Commit 1c91c1fe authored by Crell's avatar Crell
Browse files

Add an access listener that should throw a 403 exception if the menu router's...

Add an access listener that should throw a 403 exception if the menu router's access check failed.  This is totally not the right way to do this long term, but it works for our current codebase.
parent 3a79e753
......@@ -15,6 +15,7 @@
use Symfony\Component\HttpKernel\EventListener\RouterListener;
use Drupal\Core\EventSubscriber\HtmlSubscriber;
use Drupal\Core\EventSubscriber\AccessSubscriber;
use Exception;
......@@ -43,6 +44,7 @@ function execute(Request $request) {
$matcher = $this->getMatcher($request);
$dispatcher->addSubscriber(new RouterListener($matcher));
$dispatcher->addSubscriber(new AccessSubscriber());
$resolver = new ControllerResolver();
......
<?php
namespace Drupal\Core\EventSubscriber;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\Routing\Exception\ResourceNotFoundException;
use Symfony\Component\Routing\Exception\MethodNotAllowedException;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
/**
* @file
*
* Definition of Drupal\Core\EventSubscriber\AccessSubscriber
*/
/**
* Access subscriber for controller requests.
*/
class AccessSubscriber implements EventSubscriberInterface {
/**
* Verifys that the current user can access the requested path.
*
* @todo This is a total hack to keep our current access system working. It
* should be replaced with something robust and injected at some point.
*
* @param GetResponseEvent $event
* The Event to process.
*/
public function onKernelRequestAccessCheck(GetResponseEvent $event) {
$router_item = $event->getRequest()->attributes->get('drupal_menu_item');
if (!$router_item['access']) {
throw new AccessDeniedHttpException($message);
}
}
/**
* Registers the methods in this class that should be listeners.
*
* @return array
* An array of event listener definitions.
*/
static function getSubscribedEvents() {
$events[KernelEvents::REQUEST][] = array('onKernelRequestAccessCheck', 30);
return $events;
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment