src/Eccube/Security/Voter/AuthorityVoter.php line 23

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of EC-CUBE
  5.  *
  6.  * Copyright(c) EC-CUBE CO.,LTD. All Rights Reserved.
  7.  *
  8.  * http://www.ec-cube.co.jp/
  9.  *
  10.  * For the full copyright and license information, please view the LICENSE
  11.  * file that was distributed with this source code.
  12.  */
  14. namespace Eccube\Security\Voter;
  16. use Eccube\Common\EccubeConfig;
  17. use Eccube\Entity\Member;
  18. use Eccube\Repository\AuthorityRoleRepository;
  19. use Symfony\Component\HttpFoundation\RequestStack;
  20. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  21. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  23. class AuthorityVoter implements VoterInterface
  24. {
  25.     /**
  26.      * @var AuthorityRoleRepository
  27.      */
  28.     protected $authorityRoleRepository;
  30.     /**
  31.      * @var RequestStack
  32.      */
  33.     protected $requestStack;
  35.     /**
  36.      * @var EccubeConfig
  37.      */
  38.     protected $eccubeConfig;
  40.     public function __construct(
  41.         AuthorityRoleRepository $authorityRoleRepository,
  42.         RequestStack $requestStack,
  43.         EccubeConfig $eccubeConfig
  44.     ) {
  45.         $this->authorityRoleRepository $authorityRoleRepository;
  46.         $this->requestStack $requestStack;
  47.         $this->eccubeConfig $eccubeConfig;
  48.     }
  50.     public function vote(TokenInterface $token$object, array $attributes)
  51.     {
  52.         $request null;
  53.         $path null;
  55.         try {
  56.             $request $this->requestStack->getMasterRequest();
  57.         } catch (\RuntimeException $e) {
  58.             // requestが取得できない場合、棄権する(テストプログラムで不要なため)
  59.             return VoterInterface::ACCESS_ABSTAIN;
  60.         }
  62.         if (is_object($request)) {
  63.             $path rawurldecode($request->getPathInfo());
  64.         }
  66.         $Member $token->getUser();
  67.         if ($Member instanceof Member) {
  68.             // 管理者のロールをチェック
  69.             $AuthorityRoles $this->authorityRoleRepository->findBy(['Authority' => $Member->getAuthority()]);
  70.             $adminRoute $this->eccubeConfig->get('eccube_admin_route');
  72.             foreach ($AuthorityRoles as $AuthorityRole) {
  73.                 // 許可しないURLが含まれていればアクセス拒否
  74.                 try {
  75.                     // 正規表現でURLチェック
  76.                     $denyUrl str_replace('/''\/'$AuthorityRole->getDenyUrl());
  77.                     if (preg_match("/^(\/{$adminRoute}{$denyUrl})/i"$path)) {
  78.                         return VoterInterface::ACCESS_DENIED;
  79.                     }
  80.                 } catch (\Exception $e) {
  81.                     // 拒否URLの指定に誤りがある場合、エスケープさせてチェック
  82.                     $denyUrl preg_quote($AuthorityRole->getDenyUrl(), '/');
  83.                     if (preg_match("/^(\/{$adminRoute}{$denyUrl})/i"$path)) {
  84.                         return VoterInterface::ACCESS_DENIED;
  85.                     }
  86.                 }
  87.             }
  88.         }
  90.         return VoterInterface::ACCESS_GRANTED;
  91.     }
  92. }