src/Eccube/Security/Voter/AuthorityVoter.php line 23

Open in your IDE?
  1. <?php
  2. /*
  3.  * This file is part of EC-CUBE
  4.  *
  5.  * Copyright(c) EC-CUBE CO.,LTD. All Rights Reserved.
  6.  *
  7.  * http://www.ec-cube.co.jp/
  8.  *
  9.  * For the full copyright and license information, please view the LICENSE
  10.  * file that was distributed with this source code.
  11.  */
  12. namespace Eccube\Security\Voter;
  13. use Eccube\Common\EccubeConfig;
  14. use Eccube\Entity\Member;
  15. use Eccube\Repository\AuthorityRoleRepository;
  16. use Symfony\Component\HttpFoundation\RequestStack;
  17. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  18. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  19. class AuthorityVoter implements VoterInterface
  20. {
  21.     /**
  22.      * @var AuthorityRoleRepository
  23.      */
  24.     protected $authorityRoleRepository;
  25.     /**
  26.      * @var RequestStack
  27.      */
  28.     protected $requestStack;
  29.     /**
  30.      * @var EccubeConfig
  31.      */
  32.     protected $eccubeConfig;
  33.     public function __construct(
  34.         AuthorityRoleRepository $authorityRoleRepository,
  35.         RequestStack $requestStack,
  36.         EccubeConfig $eccubeConfig
  37.     ) {
  38.         $this->authorityRoleRepository $authorityRoleRepository;
  39.         $this->requestStack $requestStack;
  40.         $this->eccubeConfig $eccubeConfig;
  41.     }
  42.     public function vote(TokenInterface $token$object, array $attributes)
  43.     {
  44.         $request null;
  45.         $path null;
  46.         try {
  47.             $request $this->requestStack->getMasterRequest();
  48.         } catch (\RuntimeException $e) {
  49.             // requestが取得できない場合、棄権する(テストプログラムで不要なため)
  50.             return VoterInterface::ACCESS_ABSTAIN;
  51.         }
  52.         if (is_object($request)) {
  53.             $path rawurldecode($request->getPathInfo());
  54.         }
  55.         $Member $token->getUser();
  56.         if ($Member instanceof Member) {
  57.             // 管理者のロールをチェック
  58.             $AuthorityRoles $this->authorityRoleRepository->findBy(['Authority' => $Member->getAuthority()]);
  59.             $adminRoute $this->eccubeConfig->get('eccube_admin_route');
  60.             foreach ($AuthorityRoles as $AuthorityRole) {
  61.                 // 許可しないURLが含まれていればアクセス拒否
  62.                 try {
  63.                     // 正規表現でURLチェック
  64.                     $denyUrl str_replace('/''\/'$AuthorityRole->getDenyUrl());
  65.                     if (preg_match("/^(\/{$adminRoute}{$denyUrl})/i"$path)) {
  66.                         return VoterInterface::ACCESS_DENIED;
  67.                     }
  68.                 } catch (\Exception $e) {
  69.                     // 拒否URLの指定に誤りがある場合、エスケープさせてチェック
  70.                     $denyUrl preg_quote($AuthorityRole->getDenyUrl(), '/');
  71.                     if (preg_match("/^(\/{$adminRoute}{$denyUrl})/i"$path)) {
  72.                         return VoterInterface::ACCESS_DENIED;
  73.                     }
  74.                 }
  75.             }
  76.         }
  77.         return VoterInterface::ACCESS_GRANTED;
  78.     }
  79. }