| <?php |
| <?php |
| /* |
| /* |
| * This file is part of EC-CUBE |
| * This file is part of EC-CUBE |
| * |
| * |
| * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
| * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
| * |
| * |
| * http://www.lockon.co.jp/ |
| * http://www.lockon.co.jp/ |
| * |
| * |
| * This program is free software; you can redistribute it and/or |
| * This program is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU General Public License |
| * modify it under the terms of the GNU General Public License |
| * as published by the Free Software Foundation; either version 2 |
| * as published by the Free Software Foundation; either version 2 |
| * of the License, or (at your option) any later version. |
| * of the License, or (at your option) any later version. |
| * |
| * |
| * This program is distributed in the hope that it will be useful, |
| * This program is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| * GNU General Public License for more details. |
| * GNU General Public License for more details. |
| * |
| * |
| * You should have received a copy of the GNU General Public License |
| * You should have received a copy of the GNU General Public License |
| * along with this program; if not, write to the Free Software |
| * along with this program; if not, write to the Free Software |
| * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| */ |
| */ |
| |
| |
| |
| |
| namespace Eccube\Security\Voter; |
| namespace Eccube\Security\Voter; |
| |
| |
| use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface; |
| use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface; |
| use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; |
| use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; |
| use Eccube\Application; |
| use Eccube\Application; |
| |
| |
| class AuthorityVoter implements VoterInterface |
| class AuthorityVoter implements VoterInterface |
| { |
| { |
| |
| |
| public $app; |
| public $app; |
| |
| |
| public function __construct(Application $app) |
| public function __construct(Application $app) |
| { |
| { |
| $this->app = $app; |
| $this->app = $app; |
| } |
| } |
| |
| |
| public function supportsAttribute($attribute) |
| public function supportsAttribute($attribute) |
| { |
| { |
| return true; |
| return true; |
| } |
| } |
| |
| |
| public function supportsClass($class) |
| public function supportsClass($class) |
| { |
| { |
| return true; |
| return true; |
| } |
| } |
| |
| |
| public function vote(TokenInterface $token, $object, array $attributes) |
| public function vote(TokenInterface $token, $object, array $attributes) |
| { |
| { |
| |
| |
| $request = null; |
| $request = null; |
| try { |
| try { |
| $request = $this->app['request']; |
| $request = $this->app['request']; |
| } catch (\RuntimeException $e) { |
| } catch (\RuntimeException $e) { |
| // requestが取得できない場合、無視する(テストプログラムで不要なため) |
| // requestが取得できない場合、無視する(テストプログラムで不要なため) |
| return; |
| return; |
| } |
| } |
| |
| |
| . | $path = $request->getPathInfo(); |
| $path = rawurldecode($request->getPathInfo()); |
| |
| |
| $Member = $this->app->user(); |
| $Member = $this->app->user(); |
| |
| |
| if ($Member instanceof \Eccube\Entity\Member) { |
| if ($Member instanceof \Eccube\Entity\Member) { |
| // 管理者のロールをチェック |
| // 管理者のロールをチェック |
| $AuthorityRoles = $this->app['eccube.repository.authority_role']->findBy(array('Authority' => $Member->getAuthority())); |
| $AuthorityRoles = $this->app['eccube.repository.authority_role']->findBy(array('Authority' => $Member->getAuthority())); |
| foreach ($AuthorityRoles as $AuthorityRole) { |
| foreach ($AuthorityRoles as $AuthorityRole) { |
| // 許可しないURLが含まれていればアクセス拒否 |
| // 許可しないURLが含まれていればアクセス拒否 |
| try { |
| try { |
| // 正規表現でURLチェック |
| // 正規表現でURLチェック |
| $denyUrl = str_replace('/', '\/', $AuthorityRole->getDenyUrl()); |
| $denyUrl = str_replace('/', '\/', $AuthorityRole->getDenyUrl()); |
| if (preg_match("/^(\/{$this->app['config']['admin_route']}$denyUrl)/i", $path)) { |
| if (preg_match("/^(\/{$this->app['config']['admin_route']}$denyUrl)/i", $path)) { |
| return VoterInterface::ACCESS_DENIED; |
| return VoterInterface::ACCESS_DENIED; |
| } |
| } |
| } catch (\Exception $e) { |
| } catch (\Exception $e) { |
| // 拒否URLの指定に誤りがある場合、エスケープさせてチェック |
| // 拒否URLの指定に誤りがある場合、エスケープさせてチェック |
| $denyUrl = preg_quote($AuthorityRole->getDenyUrl(), '/'); |
| $denyUrl = preg_quote($AuthorityRole->getDenyUrl(), '/'); |
| if (preg_match("/^(\/{$this->app['config']['admin_route']}$denyUrl)/i", $path)) { |
| if (preg_match("/^(\/{$this->app['config']['admin_route']}$denyUrl)/i", $path)) { |
| return VoterInterface::ACCESS_DENIED; |
| return VoterInterface::ACCESS_DENIED; |
| } |
| } |
| } |
| } |
| } |
| } |
| } |
| } |
| |
| |
| return VoterInterface::ACCESS_GRANTED; |
| return VoterInterface::ACCESS_GRANTED; |
| } |
| } |
| } |
| } |