Home Explore Help
Sign In
dima
/
balticrest
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8967e8d364
Branches Tags
balticrest
/
vendor
/
symfony
/
security-core
/
Authorization
/
TraceableAccessDecisionManager.php

TraceableAccessDecisionManager.php 3.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110 
  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  * This file is part of the Symfony package.
    5. 

  5.  *
    6. 

  6.  * (c) Fabien Potencier <fabien@symfony.com>
    7. 

  7.  *
    8. 

  8.  * For the full copyright and license information, please view the LICENSE
    9. 

  9.  * file that was distributed with this source code.
    10. 

  10.  */
    11. 

  11. 

  12. namespace Symfony\Component\Security\Core\Authorization;
    13. 

  13. 

  14. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
    15. 

  15. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
    16. 

  16. 

  17. /**
    18. 

  18.  * Decorates the original AccessDecisionManager class to log information
    19. 

  19.  * about the security voters and the decisions made by them.
    20. 

  20.  *
    21. 

  21.  * @author Javier Eguiluz <javier.eguiluz@gmail.com>
    22. 

  22.  *
    23. 

  23.  * @internal
    24. 

  24.  */
    25. 

  25. class TraceableAccessDecisionManager implements AccessDecisionManagerInterface
    26. 

  26. {
    27. 

  27.     private $manager;
    28. 

  28.     private $strategy;
    29. 

  29.     private $voters = [];
    30. 

  30.     private $decisionLog = []; // All decision logs
    31. 

  31.     private $currentLog = [];  // Logs being filled in
    32. 

  32. 

  33.     public function __construct(AccessDecisionManagerInterface $manager)
    34. 

  34.     {
    35. 

  35.         $this->manager = $manager;
    36. 

  36. 

  37.         if ($this->manager instanceof AccessDecisionManager) {
    38. 

  38.             // The strategy and voters are stored in a private properties of the decorated service
    39. 

  39.             $reflection = new \ReflectionProperty(AccessDecisionManager::class, 'strategy');
    40. 

  40.             $reflection->setAccessible(true);
    41. 

  41.             $this->strategy = $reflection->getValue($manager);
    42. 

  42.             $reflection = new \ReflectionProperty(AccessDecisionManager::class, 'voters');
    43. 

  43.             $reflection->setAccessible(true);
    44. 

  44.             $this->voters = $reflection->getValue($manager);
    45. 

  45.         }
    46. 

  46.     }
    47. 

  47. 

  48.     /**
    49. 

  49.      * {@inheritdoc}
    50. 

  50.      *
    51. 

  51.      * @param bool $allowMultipleAttributes Whether to allow passing multiple values to the $attributes array
    52. 

  52.      */
    53. 

  53.     public function decide(TokenInterface $token, array $attributes, $object = null/*, bool $allowMultipleAttributes = false*/): bool
    54. 

  54.     {
    55. 

  55.         $currentDecisionLog = [
    56. 

  56.             'attributes' => $attributes,
    57. 

  57.             'object' => $object,
    58. 

  58.             'voterDetails' => [],
    59. 

  59.         ];
    60. 

  60. 

  61.         $this->currentLog[] = &$currentDecisionLog;
    62. 

  62. 

  63.         $result = $this->manager->decide($token, $attributes, $object, 3 < \func_num_args() && func_get_arg(3));
    64. 

  64. 

  65.         $currentDecisionLog['result'] = $result;
    66. 

  66. 

  67.         $this->decisionLog[] = array_pop($this->currentLog); // Using a stack since decide can be called by voters
    68. 

  68. 

  69.         return $result;
    70. 

  70.     }
    71. 

  71. 

  72.     /**
    73. 

  73.      * Adds voter vote and class to the voter details.
    74. 

  74.      *
    75. 

  75.      * @param array $attributes attributes used for the vote
    76. 

  76.      * @param int   $vote       vote of the voter
    77. 

  77.      */
    78. 

  78.     public function addVoterVote(VoterInterface $voter, array $attributes, int $vote)
    79. 

  79.     {
    80. 

  80.         $currentLogIndex = \count($this->currentLog) - 1;
    81. 

  81.         $this->currentLog[$currentLogIndex]['voterDetails'][] = [
    82. 

  82.             'voter' => $voter,
    83. 

  83.             'attributes' => $attributes,
    84. 

  84.             'vote' => $vote,
    85. 

  85.         ];
    86. 

  86.     }
    87. 

  87. 

  88.     public function getStrategy(): string
    89. 

  89.     {
    90. 

  90.         // The $strategy property is misleading because it stores the name of its
    91. 

  91.         // method (e.g. 'decideAffirmative') instead of the original strategy name
    92. 

  92.         // (e.g. 'affirmative')
    93. 

  93.         return null === $this->strategy ? '-' : strtolower(substr($this->strategy, 6));
    94. 

  94.     }
    95. 

  95. 

  96.     /**
    97. 

  97.      * @return iterable|VoterInterface[]
    98. 

  98.      */
    99. 

  99.     public function getVoters(): iterable
    100. 

  100.     {
    101. 

  101.         return $this->voters;
    102. 

  102.     }
    103. 

  103. 

  104.     public function getDecisionLog(): array
    105. 

  105.     {
    106. 

  106.         return $this->decisionLog;
    107. 

  107.     }
    108. 

  108. }
    109. 

  109. 

  110. class_alias(TraceableAccessDecisionManager::class, DebugAccessDecisionManager::class);
    111.