Add an access listener that should throw a 403 exception if the menu router's...

Add an access listener that should throw a 403 exception if the menu router's access check failed. This is totally not the right way to do this long term, but it works for our current codebase.

Add an access listener that should throw a 403 exception if the menu router's...
1c91c1fe · Larry Garfield · 3a79e753 · 1c91c1fe · 1c91c1fe
Commit 1c91c1fe authored 13 years ago by Larry Garfield
--- a/core/lib/Drupal/Core/DrupalApp.php
+++ b/core/lib/Drupal/Core/DrupalApp.php
@@ -15,6 +15,7 @@
 use Symfony\Component\HttpKernel\EventListener\RouterListener;

 use Drupal\Core\EventSubscriber\HtmlSubscriber;
+use Drupal\Core\EventSubscriber\AccessSubscriber;

 use Exception;

@@ -43,6 +44,7 @@ function execute(Request $request) {

      $matcher = $this->getMatcher($request);
      $dispatcher->addSubscriber(new RouterListener($matcher));
+      $dispatcher->addSubscriber(new AccessSubscriber());

      $resolver = new ControllerResolver();


--- a/core/lib/Drupal/Core/EventSubscriber/AccessSubscriber.php
+++ b/core/lib/Drupal/Core/EventSubscriber/AccessSubscriber.php
+<?php
+
+namespace Drupal\Core\EventSubscriber;
+
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\KernelEvents;
+use Symfony\Component\HttpKernel\Event\GetResponseEvent;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Symfony\Component\Routing\Exception\ResourceNotFoundException;
+use Symfony\Component\Routing\Exception\MethodNotAllowedException;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+
+/**
+ * @file
+ *
+ * Definition of Drupal\Core\EventSubscriber\AccessSubscriber
+ */
+
+/**
+ * Access subscriber for controller requests.
+ */
+class AccessSubscriber implements EventSubscriberInterface {
+
+  /**
+   * Verifys that the current user can access the requested path.
+   *
+   * @todo This is a total hack to keep our current access system working. It
+   * should be replaced with something robust and injected at some point.
+   *
+   * @param GetResponseEvent $event
+   *   The Event to process.
+   */
+  public function onKernelRequestAccessCheck(GetResponseEvent $event) {
+
+    $router_item = $event->getRequest()->attributes->get('drupal_menu_item');
+
+    if (!$router_item['access']) {
+      throw new AccessDeniedHttpException($message);
+    }
+  }
+
+  /**
+   * Registers the methods in this class that should be listeners.
+   *
+   * @return array
+   *   An array of event listener definitions.
+   */
+  static function getSubscribedEvents() {
+    $events[KernelEvents::REQUEST][] = array('onKernelRequestAccessCheck', 30);
+
+    return $events;
+  }
+}