Chris@0: <?php
Chris@0: 
Chris@0: namespace Drupal\Core\Routing;
Chris@0: 
Chris@0: use Drupal\Core\Access\AccessManagerInterface;
Chris@0: use Drupal\Core\Access\AccessResultReasonInterface;
Chris@17: use Drupal\Core\Cache\CacheableDependencyInterface;
Chris@17: use Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException;
Chris@0: use Drupal\Core\Session\AccountInterface;
Chris@0: use Symfony\Component\HttpFoundation\Request;
Chris@0: use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
Chris@0: use Symfony\Component\Routing\Matcher\RequestMatcherInterface;
Chris@0: use Symfony\Component\Routing\RequestContext as SymfonyRequestContext;
Chris@0: use Symfony\Component\Routing\RequestContextAwareInterface;
Chris@0: use Symfony\Component\Routing\RouterInterface;
Chris@0: 
Chris@0: /**
Chris@0:  * A router class for Drupal with access check and upcasting.
Chris@0:  */
Chris@0: class AccessAwareRouter implements AccessAwareRouterInterface {
Chris@0: 
Chris@0:   /**
Chris@0:    * The router doing the actual routing.
Chris@0:    *
Chris@0:    * @var \Symfony\Component\Routing\Matcher\RequestMatcherInterface
Chris@0:    */
Chris@0:   protected $router;
Chris@0: 
Chris@0:   /**
Chris@0:    * The access manager.
Chris@0:    *
Chris@0:    * @var \Drupal\Core\Access\AccessManagerInterface
Chris@0:    */
Chris@0:   protected $accessManager;
Chris@0: 
Chris@0:   /**
Chris@0:    * The account to use in access checks.
Chris@0:    *
Chris@17:    * @var \Drupal\Core\Session\AccountInterface
Chris@0:    */
Chris@0:   protected $account;
Chris@0: 
Chris@0:   /**
Chris@0:    * Constructs a router for Drupal with access check and upcasting.
Chris@0:    *
Chris@0:    * @param \Symfony\Component\Routing\Matcher\RequestMatcherInterface $router
Chris@0:    *   The router doing the actual routing.
Chris@0:    * @param \Drupal\Core\Access\AccessManagerInterface $access_manager
Chris@0:    *   The access manager.
Chris@0:    * @param \Drupal\Core\Session\AccountInterface $account
Chris@0:    *   The account to use in access checks.
Chris@0:    */
Chris@0:   public function __construct(RequestMatcherInterface $router, AccessManagerInterface $access_manager, AccountInterface $account) {
Chris@0:     $this->router = $router;
Chris@0:     $this->accessManager = $access_manager;
Chris@0:     $this->account = $account;
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public function __call($name, $arguments) {
Chris@0:     // Ensure to call every other function to the router.
Chris@0:     return call_user_func_array([$this->router, $name], $arguments);
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public function setContext(SymfonyRequestContext $context) {
Chris@0:     if ($this->router instanceof RequestContextAwareInterface) {
Chris@0:       $this->router->setContext($context);
Chris@0:     }
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public function getContext() {
Chris@0:     if ($this->router instanceof RequestContextAwareInterface) {
Chris@0:       return $this->router->getContext();
Chris@0:     }
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    *
Chris@0:    * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
Chris@0:    *   Thrown when access checking failed.
Chris@0:    */
Chris@0:   public function matchRequest(Request $request) {
Chris@0:     $parameters = $this->router->matchRequest($request);
Chris@0:     $request->attributes->add($parameters);
Chris@0:     $this->checkAccess($request);
Chris@0:     // We can not return $parameters because the access check can change the
Chris@0:     // request attributes.
Chris@0:     return $request->attributes->all();
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * Apply access check service to the route and parameters in the request.
Chris@0:    *
Chris@0:    * @param \Symfony\Component\HttpFoundation\Request $request
Chris@0:    *   The request to access check.
Chris@0:    */
Chris@0:   protected function checkAccess(Request $request) {
Chris@0:     // The cacheability (if any) of this request's access check result must be
Chris@0:     // applied to the response.
Chris@0:     $access_result = $this->accessManager->checkRequest($request, $this->account, TRUE);
Chris@0:     // Allow a master request to set the access result for a subrequest: if an
Chris@0:     // access result attribute is already set, don't overwrite it.
Chris@0:     if (!$request->attributes->has(AccessAwareRouterInterface::ACCESS_RESULT)) {
Chris@0:       $request->attributes->set(AccessAwareRouterInterface::ACCESS_RESULT, $access_result);
Chris@0:     }
Chris@0:     if (!$access_result->isAllowed()) {
Chris@17:       if ($access_result instanceof CacheableDependencyInterface && $request->isMethodCacheable()) {
Chris@17:         throw new CacheableAccessDeniedHttpException($access_result, $access_result instanceof AccessResultReasonInterface ? $access_result->getReason() : NULL);
Chris@17:       }
Chris@17:       else {
Chris@17:         throw new AccessDeniedHttpException($access_result instanceof AccessResultReasonInterface ? $access_result->getReason() : NULL);
Chris@17:       }
Chris@0:     }
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public function getRouteCollection() {
Chris@0:     if ($this->router instanceof RouterInterface) {
Chris@0:       return $this->router->getRouteCollection();
Chris@0:     }
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public function generate($name, $parameters = [], $referenceType = self::ABSOLUTE_PATH) {
Chris@0:     if ($this->router instanceof UrlGeneratorInterface) {
Chris@0:       return $this->router->generate($name, $parameters, $referenceType);
Chris@0:     }
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    *
Chris@0:    * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
Chris@0:    *   Thrown when access checking failed.
Chris@0:    */
Chris@0:   public function match($pathinfo) {
Chris@0:     return $this->matchRequest(Request::create($pathinfo));
Chris@0:   }
Chris@0: 
Chris@0: }