/** * {@inheritdoc} * * @throws ForbiddenRequestException */ public function checkRequirements($element) { parent::checkRequirements($element); if ($element instanceof ClassType) { return; } //not checking class access, only method access $user = $this->getUser(); // Allowing for both method level and class level annotations $class = $element instanceof Method ? $element->getDeclaringClass() : $element; $secured = $element->getAnnotation('Secured') || $class->getAnnotation('Secured'); if ($secured) { if (!$user->isLoggedIn()) { throw new ForbiddenRequestException("User has to be logged in to access secured presenter."); } else { //check existence of resource if (!($element->hasAnnotation('Resource') || $class->hasAnnotation('Resource'))) { throw new InvalidStateException('Secured method is missing a resource.'); } $resource = $element->hasAnnotation('Resource') ? $element->getAnnotation('Resource') : $class->getAnnotation('Resource'); $privileges = array_merge((array) $class->getAnnotation('Privilege'), (array) $element->getAnnotation('Privilege')); foreach ($privileges as $privilege) { if ($user->isAllowed($resource, $privilege)) { return; } } throw new ForbiddenRequestException("User is not allowed to access resource '{$resource}'"); } } }
/** * Check presenter requirements * @param $element * @throws ForbiddenRequestException */ public function checkRequirements($element) { parent::checkRequirements($element); $accessToken = $this->input->getAuthorization(); if (!$accessToken) { throw new ForbiddenRequestException('Access token not provided'); } $this->checkAccessToken($accessToken); }
public function checkRequirements($element) { if ($this->securityToken !== null && $element instanceof Application\UI\PresenterComponentReflection) { if ($this->getParameter('token') != $this->securityToken->getSecurityToken()) { throw new Application\ForbiddenRequestException('Security token does not match!'); } } parent::checkRequirements($element); }
/** * @param \Nette\Reflection\Method $element * @throws \Nette\Application\ForbiddenRequestException */ public function checkRequirements($element) { parent::checkRequirements($element); if ($element instanceof \Nette\Reflection\Method) { $method = $element->getName(); if (Strings::match($method, '/^createComponent|handle/') !== NULL && $element->hasAnnotation('action')) { $action = (array) $element->getAnnotation('action'); if (!in_array($this->getAction(), $action, TRUE)) { throw new \Nette\Application\ForbiddenRequestException(); } } } }
/** * Check permissions for action * @param $element */ public function checkRequirements($element) { parent::checkRequirements($element); $permission = (array) $element->getAnnotation('permission'); if ($permission) { if (count($permission) === 1) { $resource = $permission[0]; $privilege = Permission::ALL; } else { list($resource, $privilege) = array_values($permission); } if (!$this->getUser()->isAllowed($resource, $privilege)) { $this->redirectToHomepage($this->translate("admin.permission.error"), 'error'); } } }
/** * Checks authorization. * * @param string $element * @return void * @throws Application\ForbiddenRequestException */ public function checkRequirements($element) { try { parent::checkRequirements($element); if (!$this->requirementsChecker->isAllowed($element)) { throw new Application\ForbiddenRequestException(); } } catch (Application\ForbiddenRequestException $e) { $this->flashMessage('Pro vstup do požadované sekce musíte být přihlášen/a s příslušným oprávněním.'); if (!$this->user->isLoggedIn()) { $this->redirect('Sign:in', ['backSignInUrl' => $this->getHttpRequest()->url->path]); } elseif (!$this->isLinkCurrent('Homepage:')) { $this->redirect('Homepage:'); } else { $this->redirect('Sign:in'); } } }
/** * Check permissions by annotations * {@inheritdoc} */ public function checkRequirements($element) { parent::checkRequirements($element); if ($element instanceof \Nette\Reflection\ClassType) { return; } //not checking class access, only method access $user = $this->user; // Allowing for both method level and class level annotations $class = $element instanceof \Nette\Reflection\Method ? $element->getDeclaringClass() : $element; $secured = $element->getAnnotation('Secured') || $class->getAnnotation('Secured'); if ($secured) { if (!$user->isLoggedIn()) { if ($user->getLogoutReason() === IUserStorage::INACTIVITY) { $this->flashMessage("Byl jsi odhlášen, protože jsi nebyl po dlouhou dobu aktivní."); } else { $this->flashMessage("Pro vstup do této části webu se musíš přihlásit."); } $this->redirect(":Front:Default:Sign:in", array("backlink" => $this->storeRequest())); } else { //check existence of resource if (!($element->hasAnnotation('Resource') || $class->hasAnnotation('Resource'))) { throw new \Nette\InvalidStateException('Secured method is missing a resource.'); } $resource = $element->hasAnnotation('Resource') ? $element->getAnnotation('Resource') : $class->getAnnotation('Resource'); $privileges = array_merge((array) $class->getAnnotation('Privilege'), (array) $element->getAnnotation('Privilege')); $allowed = FALSE; foreach ($privileges as $privilege) { if ($user->isAllowed($resource, $privilege)) { $allowed = TRUE; } } if (!$allowed) { throw new \Nette\Application\ForbiddenRequestException("Pro vstup do této části webu nemáte dostatečná oprávnění", 403); } } } }
/** * Check security and other presenter requirements * @param $element */ public function checkRequirements($element) { try { parent::checkRequirements($element); } catch (Application\ForbiddenRequestException $e) { $this->sendErrorResource($e); } // Try to authenticate client try { $this->authentication->authenticate($this->getInput()); } catch (SecurityException $e) { $this->sendErrorResource($e); } }