1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
<?php
namespace Drupal\Core\Routing;
use Drupal\Core\Access\AccessManagerInterface;
use Drupal\Core\Access\AccessResultReasonInterface;
use Drupal\Core\Cache\CacheableDependencyInterface;
use Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException;
use Drupal\Core\Session\AccountInterface;
use Symfony\Component\HttpFoundation\Exception\BadRequestException;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\Routing\Exception\ResourceNotFoundException;
use Symfony\Component\Routing\RouteCollection;
use Symfony\Component\Routing\RequestContext as SymfonyRequestContext;
use Symfony\Component\Routing\RouterInterface;
/**
* A router class for Drupal with access check and upcasting.
*/
class AccessAwareRouter implements AccessAwareRouterInterface {
/**
* The router doing the actual routing.
*
* @var \Symfony\Component\Routing\RouterInterface
*/
protected $router;
/**
* The access manager.
*
* @var \Drupal\Core\Access\AccessManagerInterface
*/
protected $accessManager;
/**
* The account to use in access checks.
*
* @var \Drupal\Core\Session\AccountInterface
*/
protected $account;
/**
* Constructs a router for Drupal with access check and upcasting.
*
* @param \Symfony\Component\Routing\RouterInterface $router
* The router doing the actual routing.
* @param \Drupal\Core\Access\AccessManagerInterface $access_manager
* The access manager.
* @param \Drupal\Core\Session\AccountInterface $account
* The account to use in access checks.
*/
public function __construct(RouterInterface $router, AccessManagerInterface $access_manager, AccountInterface $account) {
$this->router = $router;
$this->accessManager = $access_manager;
$this->account = $account;
}
/**
* {@inheritdoc}
*/
public function __call($name, $arguments) {
// Ensure to call every other function to the router.
return call_user_func_array([$this->router, $name], $arguments);
}
/**
* {@inheritdoc}
*/
public function setContext(SymfonyRequestContext $context): void {
$this->router->setContext($context);
}
/**
* {@inheritdoc}
*/
public function getContext(): SymfonyRequestContext {
return $this->router->getContext();
}
/**
* {@inheritdoc}
*
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
* Thrown when access checking failed.
*/
public function matchRequest(Request $request): array {
$parameters = $this->router->matchRequest($request);
$request->attributes->add($parameters);
$this->checkAccess($request);
// We can not return $parameters because the access check can change the
// request attributes.
return $request->attributes->all();
}
/**
* Apply access check service to the route and parameters in the request.
*
* @param \Symfony\Component\HttpFoundation\Request $request
* The request to access check.
*/
protected function checkAccess(Request $request) {
// The cacheability (if any) of this request's access check result must be
// applied to the response.
$access_result = $this->accessManager->checkRequest($request, $this->account, TRUE);
// Allow a master request to set the access result for a subrequest: if an
// access result attribute is already set, don't overwrite it.
if (!$request->attributes->has(AccessAwareRouterInterface::ACCESS_RESULT)) {
$request->attributes->set(AccessAwareRouterInterface::ACCESS_RESULT, $access_result);
}
if (!$access_result->isAllowed()) {
if ($access_result instanceof CacheableDependencyInterface && $request->isMethodCacheable()) {
throw new CacheableAccessDeniedHttpException($access_result, $access_result instanceof AccessResultReasonInterface ? $access_result->getReason() : '');
}
else {
throw new AccessDeniedHttpException($access_result instanceof AccessResultReasonInterface ? $access_result->getReason() : '');
}
}
}
/**
* {@inheritdoc}
*/
public function getRouteCollection(): RouteCollection {
return $this->router->getRouteCollection();
}
/**
* {@inheritdoc}
*/
public function generate($name, $parameters = [], $referenceType = self::ABSOLUTE_PATH): string {
return $this->router->generate($name, $parameters, $referenceType);
}
/**
* {@inheritdoc}
*
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
* Thrown when access checking failed.
*/
public function match($pathinfo): array {
try {
$request = Request::create($pathinfo);
}
catch (BadRequestException $e) {
throw new ResourceNotFoundException($e->getMessage(), $e->getCode(), $e);
}
return $this->matchRequest($request);
}
}
|
