src/Eccube/Security/Voter/AuthorityVoter.php line 23

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of EC-CUBE
  5.  *
  6.  * Copyright(c) EC-CUBE CO.,LTD. All Rights Reserved.
  7.  *
  8.  * http://www.ec-cube.co.jp/
  9.  *
  10.  * For the full copyright and license information, please view the LICENSE
  11.  * file that was distributed with this source code.
  12.  */
  14. namespace Eccube\Security\Voter;
  16. use Eccube\Common\EccubeConfig;
  17. use Eccube\Entity\Member;
  18. use Eccube\Repository\AuthorityRoleRepository;
  19. use Symfony\Component\HttpFoundation\RequestStack;
  20. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  21. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  23. class AuthorityVoter implements VoterInterface
  24. {
  25.     /**
  26.      * @var AuthorityRoleRepository
  27.      */
  28.     protected $authorityRoleRepository;
  30.     /**
  31.      * @var RequestStack
  32.      */
  33.     protected $requestStack;
  35.     /**
  36.      * @var EccubeConfig
  37.      */
  38.     protected $eccubeConfig;
  40.     public function __construct(
  41.         AuthorityRoleRepository $authorityRoleRepository,
  42.         RequestStack $requestStack,
  43.         EccubeConfig $eccubeConfig
  44.     ) {
  45.         $this->authorityRoleRepository $authorityRoleRepository;
  46.         $this->requestStack $requestStack;
  47.         $this->eccubeConfig $eccubeConfig;
  48.     }
  50.     public function vote(TokenInterface $token$object, array $attributes)
  51.     {
  52.         $path null;
  54.         try {
  55.             $request $this->requestStack->getMainRequest();
  56.         } catch (\RuntimeException $e) {
  57.             // requestが取得できない場合、棄権する(テストプログラムで不要なため)
  58.             return VoterInterface::ACCESS_ABSTAIN;
  59.         }
  61.         if (is_object($request)) {
  62.             $path rawurldecode($request->getPathInfo());
  63.         }
  65.         $Member $token->getUser();
  66.         if ($Member instanceof Member) {
  67.             // 管理者のロールをチェック
  68.             $AuthorityRoles $this->authorityRoleRepository->findBy(['Authority' => $Member->getAuthority()]);
  69.             $adminRoute $this->eccubeConfig->get('eccube_admin_route');
  71.             foreach ($AuthorityRoles as $AuthorityRole) {
  72.                 // 許可しないURLが含まれていればアクセス拒否
  73.                 try {
  74.                     // 正規表現でURLチェック
  75.                     $denyUrl str_replace('/''\/'$AuthorityRole->getDenyUrl());
  76.                     if (preg_match("/^(\/{$adminRoute}{$denyUrl})/i"$path)) {
  77.                         return VoterInterface::ACCESS_DENIED;
  78.                     }
  79.                 } catch (\Exception $e) {
  80.                     // 拒否URLの指定に誤りがある場合、エスケープさせてチェック
  81.                     $denyUrl preg_quote($AuthorityRole->getDenyUrl(), '/');
  82.                     if (preg_match("/^(\/{$adminRoute}{$denyUrl})/i"$path)) {
  83.                         return VoterInterface::ACCESS_DENIED;
  84.                     }
  85.                 }
  86.             }
  87.         }
  89.         return VoterInterface::ACCESS_GRANTED;
  90.     }
  91. }