Skip to content
Snippets Groups Projects
Commit d1389c5e authored by Tobias Gross-Vogt's avatar Tobias Gross-Vogt
Browse files

added authorization management

parent 1fa05b11
No related branches found
No related tags found
No related merge requests found
Pipeline #202969 passed
Stage: test
Show whitespace changes
Inline Side-by-side
src/Authorization/AuthorizationService.php 0 → 100644
+ 11
0
View file @ d1389c5e
<?php
declare(strict_types=1);
namespace Dbp\Relay\ProxyBundle\Authorization;
use Dbp\Relay\CoreBundle\Authorization\AbstractAuthorizationService;
class AuthorizationService extends AbstractAuthorizationService
{
}
src/DataPersister/ProxyDataPersister.php
+ 8
2
View file @ d1389c5e
...@@ -7,6 +7,7 @@ namespace Dbp\Relay\ProxyBundle\DataPersister; ...@@ -7,6 +7,7 @@ namespace Dbp\Relay\ProxyBundle\DataPersister;
use ApiPlatform\Core\DataPersister\ContextAwareDataPersisterInterface; use ApiPlatform\Core\DataPersister\ContextAwareDataPersisterInterface;
use Dbp\Relay\CoreBundle\Helpers\Tools; use Dbp\Relay\CoreBundle\Helpers\Tools;
use Dbp\Relay\CoreBundle\ProxyApi\ProxyDataEvent; use Dbp\Relay\CoreBundle\ProxyApi\ProxyDataEvent;
use Dbp\Relay\ProxyBundle\Authorization\AuthorizationService;
use Dbp\Relay\ProxyBundle\Entity\ProxyData; use Dbp\Relay\ProxyBundle\Entity\ProxyData;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\EventDispatcher\EventDispatcherInterface; use Symfony\Component\EventDispatcher\EventDispatcherInterface;
...@@ -17,9 +18,13 @@ class ProxyDataPersister extends AbstractController implements ContextAwareDataP ...@@ -17,9 +18,13 @@ class ProxyDataPersister extends AbstractController implements ContextAwareDataP
/** @var EventDispatcherInterface */ /** @var EventDispatcherInterface */
private $eventDispatcher; private $eventDispatcher;
public function __construct(EventDispatcherInterface $eventDispatcher) /** @var AuthorizationService */
private $authorizationService;
public function __construct(EventDispatcherInterface $eventDispatcher, AuthorizationService $authorizationService)
{ {
$this->eventDispatcher = $eventDispatcher; $this->eventDispatcher = $eventDispatcher;
$this->authorizationService = $authorizationService;
} }
public function supports($data, array $context = []): bool public function supports($data, array $context = []): bool
...@@ -33,7 +38,6 @@ class ProxyDataPersister extends AbstractController implements ContextAwareDataP ...@@ -33,7 +38,6 @@ class ProxyDataPersister extends AbstractController implements ContextAwareDataP
public function persist($data, array $context = []): ProxyData public function persist($data, array $context = []): ProxyData
{ {
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY'); $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
$this->denyAccessUnlessGranted('ROLE_SCOPE_API-PROXY');
if ($data instanceof ProxyData) { if ($data instanceof ProxyData) {
if (Tools::isNullOrEmpty($data->getNamespace())) { if (Tools::isNullOrEmpty($data->getNamespace())) {
...@@ -41,6 +45,8 @@ class ProxyDataPersister extends AbstractController implements ContextAwareDataP ...@@ -41,6 +45,8 @@ class ProxyDataPersister extends AbstractController implements ContextAwareDataP
} elseif (Tools::isNullOrEmpty($data->getFunctionName())) { } elseif (Tools::isNullOrEmpty($data->getFunctionName())) {
throw new BadRequestException('parameter functionName must not be null nor empty'); throw new BadRequestException('parameter functionName must not be null nor empty');
} else { } else {
$this->authorizationService->denyAccessUnlessIsGranted('CALL_FUNCTION', $data);
$proxyDataEvent = new ProxyDataEvent($data); $proxyDataEvent = new ProxyDataEvent($data);
$this->eventDispatcher->dispatch($proxyDataEvent, ProxyDataEvent::NAME.'.'.$data->getNamespace()); $this->eventDispatcher->dispatch($proxyDataEvent, ProxyDataEvent::NAME.'.'.$data->getNamespace());
......
src/DependencyInjection/Configuration.php
+ 22
0
View file @ d1389c5e
...@@ -4,15 +4,37 @@ declare(strict_types=1); ...@@ -4,15 +4,37 @@ declare(strict_types=1);
namespace Dbp\Relay\ProxyBundle\DependencyInjection; namespace Dbp\Relay\ProxyBundle\DependencyInjection;
use Dbp\Relay\CoreBundle\Authorization\UserAuthorizationChecker;
use Symfony\Component\Config\Definition\Builder\TreeBuilder; use Symfony\Component\Config\Definition\Builder\TreeBuilder;
use Symfony\Component\Config\Definition\ConfigurationInterface; use Symfony\Component\Config\Definition\ConfigurationInterface;
class Configuration implements ConfigurationInterface class Configuration implements ConfigurationInterface
{ {
public const AUTHORIZATON_NODE = 'authorization';
public const CALL_FUNCTION_RIGHT = 'CALL_FUNCTION';
public function getConfigTreeBuilder(): TreeBuilder public function getConfigTreeBuilder(): TreeBuilder
{ {
$treeBuilder = new TreeBuilder('dbp_relay_proxy'); $treeBuilder = new TreeBuilder('dbp_relay_proxy');
$treeBuilder->getRootNode()
->children()
->arrayNode(self::AUTHORIZATON_NODE)
->addDefaultsIfNotSet()
->children()
->arrayNode(UserAuthorizationChecker::RIGHTS_CONFIG_ATTRIBUTE)
->children()
->scalarNode(self::CALL_FUNCTION_RIGHT)
->info('The (boolean) expression checking whether the current user may call the requested function. Available parameters: user, subject (of type ProxyData)')
->example('user.get("CALL_PROXY_FUNCTIONS") === true || subject.getNamespace() === "public"')
->end()
->end()
->end()
->end()
->end()
->end()
;
return $treeBuilder; return $treeBuilder;
} }
} }
src/DependencyInjection/DbpRelayProxyExtension.php
+ 4
0
View file @ d1389c5e
...@@ -5,6 +5,7 @@ declare(strict_types=1); ...@@ -5,6 +5,7 @@ declare(strict_types=1);
namespace Dbp\Relay\ProxyBundle\DependencyInjection; namespace Dbp\Relay\ProxyBundle\DependencyInjection;
use Dbp\Relay\CoreBundle\Extension\ExtensionTrait; use Dbp\Relay\CoreBundle\Extension\ExtensionTrait;
use Dbp\Relay\ProxyBundle\Authorization\AuthorizationService;
use Symfony\Component\Config\FileLocator; use Symfony\Component\Config\FileLocator;
use Symfony\Component\DependencyInjection\ContainerBuilder; use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Loader\YamlFileLoader; use Symfony\Component\DependencyInjection\Loader\YamlFileLoader;
...@@ -32,5 +33,8 @@ class DbpRelayProxyExtension extends ConfigurableExtension ...@@ -32,5 +33,8 @@ class DbpRelayProxyExtension extends ConfigurableExtension
new FileLocator(__DIR__.'/../Resources/config') new FileLocator(__DIR__.'/../Resources/config')
); );
$loader->load('services.yaml'); $loader->load('services.yaml');
$definition = $container->getDefinition(AuthorizationService::class);
$definition->addMethodCall('setConfig', [$mergedConfig['authorization']]);
} }
} }
src/Entity/ProxyData.php
+ 1
1
View file @ d1389c5e
...@@ -13,7 +13,7 @@ use Symfony\Component\Serializer\Annotation\Groups; ...@@ -13,7 +13,7 @@ use Symfony\Component\Serializer\Annotation\Groups;
* @ApiResource( * @ApiResource(
* collectionOperations={ * collectionOperations={
* "post" = { * "post" = {
* "security" = "is_granted('IS_AUTHENTICATED_FULLY') and is_granted('ROLE_SCOPE_API-PROXY')", * "security" = "is_granted('IS_AUTHENTICATED_FULLY')",
* "path" = "/proxy/proxydata", * "path" = "/proxy/proxydata",
* "openapi_context" = { * "openapi_context" = {
* "tags" = {"Proxy"}, * "tags" = {"Proxy"},
......
src/Resources/config/services.yaml
+ 4
0
View file @ d1389c5e
services: services:
Dbp\Relay\ProxyBundle\Authorization\AuthorizationService:
autowire: true
autoconfigure: true
Dbp\Relay\ProxyBundle\DataProvider\: Dbp\Relay\ProxyBundle\DataProvider\:
resource: '../../DataProvider' resource: '../../DataProvider'
autowire: true autowire: true
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment