/**
* Add user info for request
*
* @param GetResponseEvent $request
*/
public function onKernelRequest(GetResponseEvent $request)
{
$token = $this->tokenStorage->getToken();
$user = null;
if (!is_null($token)) {
$user = $token->getUser();
}
$this->xacmlRequest->set($this->category, $user);
}
/**
* Add resource information for request from annotations
*
* @param GetResponseEvent $request
*/
public function onKernelRequest(GetResponseEvent $request)
{
$controller = $request->getRequest()->get('_controller');
$controllerParts = explode('::', $controller);
if (is_array($controllerParts) && count($controllerParts) == 2) {
$class = $controllerParts[0];
$method = $controllerParts[1];
$object = new \ReflectionMethod($class, $method);
$resources = [];
foreach ($this->annotationsReader->getMethodAnnotations($object) as $configuration) {
if ($configuration instanceof XacmlResource) {
$baseClassName = $this->getBaseClassName($configuration->entity);
$resources[$baseClassName] = new Resource($configuration->entity, $request->getRequest()->get($configuration->id), $configuration->method);
$resources['type'] = $baseClassName;
}
}
if (!empty($resources)) {
$this->xacmlRequest->set($this->category, $resources);
}
}
}
/**
* Retrieve value by attributeId from request context
*
* @param XacmlRequest $request
* @param string $attributeId
* @return mixed
* @throws \Exception
*/
public function getValue(XacmlRequest $request, $attributeId)
{
$attributeParts = explode('.', trim($attributeId));
$array = [];
foreach ($attributeParts as $key => $attributePart) {
//First check Category - top level in XacmlRequest
if ($key === 0) {
$array = $request->get($attributePart);
if (empty($array)) {
//Check if attribute part is Resource
$array = $request->get('Resource');
if (!empty($array) && isset($array[$attributePart])) {
if ($array[$attributePart] instanceof XacmlResource) {
/** @var XacmlResource $resource */
$resource = $array[$attributeParts[0]];
$array = $this->getEntity($resource);
} elseif (is_object($array[$attributePart])) {
$array = $array[$attributePart];
}
}
}
if (empty($array)) {
throw new \Exception("Attribute {$attributeId} not found");
}
continue;
}
if (is_array($array) && isset($array[$attributePart])) {
$array = $array[$attributePart];
} elseif (is_object($array)) {
$getter = $this->getGetter($attributePart);
$array = $array->{$getter}();
} else {
throw new \Exception("Attribute {$attributeId} not found");
}
}
return $array;
}
public function evaluate(XacmlRequest $request)
{
$action = $request->get('Action');
//Error pages not have Action name
/**
* Permit access to:
* - Error pages with empty Action name
* - Actions for debug, started with "_"
*/
if (empty($action) || substr($action, 0, 1) === '_') {
return Decision::PERMIT;
}
$policies = $this->em->getRepository(PolicySet::class)->findNotLinkedPolicySets();
if (empty($policies)) {
$policies = $this->em->getRepository(Policy::class)->findNotLinkedPolicies();
}
if (!empty($policies)) {
$result = $this->combiningAlgorithmRegistry->get($this->combiningAlgId)->evaluate($request, $policies);
if (in_array($result, [Decision::PERMIT, Decision::DENY])) {
return $result;
}
}
return $this->defaultDecision;
}
/**
* Add environment information for request
*
* @param GetResponseEvent $request
*/
public function onKernelRequest(GetResponseEvent $request)
{
$dateTime = new \DateTime();
$this->xacmlRequest->set($this->category, ['ip' => $request->getRequest()->getClientIp(), 'date_time' => $dateTime->format('Y-m-d H:i:s')]);
}
/**
* Add route name for request
*
* @param GetResponseEvent $request
*/
public function onKernelRequest(GetResponseEvent $request)
{
$this->xacmlRequest->set($this->category, $request->getRequest()->get('_route'));
}