src/Eccube/Security/Voter/AuthorityVoter.php line 50

Open in your IDE?
  1. <?php
  2. /*
  3.  * This file is part of EC-CUBE
  4.  *
  5.  * Copyright(c) EC-CUBE CO.,LTD. All Rights Reserved.
  6.  *
  7.  * http://www.ec-cube.co.jp/
  8.  *
  9.  * For the full copyright and license information, please view the LICENSE
  10.  * file that was distributed with this source code.
  11.  */
  12. namespace Eccube\Security\Voter;
  13. use Eccube\Common\EccubeConfig;
  14. use Eccube\Entity\Member;
  15. use Eccube\Repository\AuthorityRoleRepository;
  16. use Symfony\Component\HttpFoundation\RequestStack;
  17. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  18. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  19. class AuthorityVoter implements VoterInterface
  20. {
  21.     /**
  22.      * @var AuthorityRoleRepository
  23.      */
  24.     protected $authorityRoleRepository;
  25.     /**
  26.      * @var RequestStack
  27.      */
  28.     protected $requestStack;
  29.     /**
  30.      * @var EccubeConfig
  31.      */
  32.     protected $eccubeConfig;
  33.     public function __construct(
  34.         AuthorityRoleRepository $authorityRoleRepository,
  35.         RequestStack $requestStack,
  36.         EccubeConfig $eccubeConfig
  37.     ) {
  38.         $this->authorityRoleRepository $authorityRoleRepository;
  39.         $this->requestStack $requestStack;
  40.         $this->eccubeConfig $eccubeConfig;
  41.     }
  42.     public function vote(TokenInterface $token$object, array $attributes)
  43.     {
  44.         $path null;
  45.         try {
  46.             $request $this->requestStack->getMainRequest();
  47.         } catch (\RuntimeException $e) {
  48.             // requestが取得できない場合、棄権する(テストプログラムで不要なため)
  49.             return VoterInterface::ACCESS_ABSTAIN;
  50.         }
  51.         if (is_object($request)) {
  52.             $path rawurldecode($request->getPathInfo());
  53.         }
  54.         $Member $token->getUser();
  55.         if ($Member instanceof Member) {
  56.             // 管理者のロールをチェック
  57.             $AuthorityRoles $this->authorityRoleRepository->findBy(['Authority' => $Member->getAuthority()]);
  58.             $adminRoute $this->eccubeConfig->get('eccube_admin_route');
  59.             foreach ($AuthorityRoles as $AuthorityRole) {
  60.                 // 許可しないURLが含まれていればアクセス拒否
  61.                 try {
  62.                     // 正規表現でURLチェック
  63.                     $denyUrl str_replace('/''\/'$AuthorityRole->getDenyUrl());
  64.                     if (preg_match("/^(\/{$adminRoute}{$denyUrl})/i"$path)) {
  65.                         return VoterInterface::ACCESS_DENIED;
  66.                     }
  67.                 } catch (\Exception $e) {
  68.                     // 拒否URLの指定に誤りがある場合、エスケープさせてチェック
  69.                     $denyUrl preg_quote($AuthorityRole->getDenyUrl(), '/');
  70.                     if (preg_match("/^(\/{$adminRoute}{$denyUrl})/i"$path)) {
  71.                         return VoterInterface::ACCESS_DENIED;
  72.                     }
  73.                 }
  74.             }
  75.         }
  76.         return VoterInterface::ACCESS_GRANTED;
  77.     }
  78. }