Removed InternalEvent, simplified SecurityContext
This commit is contained in:
franck
@@ -40,52 +40,6 @@ class BaseAction
|
||||
$this->container = $container;
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate a BaseForm
|
||||
*
|
||||
* @param BaseForm $aBaseForm the form
|
||||
* @param string $expectedMethod the expected method, POST or GET, or null for any of them
|
||||
* @throws FormValidationException is the form contains error, or the method is not the right one
|
||||
* @return \Symfony\Component\Form\Form Form the symfony form object
|
||||
*/
|
||||
protected function validateForm(BaseForm $aBaseForm, $expectedMethod = null)
|
||||
{
|
||||
$form = $aBaseForm->getForm();
|
||||
|
||||
if ($expectedMethod == null || $aBaseForm->getRequest()->isMethod($expectedMethod)) {
|
||||
|
||||
$form->bind($aBaseForm->getRequest());
|
||||
|
||||
if ($form->isValid()) {
|
||||
return $form;
|
||||
} else {
|
||||
throw new FormValidationException("Missing or invalid data");
|
||||
}
|
||||
} else {
|
||||
throw new FormValidationException(sprintf("Wrong form method, %s expected.", $expectedMethod));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Propagate a form error in the action event
|
||||
*
|
||||
* @param BaseForm $aBaseForm the form
|
||||
* @param string $error_message an error message that may be displayed to the customer
|
||||
* @param ActionEvent $event the action event
|
||||
*/
|
||||
protected function propagateFormError(BaseForm $aBaseForm, $error_message, ActionEvent $event)
|
||||
{
|
||||
// The form has an error
|
||||
$aBaseForm->setError(true);
|
||||
$aBaseForm->setErrorMessage($error_message);
|
||||
|
||||
// Store the form in the parser context
|
||||
$event->setErrorForm($aBaseForm);
|
||||
|
||||
// Stop event propagation
|
||||
$event->stopPropagation();
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the event dispatcher,
|
||||
*
|
||||
@@ -96,4 +50,33 @@ class BaseAction
|
||||
return $this->container->get('event_dispatcher');
|
||||
}
|
||||
|
||||
}
|
||||
/**
|
||||
* Check current user authorisations.
|
||||
*
|
||||
* @param mixed $roles a single role or an array of roles.
|
||||
* @param mixed $permissions a single permission or an array of permissions.
|
||||
*
|
||||
* @throws AuthenticationException if permissions are not granted to the current user.
|
||||
*/
|
||||
protected function checkAuth($roles, $permissions) {
|
||||
|
||||
if (! $this->getSecurityContext()->isGranted(
|
||||
is_array($roles) ? $roles : array($roles),
|
||||
is_array($permissions) ? $permissions : array($permissions)) ) {
|
||||
|
||||
Tlog::getInstance()->addAlert("Authorization roles:", $roles, " permissions:", $permissions, " refused.");
|
||||
|
||||
throw new AuthorizationException("Sorry, you're not allowed to perform this action");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the security context
|
||||
*
|
||||
* @return Thelia\Core\Security\SecurityContext
|
||||
*/
|
||||
protected function getSecurityContext()
|
||||
{
|
||||
return $this->container->get('thelia.securityContext');
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user