Mercurial > hg > isophonics-drupal-site

annotate core/lib/Drupal/Core/Routing/AccessAwareRouter.php @ 13:5fb285c0d0e3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update Drupal core to 8.4.7 via Composer. Security update; I *think* we've been lucky to get away with this so far, as we don't support self-registration which seems to be used by the so-called "drupalgeddon 2" attack that 8.4.5 was vulnerable to.
author Chris Cannam
date Mon, 23 Apr 2018 09:33:26 +0100
parents 4c8ae668cc8c
children 129ea1e6d783
rev   line source
Chris@0 1 <?php
Chris@0 2
Chris@0 3 namespace Drupal\Core\Routing;
Chris@0 4
Chris@0 5 use Drupal\Core\Access\AccessManagerInterface;
Chris@0 6 use Drupal\Core\Access\AccessResultReasonInterface;
Chris@0 7 use Drupal\Core\Session\AccountInterface;
Chris@0 8 use Symfony\Component\HttpFoundation\Request;
Chris@0 9 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
Chris@0 10 use Symfony\Component\Routing\Matcher\RequestMatcherInterface;
Chris@0 11 use Symfony\Component\Routing\RequestContext as SymfonyRequestContext;
Chris@0 12 use Symfony\Component\Routing\RequestContextAwareInterface;
Chris@0 13 use Symfony\Component\Routing\RouterInterface;
Chris@0 14
Chris@0 15 /**
Chris@0 16 * A router class for Drupal with access check and upcasting.
Chris@0 17 */
Chris@0 18 class AccessAwareRouter implements AccessAwareRouterInterface {
Chris@0 19
Chris@0 20 /**
Chris@0 21 * The router doing the actual routing.
Chris@0 22 *
Chris@0 23 * @var \Symfony\Component\Routing\Matcher\RequestMatcherInterface
Chris@0 24 */
Chris@0 25 protected $router;
Chris@0 26
Chris@0 27 /**
Chris@0 28 * The access manager.
Chris@0 29 *
Chris@0 30 * @var \Drupal\Core\Access\AccessManagerInterface
Chris@0 31 */
Chris@0 32 protected $accessManager;
Chris@0 33
Chris@0 34 /**
Chris@0 35 * The account to use in access checks.
Chris@0 36 *
Chris@0 37 * @var \Drupal\Core\Session\AccountInterface;
Chris@0 38 */
Chris@0 39 protected $account;
Chris@0 40
Chris@0 41 /**
Chris@0 42 * Constructs a router for Drupal with access check and upcasting.
Chris@0 43 *
Chris@0 44 * @param \Symfony\Component\Routing\Matcher\RequestMatcherInterface $router
Chris@0 45 * The router doing the actual routing.
Chris@0 46 * @param \Drupal\Core\Access\AccessManagerInterface $access_manager
Chris@0 47 * The access manager.
Chris@0 48 * @param \Drupal\Core\Session\AccountInterface $account
Chris@0 49 * The account to use in access checks.
Chris@0 50 */
Chris@0 51 public function __construct(RequestMatcherInterface $router, AccessManagerInterface $access_manager, AccountInterface $account) {
Chris@0 52 $this->router = $router;
Chris@0 53 $this->accessManager = $access_manager;
Chris@0 54 $this->account = $account;
Chris@0 55 }
Chris@0 56
Chris@0 57 /**
Chris@0 58 * {@inheritdoc}
Chris@0 59 */
Chris@0 60 public function __call($name, $arguments) {
Chris@0 61 // Ensure to call every other function to the router.
Chris@0 62 return call_user_func_array([$this->router, $name], $arguments);
Chris@0 63 }
Chris@0 64
Chris@0 65 /**
Chris@0 66 * {@inheritdoc}
Chris@0 67 */
Chris@0 68 public function setContext(SymfonyRequestContext $context) {
Chris@0 69 if ($this->router instanceof RequestContextAwareInterface) {
Chris@0 70 $this->router->setContext($context);
Chris@0 71 }
Chris@0 72 }
Chris@0 73
Chris@0 74 /**
Chris@0 75 * {@inheritdoc}
Chris@0 76 */
Chris@0 77 public function getContext() {
Chris@0 78 if ($this->router instanceof RequestContextAwareInterface) {
Chris@0 79 return $this->router->getContext();
Chris@0 80 }
Chris@0 81 }
Chris@0 82
Chris@0 83 /**
Chris@0 84 * {@inheritdoc}
Chris@0 85 *
Chris@0 86 * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
Chris@0 87 * Thrown when access checking failed.
Chris@0 88 */
Chris@0 89 public function matchRequest(Request $request) {
Chris@0 90 $parameters = $this->router->matchRequest($request);
Chris@0 91 $request->attributes->add($parameters);
Chris@0 92 $this->checkAccess($request);
Chris@0 93 // We can not return $parameters because the access check can change the
Chris@0 94 // request attributes.
Chris@0 95 return $request->attributes->all();
Chris@0 96 }
Chris@0 97
Chris@0 98 /**
Chris@0 99 * Apply access check service to the route and parameters in the request.
Chris@0 100 *
Chris@0 101 * @param \Symfony\Component\HttpFoundation\Request $request
Chris@0 102 * The request to access check.
Chris@0 103 */
Chris@0 104 protected function checkAccess(Request $request) {
Chris@0 105 // The cacheability (if any) of this request's access check result must be
Chris@0 106 // applied to the response.
Chris@0 107 $access_result = $this->accessManager->checkRequest($request, $this->account, TRUE);
Chris@0 108 // Allow a master request to set the access result for a subrequest: if an
Chris@0 109 // access result attribute is already set, don't overwrite it.
Chris@0 110 if (!$request->attributes->has(AccessAwareRouterInterface::ACCESS_RESULT)) {
Chris@0 111 $request->attributes->set(AccessAwareRouterInterface::ACCESS_RESULT, $access_result);
Chris@0 112 }
Chris@0 113 if (!$access_result->isAllowed()) {
Chris@0 114 throw new AccessDeniedHttpException($access_result instanceof AccessResultReasonInterface ? $access_result->getReason() : NULL);
Chris@0 115 }
Chris@0 116 }
Chris@0 117
Chris@0 118 /**
Chris@0 119 * {@inheritdoc}
Chris@0 120 */
Chris@0 121 public function getRouteCollection() {
Chris@0 122 if ($this->router instanceof RouterInterface) {
Chris@0 123 return $this->router->getRouteCollection();
Chris@0 124 }
Chris@0 125 }
Chris@0 126
Chris@0 127 /**
Chris@0 128 * {@inheritdoc}
Chris@0 129 */
Chris@0 130 public function generate($name, $parameters = [], $referenceType = self::ABSOLUTE_PATH) {
Chris@0 131 if ($this->router instanceof UrlGeneratorInterface) {
Chris@0 132 return $this->router->generate($name, $parameters, $referenceType);
Chris@0 133 }
Chris@0 134 }
Chris@0 135
Chris@0 136 /**
Chris@0 137 * {@inheritdoc}
Chris@0 138 *
Chris@0 139 * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
Chris@0 140 * Thrown when access checking failed.
Chris@0 141 */
Chris@0 142 public function match($pathinfo) {
Chris@0 143 return $this->matchRequest(Request::create($pathinfo));
Chris@0 144 }
Chris@0 145
Chris@0 146 }