vendor/symfony/security-core/Authorization/Voter/ExpressionVoter.php line 27

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Core\Authorization\Voter;
  14. use Symfony\Component\ExpressionLanguage\Expression;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
  17. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  18. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  19. use Symfony\Component\Security\Core\Authorization\ExpressionLanguage;
  20. use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
  22. /**
  23.  * ExpressionVoter votes based on the evaluation of an expression.
  24.  *
  25.  * @author Fabien Potencier <fabien@symfony.com>
  26.  */
  27. class ExpressionVoter implements CacheableVoterInterface
  28. {
  29.     private $expressionLanguage;
  30.     private $trustResolver;
  31.     private $authChecker;
  32.     private $roleHierarchy;
  34.     public function __construct(ExpressionLanguage $expressionLanguageAuthenticationTrustResolverInterface $trustResolverAuthorizationCheckerInterface $authChecker, ?RoleHierarchyInterface $roleHierarchy null)
  35.     {
  36.         $this->expressionLanguage $expressionLanguage;
  37.         $this->trustResolver $trustResolver;
  38.         $this->authChecker $authChecker;
  39.         $this->roleHierarchy $roleHierarchy;
  40.     }
  42.     public function supportsAttribute(string $attribute): bool
  43.     {
  44.         return false;
  45.     }
  47.     public function supportsType(string $subjectType): bool
  48.     {
  49.         return true;
  50.     }
  52.     /**
  53.      * {@inheritdoc}
  54.      */
  55.     public function vote(TokenInterface $token$subject, array $attributes)
  56.     {
  57.         $result VoterInterface::ACCESS_ABSTAIN;
  58.         $variables null;
  59.         foreach ($attributes as $attribute) {
  60.             if (!$attribute instanceof Expression) {
  61.                 continue;
  62.             }
  64.             if (null === $variables) {
  65.                 $variables $this->getVariables($token$subject);
  66.             }
  68.             $result VoterInterface::ACCESS_DENIED;
  69.             if ($this->expressionLanguage->evaluate($attribute$variables)) {
  70.                 return VoterInterface::ACCESS_GRANTED;
  71.             }
  72.         }
  74.         return $result;
  75.     }
  77.     private function getVariables(TokenInterface $token$subject): array
  78.     {
  79.         $roleNames $token->getRoleNames();
  81.         if (null !== $this->roleHierarchy) {
  82.             $roleNames $this->roleHierarchy->getReachableRoleNames($roleNames);
  83.         }
  85.         $variables = [
  86.             'token' => $token,
  87.             'user' => $token->getUser(),
  88.             'object' => $subject,
  89.             'subject' => $subject,
  90.             'role_names' => $roleNames,
  91.             'trust_resolver' => $this->trustResolver,
  92.             'auth_checker' => $this->authChecker,
  93.         ];
  95.         // this is mainly to propose a better experience when the expression is used
  96.         // in an access control rule, as the developer does not know that it's going
  97.         // to be handled by this voter
  98.         if ($subject instanceof Request) {
  99.             $variables['request'] = $subject;
  100.         }
  102.         return $variables;
  103.     }
  104. }