[Security] Expose the required roles in AccessDeniedException

Nicofuma · Nicofuma · commit e32fa3c01635 · 2016-07-29T09:16:48.000+02:00
diff --git a/src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php b/src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php
@@ -192,7 +192,11 @@ protected function isGranted($attributes, $object = null)
     protected function denyAccessUnlessGranted($attributes, $object = null, $message = 'Access Denied.')
     {
         if (!$this->isGranted($attributes, $object)) {
-            throw $this->createAccessDeniedException($message);
+            $exception = $this->createAccessDeniedException($message);
+            $exception->setAttributes($attributes);
+            $exception->setObject($object);
+
+            throw $exception;
         }
     }
 
diff --git a/src/Symfony/Bundle/FrameworkBundle/composer.json b/src/Symfony/Bundle/FrameworkBundle/composer.json
@@ -29,7 +29,7 @@
         "symfony/filesystem": "~2.8|~3.0",
         "symfony/finder": "~2.8|~3.0",
         "symfony/routing": "~3.0",
-        "symfony/security-core": "~2.8|~3.0",
+        "symfony/security-core": "~3.2",
         "symfony/security-csrf": "~2.8|~3.0",
         "symfony/stopwatch": "~2.8|~3.0",
         "symfony/templating": "~2.8|~3.0",
diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
@@ -1,6 +1,11 @@
 CHANGELOG
 =========
 
+3.2.0
+-----
+
+ * added `attributes` and `object` with getters/setters to `Symfony\Component\Security\Core\Exception\AccessDeniedException`
+
 3.0.0
 -----
 
diff --git a/src/Symfony/Component/Security/Core/Exception/AccessDeniedException.php b/src/Symfony/Component/Security/Core/Exception/AccessDeniedException.php
@@ -18,8 +18,43 @@
  */
 class AccessDeniedException extends \RuntimeException
 {
+    private $attributes = array();
+    private $object;
+
     public function __construct($message = 'Access Denied.', \Exception $previous = null)
     {
         parent::__construct($message, 403, $previous);
     }
+
+    /**
+     * @return array
+     */
+    public function getAttributes()
+    {
+        return $this->attributes;
+    }
+
+    /**
+     * @param array|string $attributes
+     */
+    public function setAttributes($attributes)
+    {
+        $this->attributes = (array) $attributes;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getObject()
+    {
+        return $this->object;
+    }
+
+    /**
+     * @param mixed $object
+     */
+    public function setObject($object)
+    {
+        $this->object = $object;
+    }
 }
diff --git a/src/Symfony/Component/Security/Http/Firewall/AccessListener.php b/src/Symfony/Component/Security/Http/Firewall/AccessListener.php
@@ -67,7 +67,11 @@ public function handle(GetResponseEvent $event)
         }
 
         if (!$this->accessDecisionManager->decide($token, $attributes, $request)) {
-            throw new AccessDeniedException();
+            $exception = new AccessDeniedException();
+            $exception->setAttributes($attributes);
+            $exception->setObject($request);
+
+            throw $exception;
         }
     }
 }
diff --git a/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php b/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php
@@ -122,7 +122,10 @@ private function attemptSwitchUser(Request $request)
         }
 
         if (false === $this->accessDecisionManager->decide($token, array($this->role))) {
-            throw new AccessDeniedException();
+            $exception = new AccessDeniedException();
+            $exception->setAttributes(array($this->role));
+
+            throw $exception;
         }
 
         $username = $request->get($this->usernameParameter);
diff --git a/src/Symfony/Component/Security/Http/composer.json b/src/Symfony/Component/Security/Http/composer.json
@@ -17,7 +17,7 @@
     ],
     "require": {
         "php": ">=5.5.9",
-        "symfony/security-core": "~2.8|~3.0",
+        "symfony/security-core": "~3.2",
         "symfony/event-dispatcher": "~2.8|~3.0",
         "symfony/http-foundation": "~2.8|~3.0",
         "symfony/http-kernel": "~2.8|~3.0",

Original file line number	Diff line number	Diff line change
`@@ -192,7 +192,11 @@ protected function isGranted($attributes, $object = null)`
`192`	`192`	`protected function denyAccessUnlessGranted($attributes, $object = null, $message = 'Access Denied.')`
`193`	`193`	`{`
`194`	`194`	`if (!$this->isGranted($attributes, $object)) {`
`195`		`- throw $this->createAccessDeniedException($message);`
	`195`	`+ $exception = $this->createAccessDeniedException($message);`
	`196`	`+ $exception->setAttributes($attributes);`
	`197`	`+ $exception->setObject($object);`
	`198`	`+`
	`199`	`+ throw $exception;`
`196`	`200`	`}`
`197`	`201`	`}`
`198`	`202`
Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,11 @@ public function handle(GetResponseEvent $event)`
`67`	`67`	`}`
`68`	`68`
`69`	`69`	`if (!$this->accessDecisionManager->decide($token, $attributes, $request)) {`
`70`		`- throw new AccessDeniedException();`
	`70`	`+ $exception = new AccessDeniedException();`
	`71`	`+ $exception->setAttributes($attributes);`
	`72`	`+ $exception->setObject($request);`
	`73`	`+`
	`74`	`+ throw $exception;`
`71`	`75`	`}`
`72`	`76`	`}`
`73`	`77`	`}`
Original file line number	Diff line number	Diff line change
`@@ -122,7 +122,10 @@ private function attemptSwitchUser(Request $request)`
`122`	`122`	`}`
`123`	`123`
`124`	`124`	`if (false === $this->accessDecisionManager->decide($token, array($this->role))) {`
`125`		`- throw new AccessDeniedException();`
	`125`	`+ $exception = new AccessDeniedException();`
	`126`	`+ $exception->setAttributes(array($this->role));`
	`127`	`+`
	`128`	`+ throw $exception;`
`126`	`129`	`}`
`127`	`130`
`128`	`131`	`$username = $request->get($this->usernameParameter);`