Code Coverage |
||||||||||
Classes and Traits |
Functions and Methods |
Lines |
||||||||
Total | |
0.00% |
0 / 1 |
|
25.00% |
1 / 4 |
CRAP | |
66.67% |
14 / 21 |
AuthorityVoter | |
0.00% |
0 / 1 |
|
25.00% |
1 / 4 |
13.70 | |
66.67% |
14 / 21 |
__construct | |
100.00% |
1 / 1 |
1 | |
100.00% |
2 / 2 |
|||
supportsAttribute | |
0.00% |
0 / 1 |
2 | |
0.00% |
0 / 1 |
|||
supportsClass | |
0.00% |
0 / 1 |
2 | |
0.00% |
0 / 1 |
|||
vote | |
0.00% |
0 / 1 |
8.25 | |
70.59% |
12 / 17 |
<?php | |
/* | |
* This file is part of EC-CUBE | |
* | |
* Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. | |
* | |
* http://www.lockon.co.jp/ | |
* | |
* This program is free software; you can redistribute it and/or | |
* modify it under the terms of the GNU General Public License | |
* as published by the Free Software Foundation; either version 2 | |
* of the License, or (at your option) any later version. | |
* | |
* This program is distributed in the hope that it will be useful, | |
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
* GNU General Public License for more details. | |
* | |
* You should have received a copy of the GNU General Public License | |
* along with this program; if not, write to the Free Software | |
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
*/ | |
namespace Eccube\Security\Voter; | |
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface; | |
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; | |
use Eccube\Application; | |
class AuthorityVoter implements VoterInterface | |
{ | |
public $app; | |
public function __construct(Application $app) | |
{ | |
$this->app = $app; | |
} | |
public function supportsAttribute($attribute) | |
{ | |
return true; | |
} | |
public function supportsClass($class) | |
{ | |
return true; | |
} | |
public function vote(TokenInterface $token, $object, array $attributes) | |
{ | |
$request = null; | |
try { | |
$request = $this->app['request']; | |
} catch (\RuntimeException $e) { | |
// requestが取得できない場合、無視する(テストプログラムで不要なため) | |
return; | |
} | |
$path = rawurldecode($request->getPathInfo()); | |
$Member = $this->app->user(); | |
if ($Member instanceof \Eccube\Entity\Member) { | |
// 管理者のロールをチェック | |
$AuthorityRoles = $this->app['eccube.repository.authority_role']->findBy(array('Authority' => $Member->getAuthority())); | |
foreach ($AuthorityRoles as $AuthorityRole) { | |
// 許可しないURLが含まれていればアクセス拒否 | |
try { | |
// 正規表現でURLチェック | |
$denyUrl = str_replace('/', '\/', $AuthorityRole->getDenyUrl()); | |
if (preg_match("/^(\/{$this->app['config']['admin_route']}$denyUrl)/i", $path)) { | |
return VoterInterface::ACCESS_DENIED; | |
} | |
} catch (\Exception $e) { | |
// 拒否URLの指定に誤りがある場合、エスケープさせてチェック | |
$denyUrl = preg_quote($AuthorityRole->getDenyUrl(), '/'); | |
if (preg_match("/^(\/{$this->app['config']['admin_route']}$denyUrl)/i", $path)) { | |
return VoterInterface::ACCESS_DENIED; | |
} | |
} | |
} | |
} | |
return VoterInterface::ACCESS_GRANTED; | |
} | |
} |