/** * Returns a response when is an ajax request and an AccessDeniedException has been thrown * * @param GetResponseForExceptionEvent $event * * @api */ public function onKernelException(GetResponseForExceptionEvent $event) { $request = $event->getRequest(); $exception = $event->getException(); if ($request->isXmlHttpRequest()) { if ($exception instanceof AccessDeniedException) { $token = $this->context->getToken(); if (!$this->authenticationTrustResolver->isAnonymous($token)) { $event->setResponse(new Response('You haven\'t enough privileges to perform the required action', 403)); } } } }
/** * Only allow access if the TokenInterface isAnonymous. But abstain from voting * if the attribute IS_ANONYMOUS isnt supported. * * @param TokenInterface $token * @param object $object * @param array $attributes * @return integer */ public function vote(TokenInterface $token, $object, array $attributes) { foreach ($attributes as $attribute) { if (!$this->supportsAttribute($attribute)) { continue; } // If the user is anonymous then grant access otherwise deny! if ($this->authenticationTrustResolver->isAnonymous($token)) { return VoterInterface::ACCESS_GRANTED; } return VoterInterface::ACCESS_DENIED; } return VoterInterface::ACCESS_ABSTAIN; }
/** * Stores the referer in the session. * * @param FilterResponseEvent $event */ public function onKernelResponse(FilterResponseEvent $event) { if (!$this->isContaoMasterRequest($event)) { return; } $token = $this->tokenStorage->getToken(); if (null === $token || $this->authenticationTrustResolver->isAnonymous($token)) { return; } $request = $event->getRequest(); if ($this->isBackendScope()) { $this->storeBackendReferer($request); } else { $this->storeFrontendReferer($request); } }
/** * Writes the current session data to the database. * * @param FilterResponseEvent $event */ public function onKernelResponse(FilterResponseEvent $event) { if (!$this->isContaoMasterRequest($event)) { return; } $token = $this->tokenStorage->getToken(); if (null === $token || $this->authenticationTrustResolver->isAnonymous($token)) { return; } $user = $this->getUserObject(); if (!$user instanceof User) { return; } $this->connection->update($user->getTable(), ['session' => serialize($this->getSessionBag()->all())], ['id' => $user->id]); }