35
35
use Symfony \Component \Routing \Generator \UrlGeneratorInterface ;
36
36
use Symfony \Component \Routing \RouterInterface ;
37
37
use Symfony \Component \Security \Core \Authentication \Token \Storage \TokenStorageInterface ;
38
+ use Symfony \Component \Security \Core \Authorization \AccessDecision ;
38
39
use Symfony \Component \Security \Core \Authorization \AuthorizationCheckerInterface ;
39
40
use Symfony \Component \Security \Core \Exception \AccessDeniedException ;
40
41
use Symfony \Component \Security \Core \User \UserInterface ;
@@ -202,6 +203,21 @@ protected function isGranted(mixed $attribute, mixed $subject = null): bool
202
203
return $ this ->container ->get ('security.authorization_checker ' )->isGranted ($ attribute , $ subject );
203
204
}
204
205
206
+ /**
207
+ * Checks if the attribute is granted against the current authentication token and optionally supplied subject.
208
+ */
209
+ protected function getAccessDecision (mixed $ attribute , mixed $ subject = null ): AccessDecision
210
+ {
211
+ if (!$ this ->container ->has ('security.authorization_checker ' )) {
212
+ throw new \LogicException ('The SecurityBundle is not registered in your application. Try running "composer require symfony/security-bundle". ' );
213
+ }
214
+
215
+ $ accessDecision = new AccessDecision ();
216
+ $ accessDecision ->isGranted = $ this ->container ->get ('security.authorization_checker ' )->isGranted ($ attribute , $ subject , $ accessDecision );
217
+
218
+ return $ accessDecision ;
219
+ }
220
+
205
221
/**
206
222
* Throws an exception unless the attribute is granted against the current authentication token and optionally
207
223
* supplied subject.
@@ -210,12 +226,24 @@ protected function isGranted(mixed $attribute, mixed $subject = null): bool
210
226
*/
211
227
protected function denyAccessUnlessGranted (mixed $ attribute , mixed $ subject = null , string $ message = 'Access Denied. ' ): void
212
228
{
213
- if (!$ this ->isGranted ($ attribute , $ subject )) {
214
- $ exception = $ this ->createAccessDeniedException ($ message );
215
- $ exception ->setAttributes ([$ attribute ]);
216
- $ exception ->setSubject ($ subject );
229
+ if (class_exists (AccessDecision::class)) {
230
+ $ accessDecision = $ this ->getAccessDecision ($ attribute , $ subject );
231
+ $ isGranted = $ accessDecision ->isGranted ;
232
+ } else {
233
+ $ accessDecision = null ;
234
+ $ isGranted = $ this ->isGranted ($ attribute , $ subject );
235
+ }
236
+
237
+ if (!$ isGranted ) {
238
+ $ e = $ this ->createAccessDeniedException (3 > \func_num_args () && $ accessDecision ? $ accessDecision ->getMessage () : $ message );
239
+ $ e ->setAttributes ([$ attribute ]);
240
+ $ e ->setSubject ($ subject );
241
+
242
+ if ($ accessDecision ) {
243
+ $ e ->setAccessDecision ($ accessDecision );
244
+ }
217
245
218
- throw $ exception ;
246
+ throw $ e ;
219
247
}
220
248
}
221
249
0 commit comments