vendor/symfony/security-core/Authorization/TraceableAccessDecisionManager.php line 63

  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <[email protected]>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Component\Security\Core\Authorization;
  14. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  15. use Symfony\Component\Security\Core\Authorization\Strategy\AccessDecisionStrategyInterface;
  16. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  18. /**
  19. * Decorates the original AccessDecisionManager class to log information
  20. * about the security voters and the decisions made by them.
  21. *
  22. * @author Javier Eguiluz <[email protected]>
  23. *
  24. * @internal
  25. */
  26. class TraceableAccessDecisionManager implements AccessDecisionManagerInterface
  27. {
  28. private AccessDecisionManagerInterface $manager;
  29. private ?AccessDecisionStrategyInterface $strategy = null;
  30. /** @var iterable<mixed, VoterInterface> */
  31. private iterable $voters = [];
  32. private array $decisionLog = []; // All decision logs
  33. private array $currentLog = []; // Logs being filled in
  35. public function __construct(AccessDecisionManagerInterface $manager)
  36. {
  37. $this->manager = $manager;
  39. // The strategy and voters are stored in a private properties of the decorated service
  40. if (property_exists($manager, 'strategy')) {
  41. $reflection = new \ReflectionProperty($manager::class, 'strategy');
  42. $this->strategy = $reflection->getValue($manager);
  43. }
  44. if (property_exists($manager, 'voters')) {
  45. $reflection = new \ReflectionProperty($manager::class, 'voters');
  46. $this->voters = $reflection->getValue($manager);
  47. }
  48. }
  50. public function decide(TokenInterface $token, array $attributes, mixed $object = null, bool $allowMultipleAttributes = false): bool
  51. {
  52. $currentDecisionLog = [
  53. 'attributes' => $attributes,
  54. 'object' => $object,
  55. 'voterDetails' => [],
  56. ];
  58. $this->currentLog[] = &$currentDecisionLog;
  60. $result = $this->manager->decide($token, $attributes, $object, $allowMultipleAttributes);
  62. $currentDecisionLog['result'] = $result;
  64. $this->decisionLog[] = array_pop($this->currentLog); // Using a stack since decide can be called by voters
  66. return $result;
  67. }
  69. /**
  70. * Adds voter vote and class to the voter details.
  71. *
  72. * @param array $attributes attributes used for the vote
  73. * @param int $vote vote of the voter
  74. */
  75. public function addVoterVote(VoterInterface $voter, array $attributes, int $vote): void
  76. {
  77. $currentLogIndex = \count($this->currentLog) - 1;
  78. $this->currentLog[$currentLogIndex]['voterDetails'][] = [
  79. 'voter' => $voter,
  80. 'attributes' => $attributes,
  81. 'vote' => $vote,
  82. ];
  83. }
  85. public function getStrategy(): string
  86. {
  87. if (null === $this->strategy) {
  88. return '-';
  89. }
  90. if (method_exists($this->strategy, '__toString')) {
  91. return (string) $this->strategy;
  92. }
  94. return get_debug_type($this->strategy);
  95. }
  97. /**
  98. * @return iterable<mixed, VoterInterface>
  99. */
  100. public function getVoters(): iterable
  101. {
  102. return $this->voters;
  103. }
  105. public function getDecisionLog(): array
  106. {
  107. return $this->decisionLog;
  108. }
  109. }