public function convertMethodAnnotations(\ReflectionMethod $method, array $annotations)
{
$parameters = array();
foreach ($method->getParameters() as $index => $parameter) {
$parameters[$parameter->getName()] = $index;
}
$methodMetadata = new MethodMetadata($method->getDeclaringClass()->getName(), $method->getName());
foreach ($annotations as $annotation) {
if ($annotation instanceof Secure) {
$methodMetadata->roles = $annotation->roles;
} else {
if ($annotation instanceof SecureParam) {
if (!isset($parameters[$annotation->name])) {
throw new \InvalidArgumentException(sprintf('The parameter "%s" does not exist for method "%s".', $annotation->name, $method->getName()));
}
$methodMetadata->addParamPermissions($parameters[$annotation->name], $annotation->permissions);
} else {
if ($annotation instanceof SecureReturn) {
$methodMetadata->returnPermissions = $annotation->permissions;
} else {
if ($annotation instanceof SatisfiesParentSecurityPolicy) {
$methodMetadata->satisfiesParentSecurityPolicy = true;
} else {
if ($annotation instanceof RunAs) {
$methodMetadata->runAsRoles = $annotation->roles;
}
}
}
}
}
}
return $methodMetadata;
}
private function convertMethodAnnotations(\ReflectionMethod $method, array $annotations, PreAuthorize $classPreAuthorize = null)
{
$parameters = array();
foreach ($method->getParameters() as $index => $parameter) {
$parameters[$parameter->getName()] = $index;
}
$methodMetadata = new MethodMetadata($method->class, $method->name);
$hasSecurityMetadata = $hasPreRestrictions = false;
foreach ($annotations as $annotation) {
if ($annotation instanceof Secure) {
$methodMetadata->roles = $annotation->roles;
$hasSecurityMetadata = $hasPreRestrictions = true;
} elseif ($annotation instanceof PreAuthorize) {
$methodMetadata->roles = array(new Expression($annotation->expr));
$hasSecurityMetadata = $hasPreRestrictions = true;
} elseif ($annotation instanceof SecureParam) {
if (!isset($parameters[$annotation->name])) {
throw new InvalidArgumentException(sprintf('The parameter "%s" does not exist for method "%s".', $annotation->name, $method->name));
}
$methodMetadata->addParamPermissions($parameters[$annotation->name], $annotation->permissions);
$hasSecurityMetadata = $hasPreRestrictions = true;
} elseif ($annotation instanceof SecureReturn) {
$methodMetadata->returnPermissions = $annotation->permissions;
$hasSecurityMetadata = true;
} elseif ($annotation instanceof SatisfiesParentSecurityPolicy) {
$methodMetadata->satisfiesParentSecurityPolicy = true;
$hasSecurityMetadata = true;
} elseif ($annotation instanceof RunAs) {
$methodMetadata->runAsRoles = $annotation->roles;
$hasSecurityMetadata = true;
}
}
// We use the following conditions to determine whether we should apply
// a class-level @PreAuthorize annotation:
//
// - No other authorization that runs before the method invocation
// must be configured. @Secure, @SecureParam, @PreAuthorize must
// not be present; @SecureReturn would be fine though.
//
// - The method must be public, or alternatively publicOnly on
// @PreAuthorize must be set to false.
if (!$hasPreRestrictions && $classPreAuthorize && (!$classPreAuthorize->publicOnly || !$method->isProtected())) {
$methodMetadata->roles = array(new Expression($classPreAuthorize->expr));
$hasSecurityMetadata = true;
}
return $hasSecurityMetadata ? $methodMetadata : null;
}
