public function convertMethodAnnotations(\ReflectionMethod $method, array $annotations) { $parameters = array(); foreach ($method->getParameters() as $index => $parameter) { $parameters[$parameter->getName()] = $index; } $methodMetadata = new MethodMetadata($method->getDeclaringClass()->getName(), $method->getName()); foreach ($annotations as $annotation) { if ($annotation instanceof Secure) { $methodMetadata->roles = $annotation->roles; } else { if ($annotation instanceof SecureParam) { if (!isset($parameters[$annotation->name])) { throw new \InvalidArgumentException(sprintf('The parameter "%s" does not exist for method "%s".', $annotation->name, $method->getName())); } $methodMetadata->addParamPermissions($parameters[$annotation->name], $annotation->permissions); } else { if ($annotation instanceof SecureReturn) { $methodMetadata->returnPermissions = $annotation->permissions; } else { if ($annotation instanceof SatisfiesParentSecurityPolicy) { $methodMetadata->satisfiesParentSecurityPolicy = true; } else { if ($annotation instanceof RunAs) { $methodMetadata->runAsRoles = $annotation->roles; } } } } } } return $methodMetadata; }
private function convertMethodAnnotations(\ReflectionMethod $method, array $annotations, PreAuthorize $classPreAuthorize = null) { $parameters = array(); foreach ($method->getParameters() as $index => $parameter) { $parameters[$parameter->getName()] = $index; } $methodMetadata = new MethodMetadata($method->class, $method->name); $hasSecurityMetadata = $hasPreRestrictions = false; foreach ($annotations as $annotation) { if ($annotation instanceof Secure) { $methodMetadata->roles = $annotation->roles; $hasSecurityMetadata = $hasPreRestrictions = true; } elseif ($annotation instanceof PreAuthorize) { $methodMetadata->roles = array(new Expression($annotation->expr)); $hasSecurityMetadata = $hasPreRestrictions = true; } elseif ($annotation instanceof SecureParam) { if (!isset($parameters[$annotation->name])) { throw new InvalidArgumentException(sprintf('The parameter "%s" does not exist for method "%s".', $annotation->name, $method->name)); } $methodMetadata->addParamPermissions($parameters[$annotation->name], $annotation->permissions); $hasSecurityMetadata = $hasPreRestrictions = true; } elseif ($annotation instanceof SecureReturn) { $methodMetadata->returnPermissions = $annotation->permissions; $hasSecurityMetadata = true; } elseif ($annotation instanceof SatisfiesParentSecurityPolicy) { $methodMetadata->satisfiesParentSecurityPolicy = true; $hasSecurityMetadata = true; } elseif ($annotation instanceof RunAs) { $methodMetadata->runAsRoles = $annotation->roles; $hasSecurityMetadata = true; } } // We use the following conditions to determine whether we should apply // a class-level @PreAuthorize annotation: // // - No other authorization that runs before the method invocation // must be configured. @Secure, @SecureParam, @PreAuthorize must // not be present; @SecureReturn would be fine though. // // - The method must be public, or alternatively publicOnly on // @PreAuthorize must be set to false. if (!$hasPreRestrictions && $classPreAuthorize && (!$classPreAuthorize->publicOnly || !$method->isProtected())) { $methodMetadata->roles = array(new Expression($classPreAuthorize->expr)); $hasSecurityMetadata = true; } return $hasSecurityMetadata ? $methodMetadata : null; }