foowie/ControlActionSecurer.php

## ControlActionSecurer.php
<?php

/**
 * @author Daniel Robenek
 * @license MIT
 * @since 2011
 */

/**
	Presenter:
		public function createComponent($name) {
			\Security\ControlActionSecurer::check($this, $name);
			return parent::createComponent($name);
		}

		/** @action default * /
		protected function createComponentForm($name) {
			...
		}

 */

namespace Security;

use Nette\Object;
use Nette\Security\AuthenticationException;

/**
 * Class that check if component creation is allowed in current action
 */
class ControlActionSecurer extends Object {

	/**
	 * Name of annotation
	 * @var string
	 */
	public static $annotationName = "action";

	/**
	 * Allow component creation for all actions where no annotation is present?
	 * @var bool
	 */
	public static $allowNoAnnotation = true;

	/**
	 * Chceck if is allowed to create component in this action
	 * @param \Nette\Application\Presenter $presenter
	 * @param string $name
	 * @throws AuthenticationException
	 */
	public static function check($presenter, $name) {
		$ucname = ucfirst($name);
		$method = 'createComponent' . $ucname;
		$methodReflection = $presenter->getReflection()->getMethod($method);
		if($ucname !== $name && method_exists($presenter, $method) && $methodReflection->getName() === $method) {
			$annotations = $methodReflection->getAnnotations();

			if(self::$allowNoAnnotation && !isset($annotations[self::$annotationName]))
				return;

			$annotations = $annotations[self::$annotationName];

			$action = $presenter->getAction();
			if(!in_array($action, $annotations))
				throw new AuthenticationException("Component creation '$name' in action '$action' is forbidden !");
		}
	}

}
	<?php

	/**
	* @author Daniel Robenek
	* @license MIT
	* @since 2011
	*/

	/**
	Presenter:
	public function createComponent($name) {
	\Security\ControlActionSecurer::check($this, $name);
	return parent::createComponent($name);
	}

	/** @action default * /
	protected function createComponentForm($name) {
	...
	}

	*/

	namespace Security;

	use Nette\Object;
	use Nette\Security\AuthenticationException;

	/**
	* Class that check if component creation is allowed in current action
	*/
	class ControlActionSecurer extends Object {

	/**
	* Name of annotation
	* @var string
	*/
	public static $annotationName = "action";

	/**
	* Allow component creation for all actions where no annotation is present?
	* @var bool
	*/
	public static $allowNoAnnotation = true;

	/**
	* Chceck if is allowed to create component in this action
	* @param \Nette\Application\Presenter $presenter
	* @param string $name
	* @throws AuthenticationException
	*/
	public static function check($presenter, $name) {
	$ucname = ucfirst($name);
	$method = 'createComponent' . $ucname;
	$methodReflection = $presenter->getReflection()->getMethod($method);
	if($ucname !== $name && method_exists($presenter, $method) && $methodReflection->getName() === $method) {
	$annotations = $methodReflection->getAnnotations();

	if(self::$allowNoAnnotation && !isset($annotations[self::$annotationName]))
	return;

	$annotations = $annotations[self::$annotationName];

	$action = $presenter->getAction();
	if(!in_array($action, $annotations))
	throw new AuthenticationException("Component creation '$name' in action '$action' is forbidden !");
	}
	}

	}
No results found