateMenuItemFromNodeEvent $event
*/
public function onCreateMenuItemFromNode(CreateMenuItemFromNodeEvent $event)
{
$node = $event->getNode();
if (!$this->publishWorkflowChecker->isGranted($this->publishWorkflowPermission, $node)) {
$event->setSkipNode(true);
}
}
/**
* @return bool
*/
private function isUserAuthenticated()
{
// IS_AUTHENTICATED_FULLY inherits from IS_AUTHENTICATED_REMEMBERED.
// User can be either authenticated by providing credentials during current session
// or by "remember me" if available.
return $this->securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED');
}
/**
* @inheritdoc
*/
public function consume(TokenInterface $token, Request $request)
{
if (!$this->security->isGranted(AbstractTokenVoter::CONSUME, $token)) {
throw new AccessDeniedException();
}
return parent::consume($token, $request);
}
/**
* @param string $role
*
* @return bool
*/
protected function isGranted($role)
{
if (!$this->securityContext) {
$this->securityContext = $this->getSecurityContext();
}
return $this->securityContext->isGranted($role);
}
/**
* Gets customer based on currently logged user.
*
* @return CustomerInterface|null
*/
public function getCustomer()
{
if ($this->securityContext->getToken() && $this->securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED') && $this->securityContext->getToken()->getUser() instanceof UserInterface) {
return $this->securityContext->getToken()->getUser()->getCustomer();
}
return null;
}
/**
* @{inheritDoc}
*/
public function can($transition)
{
$transition = $transition instanceof TransitionInterface ? $transition : $this->getTransition($transition);
if (!$this->securityContext->isGranted($transition->getName(), $this->getObject())) {
return false;
}
return parent::can($transition);
}
public function countImagesList($listParams)
{
if ($this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')) {
return $this->imgRepository->count($listParams);
} else {
return 0;
}
}
private function addConfiguration()
{
if ($this->securityContext->isGranted("ROLE_SUPER_ADMIN")) {
$configuration = $this->menu->addChild($this->translator->trans('Configuration'), array('route' => 'HexMediaConfigurationDisplay'))->setAttribute('icon', 'fa fa-cogs');
// $configuration->addChild($this->translator->trans("List"), array('route' => 'HexMediaConfigurationDisplay'));
$configuration->addChild($this->translator->trans("Add"), array('route' => 'HexMediaConfigurationAdd'));
}
}
/**
* @return Boolean - returns if a user is logged in
*/
public function isLoggedIn()
{
if ($this->getUser() && $this->security->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
return true;
} else {
return false;
}
}
/**
* {@inheritdoc}
*/
public function isGranted(MediaInterface $media, Request $request)
{
try {
return $this->security->isGranted($this->roles);
} catch (AuthenticationCredentialsNotFoundException $e) {
// The token is not set in an AuthorizationCheckerInterface object
return false;
}
}
public function viewPostAction(Post $contentDocument, $contentTemplate = null)
{
$post = $contentDocument;
if (true !== $this->securityContext->isGranted($this->publishWorkflowPermission, $post)) {
throw new NotFoundHttpException(sprintf('Post "%s" is not published', $post->getTitle()));
}
$contentTemplate = $contentTemplate ?: 'CmfBlogBundle:Blog:view_post.html.twig';
return $this->renderResponse($contentTemplate, array('post' => $post));
}
public function blame(EventInterface $event)
{
$token = $this->securityContext->getToken();
if (null === $token) {
throw new \RuntimeException('You must configure a firewall for this route');
}
if ($this->securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
$event->setOrganizer($token->getUser());
}
}
/**
* @param GetResponseEvent $event
*/
public function onKernelRequest(GetResponseEvent $event)
{
if (null === $this->securityContext) {
return;
}
$token = $this->securityContext->getToken();
if (null !== $token && $this->securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
$this->versionManager->setUsername($token->getUser()->getUsername());
}
}
/**
* @param mixed $attributes
* @param object $object
* @return bool
* @throws MissingDependencyException
* @throws NotAuthenticatedException
*/
public function isGranted($attributes, $object = null)
{
if (null === $this->securityContext) {
throw new MissingDependencyException('No security context present.');
}
if (!$this->securityContext->getToken()) {
throw new NotAuthenticatedException('User not authenticated.');
}
return $this->securityContext->isGranted($attributes, $object);
}
/**
* @param BuildVersionEvent $event
*
* @return BuildVersionEvent
*/
public function preBuild(BuildVersionEvent $event)
{
if (null === $this->securityContext) {
return $event;
}
$token = $this->securityContext->getToken();
if (null !== $token && $this->securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
$event->setUsername($token->getUser()->getUsername());
}
return $event;
}
/**
* Handle article PUT
*/
public function putDocumentAction(Request $request, $subject)
{
if ($this->securityContext && false === $this->securityContext->isGranted($this->requiredRole)) {
throw new AccessDeniedException();
}
$model = $this->getModelBySubject($request, $subject);
$type = $this->typeFactory->getTypeByObject($model);
$result = $this->restHandler->run($request->request->all(), $type, null, RestService::HTTP_PUT);
$view = View::create($result)->setFormat('json');
return $this->viewHandler->handle($view, $request);
}
public function testIgnoreRoleNotHas()
{
$doc = $this->getMock('Symfony\\Cmf\\Bundle\\CoreBundle\\Tests\\Functional\\PublishWorkflow\\PublishModel');
$doc->expects($this->any())->method('isPublishable')->will($this->returnValue(false));
$roles = array(new Role('OTHER_ROLE'));
$token = new UsernamePasswordToken('test', 'pass', 'testprovider', $roles);
$tokenStorage = $this->getContainer()->get('security.token_storage');
$tokenStorage->setToken($token);
$this->assertFalse($this->publishWorkflowChecker->isGranted(PublishWorkflowChecker::VIEW_ATTRIBUTE, $doc));
$this->assertFalse($this->publishWorkflowChecker->isGranted(PublishWorkflowChecker::VIEW_ANONYMOUS_ATTRIBUTE, $doc));
}
/**
* Assigns the Security token's user to the vote.
*
* @throws InvalidArgumentException when the vote does not implement SignedVoteInterface
* @throws RuntimeException When the firewall is not properly configured
* @param VoteInterface $vote
* @return void
*/
public function blame(VoteInterface $vote)
{
if (!$vote instanceof SignedVoteInterface) {
throw new InvalidArgumentException('The vote must implement SignedVoteInterface');
}
if (null === $this->securityContext->getToken()) {
throw new RuntimeException('You must configure a firewall for this route');
}
if ($this->securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
$vote->setVoter($this->securityContext->getToken()->getUser());
}
}
/**
* Actions may be performed if there is a securityContext having a token
* and granting the required role.
*
* {@inheritDoc}
*/
public function check(Request $request)
{
try {
return $this->securityContext && $this->securityContext->getToken() && $this->securityContext->isGranted($this->requiredRole);
} catch (\Exception $e) {
if ($this->logger) {
$this->logger->error($e, array('exception' => $e));
}
// ignore and return false
}
return false;
}
public function topicData(\Symbb\Core\EventBundle\Event\ApiDataEvent $event)
{
$topic = $event->getObject();
if (is_object($topic)) {
$forum = $topic->getForum();
$createSurvey = $this->securityContext->isGranted(RatingVoter::CREATE_RATING, $forum);
$event->addAccessData('createRating', $createSurvey);
$createSurvey = $this->securityContext->isGranted(RatingVoter::VIEW_RATING, $forum);
$event->addAccessData('viewRating', $createSurvey);
$this->addExtensionData($event, $topic->getMainPost());
}
}
/**
* In this method you can add children for a specific parent, but also remove and change the already created children
*
* @param MenuBuilder $menu The MenuBuilder
* @param MenuItem[] &$children The current children
* @param MenuItem $parent The parent Menu item
* @param Request $request The Request
*/
public function adaptChildren(MenuBuilder $menu, array &$children, MenuItem $parent = null, Request $request = null)
{
if (!is_null($parent) && 'KunstmaanAdminBundle_settings' == $parent->getRoute() && $this->security->isGranted('ROLE_SUPER_ADMIN')) {
$menuItem = new MenuItem($menu);
$menuItem->setRoute('KunstmaanSeoBundle_settings_robots')->setLabel('Robots')->setUniqueId('robots_settings')->setParent($parent);
if (stripos($request->attributes->get('_route'), $menuItem->getRoute()) === 0) {
$menuItem->setActive(true);
$parent->setActive(true);
}
$children[] = $menuItem;
}
}
/**
* @param Request $request
* @param string $name
* @param string $redirectUrl Optional
* @param array $extraParameters Optional
*
* @return string
*/
public function getAuthorizationUrl(Request $request, $name, $redirectUrl = null, array $extraParameters = array())
{
$resourceOwner = $this->getResourceOwner($name);
if (null === $redirectUrl) {
if (!$this->connect || !$this->securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
$redirectUrl = $this->httpUtils->generateUri($request, $this->ownerMap->getResourceOwnerCheckPath($name));
} else {
$redirectUrl = $this->getServiceAuthUrl($request, $resourceOwner);
}
}
return $resourceOwner->getAuthorizationUrl($redirectUrl, $extraParameters);
}
/**
* Present a form to the user to accept or not to share
* its information with the consumer.
*/
public function allowAction(Request $request)
{
$oauth_token = $request->get('oauth_token', null);
$oauth_callback = $request->get('oauth_callback', null);
if ($this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')) {
$token = $this->tokenProvider->loadRequestTokenByToken($oauth_token);
if ($token instanceof RequestTokenInterface) {
$this->tokenProvider->setUserForRequestToken($token, $this->securityContext->getToken()->getUser());
return new Response($this->engine->render('BazingaOAuthServerBundle::authorize.html.twig', array('consumer' => $token->getConsumer(), 'oauth_token' => $oauth_token, 'oauth_callback' => $oauth_callback)));
}
}
throw new HttpException(404);
}