From 6618c18acb1e7b6b29f56c51264f1448fc2975ba Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Thu, 28 Apr 2016 11:12:15 +0200 Subject: [PATCH] =?UTF-8?q?[Security]=C2=A0Expose=20the=20required=20roles?= =?UTF-8?q?=20in=20AccessDeniedException?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../FrameworkBundle/Controller/Controller.php | 6 +++- .../Bundle/FrameworkBundle/composer.json | 2 +- src/Symfony/Component/Security/CHANGELOG.md | 5 +++ .../Core/Exception/AccessDeniedException.php | 35 +++++++++++++++++++ .../Security/Http/Firewall/AccessListener.php | 6 +++- .../Http/Firewall/SwitchUserListener.php | 5 ++- .../Component/Security/Http/composer.json | 2 +- 7 files changed, 56 insertions(+), 5 deletions(-) diff --git a/src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php b/src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php index 62a2c634fba2a..317f19197ce6b 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php +++ b/src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php @@ -192,7 +192,11 @@ protected function isGranted($attributes, $object = null) protected function denyAccessUnlessGranted($attributes, $object = null, $message = 'Access Denied.') { if (!$this->isGranted($attributes, $object)) { - throw $this->createAccessDeniedException($message); + $exception = $this->createAccessDeniedException($message); + $exception->setAttributes($attributes); + $exception->setObject($object); + + throw $exception; } } diff --git a/src/Symfony/Bundle/FrameworkBundle/composer.json b/src/Symfony/Bundle/FrameworkBundle/composer.json index 910bbc51d6bdb..723752b8d26be 100644 --- a/src/Symfony/Bundle/FrameworkBundle/composer.json +++ b/src/Symfony/Bundle/FrameworkBundle/composer.json @@ -29,7 +29,7 @@ "symfony/filesystem": "~2.8|~3.0", "symfony/finder": "~2.8|~3.0", "symfony/routing": "~3.0", - "symfony/security-core": "~2.8|~3.0", + "symfony/security-core": "~3.2", "symfony/security-csrf": "~2.8|~3.0", "symfony/stopwatch": "~2.8|~3.0", "symfony/templating": "~2.8|~3.0", diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md index 107ed1df6fa44..f92742a09f6e9 100644 --- a/src/Symfony/Component/Security/CHANGELOG.md +++ b/src/Symfony/Component/Security/CHANGELOG.md @@ -1,6 +1,11 @@ CHANGELOG ========= +3.2.0 +----- + + * added `attributes` and `object` with getters/setters to `Symfony\Component\Security\Core\Exception\AccessDeniedException` + 3.0.0 ----- diff --git a/src/Symfony/Component/Security/Core/Exception/AccessDeniedException.php b/src/Symfony/Component/Security/Core/Exception/AccessDeniedException.php index 736a36b5f7622..d9a7019f75bc7 100644 --- a/src/Symfony/Component/Security/Core/Exception/AccessDeniedException.php +++ b/src/Symfony/Component/Security/Core/Exception/AccessDeniedException.php @@ -18,8 +18,43 @@ */ class AccessDeniedException extends \RuntimeException { + private $attributes = array(); + private $object; + public function __construct($message = 'Access Denied.', \Exception $previous = null) { parent::__construct($message, 403, $previous); } + + /** + * @return array + */ + public function getAttributes() + { + return $this->attributes; + } + + /** + * @param array|string $attributes + */ + public function setAttributes($attributes) + { + $this->attributes = (array) $attributes; + } + + /** + * @return mixed + */ + public function getObject() + { + return $this->object; + } + + /** + * @param mixed $object + */ + public function setObject($object) + { + $this->object = $object; + } } diff --git a/src/Symfony/Component/Security/Http/Firewall/AccessListener.php b/src/Symfony/Component/Security/Http/Firewall/AccessListener.php index c234317e77985..5a2366697b948 100644 --- a/src/Symfony/Component/Security/Http/Firewall/AccessListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/AccessListener.php @@ -67,7 +67,11 @@ public function handle(GetResponseEvent $event) } if (!$this->accessDecisionManager->decide($token, $attributes, $request)) { - throw new AccessDeniedException(); + $exception = new AccessDeniedException(); + $exception->setAttributes($attributes); + $exception->setObject($request); + + throw $exception; } } } diff --git a/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php b/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php index 7de83d2513369..e9c3e4068d530 100644 --- a/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php @@ -122,7 +122,10 @@ private function attemptSwitchUser(Request $request) } if (false === $this->accessDecisionManager->decide($token, array($this->role))) { - throw new AccessDeniedException(); + $exception = new AccessDeniedException(); + $exception->setAttributes($this->role); + + throw $exception; } $username = $request->get($this->usernameParameter); diff --git a/src/Symfony/Component/Security/Http/composer.json b/src/Symfony/Component/Security/Http/composer.json index 3f98ec531fc72..add5d3aabe43f 100644 --- a/src/Symfony/Component/Security/Http/composer.json +++ b/src/Symfony/Component/Security/Http/composer.json @@ -17,7 +17,7 @@ ], "require": { "php": ">=5.5.9", - "symfony/security-core": "~2.8|~3.0", + "symfony/security-core": "~3.2", "symfony/event-dispatcher": "~2.8|~3.0", "symfony/http-foundation": "~2.8|~3.0", "symfony/http-kernel": "~2.8|~3.0",