From c15b6b0153d1a82777c62041081b661e73963445 Mon Sep 17 00:00:00 2001
From: "Nek (Maxime Veber)" <nek.dev@gmail.com>
Date: Wed, 4 Oct 2017 23:19:35 +0200
Subject: [PATCH] Add authorization

---
 foo.php                              | 91 ++++++++++++++++++++++------
 src/CustomAuthenticationProvider.php |  5 ++
 src/Kernel.php                       |  5 +-
 3 files changed, 79 insertions(+), 22 deletions(-)

diff --git a/foo.php b/foo.php
index 3def053..7eff620 100644
--- a/foo.php
+++ b/foo.php
@@ -1,30 +1,51 @@
 <?php
 
 require __DIR__ . '/vendor/autoload.php';
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\EventDispatcher\EventDispatcher;
+use BiiG\SecurityTest\Kernel;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Http\FirewallMap;
+use Symfony\Component\HttpFoundation\RequestMatcher,
+    Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage,
+    BiiG\SecurityTest\CustomAuthenticationListener,
+    BiiG\SecurityTest\CustomAuthenticationProvider,
+    Symfony\Component\Security\Http\Firewall,
+    Symfony\Component\HttpKernel\KernelEvents,
+    Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter,
+    Symfony\Component\Security\Core\Role\RoleHierarchy,
+    Symfony\Component\Security\Core\Authorization\AccessDecisionManager
+    ;
+use Symfony\Component\Security\Http\AccessMap;
+use Symfony\Component\Security\Http\Firewall\AccessListener;
+
+
+
+
+$request = Request::createFromGlobals();
+$dispatcher = new EventDispatcher();
+$kernel = new Kernel($dispatcher, function() {
+    return new Response("<h1>Hello</h1>");
+});
 
 
-$request = \Symfony\Component\HttpFoundation\Request::createFromGlobals();
-$dispatcher = new \Symfony\Component\EventDispatcher\EventDispatcher();
-
 
 ///////////////////////
-/// FIREWALL
-
-$map = new \Symfony\Component\Security\Http\FirewallMap();
-
-$requestMatcher = new \Symfony\Component\HttpFoundation\RequestMatcher('^/');
+/// FIREWALL CONFIG
 
-$tokenStorage = new \Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage();
+$map = new FirewallMap();
 
+$requestMatcher = new RequestMatcher('^/');
+$tokenStorage = new TokenStorage();
 // instances of Symfony\Component\Security\Http\Firewall\ListenerInterface
+$authManager = new CustomAuthenticationProvider();
 $listeners = [
-    new \BiiG\SecurityTest\CustomAuthenticationListener(
+    new CustomAuthenticationListener(
         $tokenStorage,
-        new \BiiG\SecurityTest\CustomAuthenticationProvider(),
+        $authManager,
         'swagg'
     )
 ];
-
 // The exception listener object is too complex for this example
 /*
 $exceptionListener = new \Symfony\Component\Security\Http\Firewall\ExceptionListener($tokenStorage, $trustResolver);
@@ -33,16 +54,46 @@ $exceptionListener = new \Symfony\Component\Security\Http\Firewall\ExceptionList
 $map->add($requestMatcher, $listeners);
 
 
-$firewall = new \Symfony\Component\Security\Http\Firewall($map, $dispatcher);
-
-
+$firewall = new Firewall($map, $dispatcher);
 $dispatcher->addListener(
-    \Symfony\Component\HttpKernel\KernelEvents::REQUEST,
+    KernelEvents::REQUEST,
     array($firewall, 'onKernelRequest')
 );
 
-$kernel = new \BiiG\SecurityTest\Kernel($dispatcher, function() {
-    echo "<h1>Hello</h1>";
-});
+/////////////////////////
+/// Authorization
+
+// instances of Symfony\Component\Security\Core\Authorization\Voter\VoterInterface
+$voters = [
+    new RoleHierarchyVoter(
+        new RoleHierarchy([
+            'ROLE_SUPER_ADMIN' => [
+                'ROLE_ADMIN',
+                'ROLE_USER'
+            ]
+        ])
+    ),
+];
+$strategy = AccessDecisionManager::STRATEGY_AFFIRMATIVE;
+
+$accessDecisionManager = new AccessDecisionManager(
+    $voters,
+    $strategy
+);
+
+$accessMap = new AccessMap();
+$requestMatcher = new RequestMatcher('^/admin');
+$accessMap->add($requestMatcher, array('ROLE_ADMIN'));
+
+$accessListener = new AccessListener(
+    $tokenStorage,
+    $accessDecisionManager,
+    $accessMap,
+    $authManager
+);
+
+
+/////////////////////////
+/// Run kernel
 
-$kernel->handle($request);
+$kernel->handle($request)->send();
diff --git a/src/CustomAuthenticationProvider.php b/src/CustomAuthenticationProvider.php
index 279b5d7..ffde5d5 100644
--- a/src/CustomAuthenticationProvider.php
+++ b/src/CustomAuthenticationProvider.php
@@ -66,6 +66,11 @@ class CustomAuthenticationProvider implements AuthenticationProviderInterface
         if (!$encoder->isPasswordValid($user->getPassword(), $token->getCredentials(), $user->getSalt())) {
             throw new BadCredentialsException('The presented password is invalid.');
         }
+
+        $token->setUser($user);
+        $token->setAuthenticated(true);
+
+        return $token;
     }
 
     public function supports(TokenInterface $token)
diff --git a/src/Kernel.php b/src/Kernel.php
index 5db9a94..f160557 100644
--- a/src/Kernel.php
+++ b/src/Kernel.php
@@ -13,7 +13,6 @@ namespace BiiG\SecurityTest;
 
 use Symfony\Component\EventDispatcher\EventDispatcher;
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Event\FinishRequestEvent;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
@@ -37,8 +36,10 @@ class Kernel implements HttpKernelInterface
 
         // Some work
         $run = $this->run;
-        $run();
+        $response = $run();
 
         $this->dispatcher->dispatch(KernelEvents::FINISH_REQUEST, new FinishRequestEvent($this, $request, $type));
+
+        return $response;
     }
 }
-- 
GitLab