vendor/symfony/security-core/Authorization/AuthorizationChecker.php line 35

Open in your IDE?
  1. <?php
  2. /*
  3. * This file is part of the Symfony package.
  4. *
  5. * (c) Fabien Potencier <fabien@symfony.com>
  6. *
  7. * For the full copyright and license information, please view the LICENSE
  8. * file that was distributed with this source code.
  9. */
  10. namespace Symfony\Component\Security\Core\Authorization;
  11. use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
  12. use Symfony\Component\Security\Core\Authentication\Token\NullToken;
  13. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  14. use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
  15. /**
  16. * AuthorizationChecker is the main authorization point of the Security component.
  17. *
  18. * It gives access to the token representing the current user authentication.
  19. *
  20. * @author Fabien Potencier <fabien@symfony.com>
  21. * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  22. */
  23. class AuthorizationChecker implements AuthorizationCheckerInterface
  24. {
  25. private $tokenStorage;
  26. private $accessDecisionManager;
  27. private $authenticationManager;
  28. private $alwaysAuthenticate;
  29. private $exceptionOnNoToken;
  30. public function __construct(TokenStorageInterface $tokenStorage, /* AccessDecisionManagerInterface */ $accessDecisionManager, /* bool */ $alwaysAuthenticate = false, /* bool */ $exceptionOnNoToken = true)
  31. {
  32. if ($accessDecisionManager instanceof AuthenticationManagerInterface) {
  33. trigger_deprecation('symfony/security-core', '5.4', 'The $autenticationManager argument of "%s" is deprecated.', __METHOD__);
  34. $this->authenticationManager = $accessDecisionManager;
  35. $accessDecisionManager = $alwaysAuthenticate;
  36. $alwaysAuthenticate = $exceptionOnNoToken;
  37. $exceptionOnNoToken = \func_num_args() > 4 ? func_get_arg(4) : true;
  38. }
  39. if (false !== $alwaysAuthenticate) {
  40. trigger_deprecation('symfony/security-core', '5.4', 'Not setting the 4th argument of "%s" to "false" is deprecated.', __METHOD__);
  41. }
  42. if (false !== $exceptionOnNoToken) {
  43. trigger_deprecation('symfony/security-core', '5.4', 'Not setting the 5th argument of "%s" to "false" is deprecated.', __METHOD__);
  44. }
  45. if (!$accessDecisionManager instanceof AccessDecisionManagerInterface) {
  46. throw new \TypeError(sprintf('Argument 2 of "%s" must be instance of "%s", "%s" given.', __METHOD__, AccessDecisionManagerInterface::class, get_debug_type($accessDecisionManager)));
  47. }
  48. $this->tokenStorage = $tokenStorage;
  49. $this->accessDecisionManager = $accessDecisionManager;
  50. $this->alwaysAuthenticate = $alwaysAuthenticate;
  51. $this->exceptionOnNoToken = $exceptionOnNoToken;
  52. }
  53. /**
  54. * {@inheritdoc}
  55. *
  56. * @throws AuthenticationCredentialsNotFoundException when the token storage has no authentication token and $exceptionOnNoToken is set to true
  57. */
  58. final public function isGranted($attribute, $subject = null): bool
  59. {
  60. $token = $this->tokenStorage->getToken();
  61. if (!$token || !$token->getUser()) {
  62. if ($this->exceptionOnNoToken) {
  63. throw new AuthenticationCredentialsNotFoundException('The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL.');
  64. }
  65. $token = new NullToken();
  66. } else {
  67. $authenticated = true;
  68. // @deprecated since Symfony 5.4
  69. if ($this->alwaysAuthenticate || !$authenticated = $token->isAuthenticated(false)) {
  70. if (!($authenticated ?? true)) {
  71. trigger_deprecation('symfony/core', '5.4', 'Returning false from "%s::isAuthenticated()" is deprecated, return null from "getUser()" instead.', get_debug_type($token));
  72. }
  73. $this->tokenStorage->setToken($token = $this->authenticationManager->authenticate($token));
  74. }
  75. }
  76. return $this->accessDecisionManager->decide($token, [$attribute], $subject);
  77. }
  78. }