Add a isGranted() function to Silex\Application\SecurityTrait + unit …

…tests
silexphp · Apr 11, 2015 · 6d86c60 · 6d86c60
1 parent 0488555
commit 6d86c60
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 0 deletions.
diff --git a/src/Silex/Application/SecurityTrait.php b/src/Silex/Application/SecurityTrait.php
@@ -12,6 +12,7 @@
 namespace Silex\Application;
 
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
 use Symfony\Component\Security\Core\User\UserInterface;
 
 /**
@@ -55,4 +56,19 @@ public function encodePassword(UserInterface $user, $password)
     {
         return $this['security.encoder_factory']->getEncoder($user)->encodePassword($password, $user->getSalt());
     }
+
+    /**
+     * Checks if the attributes are granted against the current authentication token and optionally supplied object.
+     *
+     * @param mixed $attributes
+     * @param mixed $object
+     *
+     * @return bool
+     *
+     * @throws AuthenticationCredentialsNotFoundException when the token storage has no authentication token.
+     */
+    public function isGranted($attributes, $object = null)
+    {
+        return $this['security.authorization_checker']->isGranted($attributes, $object);
+    }
 }
diff --git a/tests/Silex/Tests/Application/SecurityTraitTest.php b/tests/Silex/Tests/Application/SecurityTraitTest.php
@@ -76,6 +76,42 @@ public function testEncodePassword()
         $this->assertEquals('5FZ2Z8QIkA7UTZ4BYkoC+GsReLf569mSKDsfods6LYQ8t+a8EW9oaircfMpmaLbPBh4FOBiiFyLfuZmTSUwzZg==', $app->encodePassword($user, 'foo'));
     }
 
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException
+     */
+    public function testIsGrantedWithoutTokenThrowsException()
+    {
+        $app = $this->createApplication();
+        $app->get('/', function () { return 'foo'; });
+        $app->handle(Request::create('/'));
+        $app->isGranted('ROLE_ADMIN');
+    }
+
+    public function testIsGranted()
+    {
+        $request = Request::create('/');
+
+        $app = $this->createApplication(array(
+            'fabien'  => array('ROLE_ADMIN', '5FZ2Z8QIkA7UTZ4BYkoC+GsReLf569mSKDsfods6LYQ8t+a8EW9oaircfMpmaLbPBh4FOBiiFyLfuZmTSUwzZg=='),
+            'monique' => array('ROLE_USER',  '5FZ2Z8QIkA7UTZ4BYkoC+GsReLf569mSKDsfods6LYQ8t+a8EW9oaircfMpmaLbPBh4FOBiiFyLfuZmTSUwzZg=='),
+        ));
+        $app->get('/', function () { return 'foo'; });
+
+        // User is Monique (ROLE_USER)
+        $request->headers->set('PHP_AUTH_USER', 'monique');
+        $request->headers->set('PHP_AUTH_PW', 'foo');
+        $app->handle($request);
+        $this->assertTrue($app->isGranted('ROLE_USER'));
+        $this->assertFalse($app->isGranted('ROLE_ADMIN'));
+
+        // User is Fabien (ROLE_ADMIN)
+        $request->headers->set('PHP_AUTH_USER', 'fabien');
+        $request->headers->set('PHP_AUTH_PW', 'foo');
+        $app->handle($request);
+        $this->assertFalse($app->isGranted('ROLE_USER'));
+        $this->assertTrue($app->isGranted('ROLE_ADMIN'));
+    }
+
     public function createApplication($users = array())
     {
         $app = new SecurityApplication();